Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 13:33
General
-
Target
JaffaCakes118_7be9b635f6194f41d65a0555d7edf245aaadefd2e2c1e2836c5d9dda38076dae.exe
-
Size
1.3MB
-
MD5
989899a64564d8b9a6e6a3aba92cd0a9
-
SHA1
87151e50848a8fc1a863c06f65bcfc86c05eb210
-
SHA256
7be9b635f6194f41d65a0555d7edf245aaadefd2e2c1e2836c5d9dda38076dae
-
SHA512
bf61e50ff02946ad52f96bbed6c0610cc354cb045fe8a07911c86d06ba5ddb4f828ee3ac122a8df2e00c97cc99f3d1836bb67a66455c9dbafa420190da838161
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 10 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7be9b635f6194f41d65a0555d7edf245aaadefd2e2c1e2836c5d9dda38076dae.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7be9b635f6194f41d65a0555d7edf245aaadefd2e2c1e2836c5d9dda38076dae.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\DigitalLocker\en-US\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Office\Office14\1033\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Google\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Branding\ShellBrd\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2HSHvWBDJL.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\SQTB2Yz9K3.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\23CLvB8Ots.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nokcDIWAC5.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\qX4ufk0Q6M.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ISA3vp411k.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TA6UjH3MJQ.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4vYRXbn8bW.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\MsMShxucCb.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\rfuxuqwfwI.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\GsZYO5BIqk.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe"26⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 10 /tr "'C:\Windows\DigitalLocker\en-US\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\DigitalLocker\en-US\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 11 /tr "'C:\Windows\DigitalLocker\en-US\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office\Office14\1033\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office\Office14\1033\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 10 /tr "'C:\Program Files\Microsoft Office\Office14\1033\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Program Files\Google\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Google\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Program Files\Google\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 10 /tr "'C:\Windows\Branding\ShellBrd\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Windows\Branding\ShellBrd\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 12 /tr "'C:\Windows\Branding\ShellBrd\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Microsoft.NET\RedistList\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 6 /tr "'C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\Windows\TAPI\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Windows\TAPI\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\Windows\TAPI\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD55f45338a2ce739cb5480bf29f1023654
SHA1f5d13df1553ac2524d8b6096a92abf26c1f207c9
SHA2566b6501ab623ae79031dacadfea322fd5ba580a280e35ce10f8434f83897cd85f
SHA51289622122819ef09e305ac0c81684db137b1e620ca11d08240a2d59768212532bcd46894fa4137c46c16760e33f75ff0652be3642587e31916734a4816dab33dd
-
Filesize
342B
MD5c43e40a5131e66514ff42ed05150bb90
SHA1202b2bb4215f20437790e97a9964b09e9706a63a
SHA256544a0c1bd5009fb2fd930288380c85594b4f158a0fec362529370d10f9da2b3d
SHA5121e50918902d355567fa7f8d3dae47db709063b8975ca9a48ed9f77e04cef204313af9f383910877a5f919ff440c8aa8fcde8924c881ff9829fa004f1b72ccb23
-
Filesize
342B
MD5f6e6211e796912364834f7941f34db3c
SHA15aac7710c2bb594457e7f105145e7a5885ced178
SHA256bf8327ced6f8759364bfa97f19ec14ab5b6d3f819654285e741b350676f7ac18
SHA512a0ea398b0d42959ff467d027a6423b6df8c7b71c14b224d67c146b6117a9476d04358e0865e13ca96c2e1a48f978edd38607fba25a6cb12665e010e35e4dc0d5
-
Filesize
342B
MD5ff5136c4cae3c1b46dc539b78a4bae37
SHA1fd976a6c381fdbca11d6855ec309301f7d37f1ed
SHA256f40aada0ef3f25527845b72bb032bcdc95cedc92e0654485e64e0fef94b0e77a
SHA51225b7e67abd0678a7125b17250c81ab37c81dfec6af2d81979c093651e054e773cbca78abcaf2ef9e0e47597c8d04cc91ce63458161a086576b91eee6aadce4a1
-
Filesize
342B
MD5feae105891b037b847757a9a0a65d3bd
SHA1461ccb1c321524173a55878dda3b51fe25fa8e7a
SHA256e3a4ba62cbd3797c68b38353ea7c56127af44606ebb14e74f928fb77ce6b07a0
SHA5123dd418d1d4a9f1ffeffa1bc0e22203cb851ed7d2cf0159636fcb87c81b637ea339ecfff06b6133f4f22f72112f6449258041626d30b9d873b3da4d9c0c9383de
-
Filesize
342B
MD5b7ac89a88a3cc9d6d8bd5436d8f3d288
SHA1c667f22f5dd3058a937d6c68f33de0ad47ad4048
SHA2569e39708b3126148555b65a80b5e409a182acea34fb898e50b009f77e7702dd9a
SHA512c2904bcac0dea9c048399feb62a1c519b66baeac17d4148c908a417df4521c81909448c6c9110e01d3931ebd8d03fc6a4731f57e32979c374e7fa5cdfbd9f45b
-
Filesize
342B
MD59bfb27c44f8d4127988ed0c198bf8275
SHA1ffc9ff645ef07039a5d1e85735f361fa8fd34a36
SHA256f0a9bc433e095b0b86ff403520a9e98566a7dbaa352af9bbd1d90d8f7be0083d
SHA51282c8d08eab952550bbd7cf3c8ee1e64b90e97cb034172711254be1b7637b52dce074d13f34b106a7d1d86703d9873a29685ac3667d4f22928cd58ac5f1ba08de
-
Filesize
342B
MD55dab28afe45722a0deffdc81a9a814be
SHA1a8ff33a53cacfe6ce413eee1bc0b3c68c6e35829
SHA25675ddc9aff9a5be7542885ce1c2b4062f7fc569b129134a9bb694e5dbbd2597ca
SHA5127345e7c91ad1a5016c6fac8bc3737c14aad423b81a137f2954071d0da230a50fda4542fd84b1329d0840447b0d8511ec423e847294d364c5624b26f5443c2610
-
Filesize
342B
MD5e19ad63a380febaebbcfe0a90d4e4911
SHA1d5991cd6c0fbc2a824619ab693b16f695ee9020b
SHA256ca2c7f72db386386ce976fd95ffb8a937c9c4f23118fb38e94e253a30363b5c6
SHA512b33eb09d8ae687e6b161ce5d43eac7f4874c995af78ed31c1b8cb80bd9f2086bc5b1e483757edec610b51cf507132d4ec9dbbd203cbdad346d001ad02fe9ef4e
-
Filesize
224B
MD54e6ffa410d79cea703132d9334c68f42
SHA10b9d6c2ce88d807872cdc2269b96b4ca9bc6aebb
SHA25609937a59dda9d4d6a6af2e37eab0081a6d681b465114f438f5ff79511308a5db
SHA51229beb1667f91df1eadd03fc46f0ec549aff155287311aed0ac52fad37b10557d94cd5d6e7e3aef4101bfbc8d2b4c52700009cd6955f7d5c01a5ea22294d15b48
-
Filesize
224B
MD51a80f627d77f9d08c1b103d7fe21cdcf
SHA1a68ea0109343d044e13020b15deaae75788ba1c5
SHA2566ba2edd7e5d72c27e77926c3920bd2a5869d5d03edd7389c60a55d18c7eb752a
SHA51299007144d517fa4bcdf416d59c479155b63ce81a3ece11bc294cf43b66e9c194063f412d960f0f0211c64021447fb94bd6ad3c6cb92ad33adb3b12a14e40e45b
-
Filesize
224B
MD5ef6a57e653fbc4f30de70208cedc12dc
SHA128c6c753aff93f192e4b1af23a677daee5febf23
SHA256a1e4de197c6c4fa0fe2ec936b4aa1793b82c18891818f308e8288bbf9cd3ec51
SHA51280f8a80f95041ddf5b37d39bae1d26fdf4aad72492f1b5003df17a6729b71fe15f6e5212cee5003fe683f7d6661c8f60b05619cc7b1ec5c4364dc221a39b4083
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
224B
MD55d18df6b9106b2bab256cb31aaa404b1
SHA159838f63d629df04a12dac377f590ed3e5e2dffa
SHA256c265ec60b0e905c9f2d29a88c969b4e30625981c7ee97e6c165077266b87b0d6
SHA51252eae3b46a0e5461e467161fbd7e27b9bb68dd549ab9a694c2e39d772453d124a53a8c78c38f7d37e5fec2e1c03beb6a99848958935e005a9d17087c4c84e598
-
Filesize
224B
MD581acc9156fbc5476082d4479b11dd6d8
SHA1b742d691cd8ae4859e4125bb6ac83da9a8036d88
SHA256234c348c9026943ec0a9cb061448be1ccdb06f13340094566de014c57ab821c6
SHA5123f4184d18ffeb5d91d10e560a70fdca1bce3fcfc622848dd1d1e7bb24cc38f650e0e040541a37081f8bd78b632b194225550d52f3e5e09cb936943fd1768aa8f
-
Filesize
224B
MD5dec9fa6667509defa4a8650ce4f618e3
SHA1c6239b1bf9f6a70fcf6bd05f4e5d34670cf9e7ea
SHA256c353c8ef4d28c7cdf76194c793ecd616fd889c766050774e39960f8d179562f2
SHA51264a4d38effff30acfc18e1c30d2efae5a71c6fb8a5607a6aab329636f81ad2fb577211e7bc1e60f916bc9e68c746091c48252885588cf6f10bce7d103adf9f81
-
Filesize
224B
MD54a6617cc058e574bf93e53cc1574e933
SHA1af9f6dfb4f3896e8244c67e0fa9c7bf8b8d1d5fe
SHA2565a96e2e3ead47127e84f785efe3e98ca86d93b864072b1aa1c81c6e756548133
SHA5129fb84bba88fcfebfa00feb85b9acfbf075e1e557204ce96856ee42d50e60a4c39a1b1b89fffb3f464903b3f6f65dfa9fd7c6d878d6b5aecf57af58894b5839c5
-
Filesize
224B
MD5943b0b6d484cc20cd5e8cbb5ce4f4d96
SHA1aeafab32872dfe7699ca8b82394dc9f9962a146c
SHA2565d993240b71b1442248e503ad2a1383745dd11193147f0b6696c62eaba655acc
SHA5123443b272b281d6ac8f57181230c36dc06270105481526467116973f233327ae61375ac14c80441684a730d5fa4c8c5172fc3ad3319b7d6c9b2e443c0d153fa52
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
224B
MD5620b4e175da7c6b9bc5b351f8a098f62
SHA108c91ee488933d19b4ce8b09953b848d294499fb
SHA256b99af006c76fec50c9bd3dfba842149ec2c3b89cbaf8dee5ad59695e67707089
SHA512f530de73ea9cc14f7bfe6cc2f08c72e35140f0f28677651f24335892ab51fb90c483130c2497482edbe868b9f21af77697c30c0e5acf707397d78a0921bf7601
-
Filesize
224B
MD52bf02d8bf822e48d72803f9ca1270e8f
SHA15698daf53b56adc171d17b2090c1b82177d0cfe3
SHA256048c51353361004fc7d7b217b5868430acdd565fd73a46f9a0eec2082f265b5b
SHA512a31aaaf60f22d3f846f9e0ae03416612923d5bd94a720e27364a4236f013b20b3f08d04616d93ece4b305eaf54ba2bc47a97ae90566f0dc147f08f1b4b8d0309
-
Filesize
224B
MD51f0aff51c10363db1a6226a58a147fed
SHA147d61b742e00caa0004c37860ffa2a63a575bc66
SHA2567c87d3810427f231aa06c0b5f5fe25ad71d2ff768c37335aa7d79851a676e857
SHA512dcbf08037864b6ce74ff93f4802dff3d30738196e70fb8465ea75306e1f139043db37da51484f6329bb87120719bc1c0408492a19278a426f56819d052007954
-
Filesize
7KB
MD5b67ac095fd68eb6365a179294d0368bb
SHA11d08a76920f85f93e12ed6076d00b2533ccd7271
SHA2569005fa79a02bf218442c4eb84fa953b378daea91c6e98ff8d7ad44ce5fb481b1
SHA5121592ad8da2d7c1f3f26cdfb91f558941a2894db5d189aa3ba898d4449cb6667f36e6f9c798918e9383f02bd9848370f52ca9d7968bd8fcec5add88c163545aba
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB