Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
22-12-2024 12:37
General
-
Target
JaffaCakes118_7272acf6080847554711fbb7a660b2c4eecbc11304c8f24f91aa608de566ffce.exe
-
Size
1.3MB
-
MD5
78a71150c4a27f8975b3c23efed14a0c
-
SHA1
269e60481f294dc227c019509a4f496c27fabceb
-
SHA256
7272acf6080847554711fbb7a660b2c4eecbc11304c8f24f91aa608de566ffce
-
SHA512
5bb9958a2219419ca34f2725c9182d9dffb4697976cf2d8c9dc94c8b0393d880be0f49c6aa6d2a1ef3da2f2e1cb151e99087eb6187dad2ff004bbeb2a65f30c8
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 27 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 7 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 27 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7272acf6080847554711fbb7a660b2c4eecbc11304c8f24f91aa608de566ffce.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7272acf6080847554711fbb7a660b2c4eecbc11304c8f24f91aa608de566ffce.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Sidebar\es-ES\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Portable Devices\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Photo Viewer\de-DE\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Templates\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\K7WR1b9VJT.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\FIx4sKIZfl.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ATZuYpZxcK.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\qqpXlQnQd1.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\eNTIt1NKYH.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UWQnaEvoMY.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UPAAmIRCFx.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LnIbptgF5R.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\5Yw7RONjUI.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\GKRF07RVHS.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\jBrSCX6wbi.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Sidebar\es-ES\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Sidebar\es-ES\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Sidebar\es-ES\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows Portable Devices\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Portable Devices\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Portable Devices\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\providercommon\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Photo Viewer\de-DE\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Photo Viewer\de-DE\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Windows Photo Viewer\de-DE\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 12 /tr "'C:\Users\All Users\Templates\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Users\All Users\Templates\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 11 /tr "'C:\Users\All Users\Templates\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Users\Default User\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\DllCommonsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvc" /sc ONLOGON /tr "'C:\Users\Default User\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "DllCommonsvcD" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\DllCommonsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD57e171839790bef0122848e3e2f4abe1a
SHA14e65b2fab0e8e66b6440452f8f2a920272167837
SHA256eadd922964fa504c7ec015a7161ec2ec0b46840a31938ff695622ece27122d68
SHA512367c3a85af74ece06b7c7e770e22b612f88f21a49f761fc1210d2e36e59ac14e05aeb72b7537bc6d0b3a0d440d2bb69eb02655dd1745d86dfb24e38e3909d3f6
-
Filesize
342B
MD5762050acb73207081a1fc94c6ecf1498
SHA19ad21394ea4a5fb5da4fd368ff8ab0926658acab
SHA256de2253908fdcfe93dcdd3cf86d8b8321a34137f2cc337eac98b4367d16ed0dc1
SHA512a908dd2520f859e1b22d87958bf022bfd49b865e3c9941aff88fe6493a08cdca6a8f3af2888332c364b44c98a8e328084837ab4f886871f20d25fab3f3c019aa
-
Filesize
342B
MD5ae825c6f98c7954a0ee55b87c18cf380
SHA143de1c7672219593ea90b3469e15371e4357f126
SHA2569be47ee2337733050f0767b979de96afbf8c334e6ab4d9b68c2d7bb99b2dcea6
SHA5128686fa8053f09248e4259539887945da3357a3b379be126b98c37d6e68aa66332b5556781b9e661248c09aa702272cb7d140896668c89bd9d2b343611deab309
-
Filesize
342B
MD5a940191f19b89bbd8512fc3ea006d7c3
SHA194036f8eea9679fdc309a5f9c71c6f9809a855a9
SHA256f06e862f6aeaa8db6e86ba621725faafcd0d234b7546d09c86ac76b4f8df68cc
SHA512cd85b9304dab060459a58a03fd6c21595355e0799aa6778e02119d3674eb272d36a68c86b3ab4d145612bd82be3510405998cd8c9321c7a9e36b0a10c25e27f0
-
Filesize
342B
MD5a3900e7992477e3b7eab4e0e38bbf597
SHA1a919c017576451ea93ff4bae0fcafeb874cbbb47
SHA256550eb3b22bf98b5a65e697eb41cd46a70b5c4d12eb6933cae7962ec76e92dc97
SHA5127d9e50454d6a41d7461411409f8ed6acbaa9ebeb4e07895b981fd8327204c59655efa6be0a260f879067c48a9fee83998ec13b737b7e89e14ee06cc9bcb1fb51
-
Filesize
342B
MD5cb7e5ea94dc933e2d9c4d13385d5408b
SHA12e5f762081eca2f198a68a942fadf5344a341e2f
SHA256f419f8de11b8f24875eb3307675674058db17151b73982d82af014ab2fe893ad
SHA5129365761b21930707d56e7171c4afc975bd86910b53e6338ee0ae6c0579374889604cf304362d69f2dad002bb5b5f80b3d3707c8be53dbf48c6e18f11f61a7a15
-
Filesize
342B
MD5c003ff09367714226359050e26d5cfc0
SHA18675cc63a7765f611005dcdedbbd1b5003c7f4da
SHA2567118709963a88e48753ad8e3cf953b7238167e5e3a990eb1a15b8a4fe81486b9
SHA51203d93427e7b7da1c74c9dbff088818fafd80ba2f7b2647ad7bdf48e3a159e7ddeb865df6e6b7858cbb34747a31c98d2d64583bf582028254ffebc78fb35d594c
-
Filesize
342B
MD53d733a3b30d76210918dabad860c2bf6
SHA1454461d8ac6b25f0d4f82b312b35e94be15e3735
SHA2568d6323369a1f104b0ab05315fde380b05d6e69325eb285b816e68bb25881a32a
SHA512e18d6b6148e843e4ee18cce12c58635914ae9c70d0b0370bc31c845b993a301bf7c64734b9733d74a66faf11a73f2923d854211f3ab055aa03339c19919d4079
-
Filesize
342B
MD5ad356f593aa53ba41cdfb383dc46f5f8
SHA16dfd79d9f988d752f108cd410de475a7bda30aad
SHA25627f54b8d70ab6120f44ed47a93a038175fbc00db70564ad35a60418bf6d1b81f
SHA51265271fc0b6a61cca28de072ca02054ebb76aebb9dc091a5e97d08ccc5bc1143df00e3ef89390785f77c8584a02b28dba5559a07e58fe6ad5dcb1a51e356bff64
-
Filesize
227B
MD5a13a8513d6a701f66ae7529a73b0e4bb
SHA1d1ec3b760251fa669e54e517d16a1d8acefda557
SHA256ec6cfe484d4403c053d332223c89a8f22e0d773f47431c5d8583796d16d2a6e0
SHA5121eb6acf9bdf09ba637c55adb9cd3ee14084a4572a8ed22ebf7d6d9a4d3fd22d6ff959670c564bafa20a73554f665379e482ed45f640a926ef4c5803ce2350075
-
Filesize
227B
MD5b8f7c97849a389e55cec35bbc5459d18
SHA101619ef103f038d118ddcf91b5d612846723c1b9
SHA2561df9a5aca17ab87f9c67a2e0fdb90b4e341843fb88b6128d84a12602c4bc3ffa
SHA51227638fab992b273f9d0af6a55fc374e5aa5805592840cb86f58b46c0f70b1988330fe0e889294c6863247389f7257727d71c771bacb02f4e6b745f405fd3d99f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
227B
MD5d478754f740a5078239a75b3630dcbd2
SHA12dc1d85095cd883edb70ab2dd4a5184333d9bee9
SHA256390905f1eb30c8ddb79352f2d9a8d950056e0c2b27b9037bcd20d32f27ab4d54
SHA5124e027d076892189e8e711e5c84a426b8399073e4d8594b632775a9ead31eca5f4ff7457ff53dcc3964b260ab8956fe7724e946b8ace02a33ebdaf5b47e41e20b
-
Filesize
227B
MD5f7f8c59436d2a2e47b0cb9114d114697
SHA12fa8c6c4bb69f0b09ba09a27c220ac41764c9188
SHA256939142bdf2173d0605508d94d4968f73e6b4f2a07b64639cdb233bdb4b236a6c
SHA512fad36db958c843242a53b8551e10a72a1c6133a6904eea350f0b692341e1ef963ca327cb4f53bb4bc09024bbeec0df17b347da8db182651f9da56396c2969378
-
Filesize
227B
MD5211db9b0b7ea3fd13d8923e834405248
SHA1b4726b74b1be7d34d8676c2a9e9754fc380beb70
SHA256643eb15a4a64f0271f4280bd9cd5d18c0d63449536f6f4a541a1dbfff8a33f70
SHA512b0dee416d8524cbcefa683b65788a45097265b2903925f341ce233299466f30c03fc2d0f7c22c2fadccf0a8785f271836f26482f52b52eeb6edc0138b59e7476
-
Filesize
227B
MD54d4a23a2513c90ad7767b5a8ecfad5da
SHA15ce89581f3e063a5c3c3f7c9b34d5a5b3439c123
SHA2567bf8993da026fa91cbf30131d3adf87bc1640db4b157110bf352d4a0f2159b03
SHA512d2e58d05c645813452f7c89b990152e3efbac66ab42f094ae6338d4b9289b193d79bd478b019dc8ec4ed97e0e2d3aecc5a882a817d2a052eb2e11d4c947f47ab
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
227B
MD5c867e161b8068a936f08d2fcff71c8cb
SHA16897a2a034b4f5d3565f6fa07a65e052b8e8e4ed
SHA2561d148732a566ab907f381919fd3b181b9eecabef121c1a6df6e21d1ad0da9032
SHA512fc251061916c4b922d482b6765befc607562ef9a71234108cfd97b8e471496e9ef60d4e18c45e0cc9257549c5d0b9e57cd6660cc5d491673ab9dce598861033c
-
Filesize
227B
MD5ef57dbffc9207d450e5e506687c195b9
SHA114f00925480a8e4912ffaa716ee75b2fda787137
SHA256a2e9b60fa36c286514dcb44c860aec65958d10de0804e22382fdce4c6e9bfeb0
SHA512621c6c9fe2e5fa1d903672d1a3083ce9c0985d3a7126de4ac2643b2fb6b586e7474e37a62fb9e45c14849c1dd46a088c7e4014a4cbf142acb0f325c415c72ea5
-
Filesize
227B
MD525ae3d2f3de2d588b3d334af1207603e
SHA1cda7deab165b6c4f195bdefc5a4342d6568fbd47
SHA25699e2d2a59ca2d00c67d1f86e4f36bf12e22e8cc893eb4652f9f6f05cc3722e6f
SHA51243d7f5c5a6c88b87011f86eeefc080d762eb39b3c0f7bfa4da027ad96ad16859edc28ed03f0f3a03e92fb6df6031ceacfe53d2a3941869cd2c3f8142d83f6b98
-
Filesize
227B
MD5187bd9aea6673018e61ca5f6740c4b8d
SHA1a814dd5ba93ea39ff2e11ef4be6a421ee26200cb
SHA256e68bed9d5c84a807118f4c336105dd0fa91e57673df2269086bf255f331affde
SHA5123780daeaf6b573771623f542f38907c9312a22424f2d9463b38baaa25002f89dff0660f334758b2776f159000dd8a43eca7cdee982663cbaa68742e4d02aaf7f
-
Filesize
227B
MD5e67c3c1947b25da3dbbfb27649a4a1ca
SHA10e163d1fa01b7c94c4123f1b1d8ae9c1667a1e08
SHA256897d864e7c00db203b8cbb23116b508faae031a03a5b10070cf2ea0ab7746ec9
SHA5124435f3d6e033b76e11af97b2fa95e1b606d5c0095ea4d9001591df6a49e06219177afa5bc0da787c26010ebd702df89d50c558e0ef012c5d27ca18f6c185c826
-
Filesize
7KB
MD5e0c79b06d6068897ab34669ab81440fe
SHA1a342edacca12ef46f8ec4ac9cdea31c2c51374e5
SHA256e256019f9291aa47e0952899c341a896e1d9fe4a660b3ea24d8cb33cc302bf28
SHA51250e4872c0e28d48b5c4a7ba646cf686f62167d407b75b803d1d3262901e8472256cd34181a197753a3e3f859f74a8ee389230d61def137e7f42925c5006d776c
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB