Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-12-2024 20:54
General
-
Target
JaffaCakes118_951380a32786bfa1415fa4c01c24d9c0f130a9f248ed9d0e03cfd95cdb453c42.exe
-
Size
1.3MB
-
MD5
431ee704cf04cd1fbf267f4d835e47fe
-
SHA1
cbaf204ae8426f3cf935b5509a33d9c01bc1f0c9
-
SHA256
951380a32786bfa1415fa4c01c24d9c0f130a9f248ed9d0e03cfd95cdb453c42
-
SHA512
b472bd1ace9cc7e47f8979a93d7dac7ee512ee3885454b8854828ed6cb348bc5e5c7fcc34df0aab13ca0101a8ca26ab20af0ad3de433b47ec40d49c067e12f31
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 12 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 5 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 12 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_951380a32786bfa1415fa4c01c24d9c0f130a9f248ed9d0e03cfd95cdb453c42.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_951380a32786bfa1415fa4c01c24d9c0f130a9f248ed9d0e03cfd95cdb453c42.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Media Player\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Web\Wallpaper\Architecture\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\X8VSEkwS9E.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\F82V1kRox2.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QVLs15dYuc.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\VCTPXfsZqS.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3Bw8qtkvcA.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nDwMkfOC2e.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\7bDnwPuEug.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TmtjCtAJTq.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QwDZd8tkMK.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Kq4mDwN7mD.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\hbGxgnDDQj.bat"26⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:227⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"27⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Media Player\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Media Player\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 9 /tr "'C:\Program Files\Uninstall Information\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 9 /tr "'C:\Program Files\Uninstall Information\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 9 /tr "'C:\Windows\Web\Wallpaper\Architecture\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Windows\Web\Wallpaper\Architecture\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\Windows\Web\Wallpaper\Architecture\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5d1b3b3004f9a21a1476e25c6c2ee8797
SHA19bda3aa363d81db3b69b43df02180204f65cbfb1
SHA2562d20b1961ad28bbbb1cae12072163e58c2e97b6469abff7007dbaf8b95cc5dac
SHA5122ec5e98e6240aafb24bb5be0e34652a4fc8761b76ed0e127bcb8237ace8eefc734c2a2aa401ced5752edf92e285e16a038f9dfba5537112f8b02243a8ea566c7
-
Filesize
342B
MD58e7404881929423799a86ffb390c8f4f
SHA11794aea8ed30e2c29d45a92e66786dd22f110f05
SHA2569babb17467739b4b57fdd22e4aa0baa9d5c427fbc93a7805915e3eb31a756b9b
SHA5126dcf4ea84a5a777dd2474ac36ea8841652604f353d65b6e13e483a2bd716ec06d82f06a4661bbf53372d64842dc435cf02bbabdce5545c27cec1d7c0cf11f14e
-
Filesize
342B
MD5d0e9a8b0fd13771da662f631c3ef723c
SHA1de20c6976f09b7f74620936c06ed7c7b027bee2a
SHA256a12800c3bff811b70ef2f057a9d4701bef57f844c8e793b59de7216e0121e6ed
SHA512970fcc3aaa4d0bde7e08b69bbbcdfa59043cbd836e0500d00f75a9526efa7379561269eca356312bf20aebbeaf6c375be3496bc8706b572a7337aa877dafe9eb
-
Filesize
342B
MD56c9a243e32c94df84c746824dadb53cf
SHA15078b4a39bdd0003c84d488da667f8f0b156adce
SHA2564fec649568704ebdbb3ac6acfbf70f876f7eceaf0e582e14bf5df1aaf5703c6b
SHA51260484a3568a5aa01b6567027075c1a15b5715a559436c7c21648634f148a59b84d03436df0e9da2e5ec57adccd52959893347d307dfffdfdf6ad4141a3fd5437
-
Filesize
342B
MD56340e807c29ac73e2598dfe60bf23d08
SHA1dbce5e96e0f92d59208417362fe52b251dd51b18
SHA256e7cc820a8771b9a954d59f9bf2f76ca93c156f2e3800d01accc2d33c0619e2b7
SHA5128ca7dcbb7ac01fae4887496f3b5e6ab59badcf3dd1f0634887562c711416a1a23401ed8ccb0db6aec3eba4d1abede6d2ab803110f16e16bee58f769c64834e7f
-
Filesize
342B
MD56e51bfece473dd6bef01e0fb829fb5b0
SHA1f3d9f7401d5e83418c6add6b89e029903d481648
SHA256d2440a4945206ac0c1a498ccae139c43e2f502bf91f076627f269cdd0d87e255
SHA512d794524f8b3fc7a367d98f9925ae21dd030f116fbbd9daed4f87c29a2a6eaa67669e797a8a59fb88999f8a27751f0d7084173eae12f4b88da6468ff0fdaaf961
-
Filesize
342B
MD53ecca23185e46a01ad06117bac2213ed
SHA11f4051bff32fa7756ef4a7b04ebeb4b573e320cd
SHA256ca75c366580773caaec00c07ab9908f92057a480bd9a7252922dc12996b182d6
SHA51262f6351cf2a603df2b07ed3598fa408c3b5ae771cd0e2881dd75e05c953cb8cfc40e69b9709ea5be7ec3659495f3e778c1e4d920e2a244290112e6539377d111
-
Filesize
342B
MD559da8808be5a1c092895cc05aebb5981
SHA15375e33fc2ec794741789700a30b204c113bc5ba
SHA256c19a360f187f7baf712f044a774831ad22d978a1484beedabd610f619dd7d366
SHA51272675da782f6e05dffdeba4cd1ef22f325e5adc58fb078f97d430d008e47ea4490f662729f13ab5263df623d175fbc698ad4c6355e755011bec38ed87a9d04eb
-
Filesize
342B
MD5d7ca07d816dba6d292f06cffeb29e85f
SHA17072c3d007e27229cb75fe074b2614f6d1b62a9e
SHA256e45b7b14d329ac5b21985479ba5636c6fed22e1f46205e2e06445790fb207a66
SHA512001c2d7247f57e6e89a536d097d2fcc545c5c704168c32d13824e4cb744f52529dd742ecdcf870ed42775ce292cfa1da462550914bb392a23ad730ca970557b3
-
Filesize
342B
MD527c4d17c6be7a181c13b6ad309cc400f
SHA10d55d775cac314aee172785c0da63f52395d744b
SHA256eb077d1a7ef36b6a9a7328624a054bb64d1598c2c63ad988e48ff6288f2bf33c
SHA5128d8edceefff7e3ec50ce78341e142128f300f1c65ef8ce2ea636987569b29c0027a4e776cfffff06afe3a06198671e93457c24757328375fd88450ac50e0541e
-
Filesize
215B
MD57a4f9d5afc37a145dcacabb136f09c10
SHA1adc568ccfa33525fabeadff6256f799bec203caf
SHA256bb66f3ea6429587f5cf8e9e3c5fd3cf725e0eaee70d8870f71b193f356fda0cc
SHA5129f2a23e01641245cc884c9bf4261f491fbcc0d0d273b69ff22ed6adf88c52cbe2a9c2a6c327c56a84739df889ff3b8a7f1310034db71a7a90ab1e77ff89964fd
-
Filesize
215B
MD56efadd99127110eb6b389e23213bb14a
SHA1b156523eb5c6bd8804ecfd49ebf87fb9969bbdd1
SHA256736b6b4db6853f2c6a55236ffe39d94d67df6abeb05cd9a5c907a4bd59a92f1f
SHA51259fbb7462037b66e610307f3e21638cfec432af00696f8444359ea998664d2b649123aeeebe6305c5d694365b6f218501aa79e96f40b5f1e91b173333ffb9437
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
215B
MD50b7c834385bf2e57df730227514d27c5
SHA1c7c3e1145a094fe532f989960fc381340d0a3894
SHA256bd431d4dd7d3ed6596a20499daa1fe7597f7b0ab3dd369075c86381fdc86f683
SHA512c791ab85a18320b4e8b39ac2eaeabf933abd75e274fdddc7ec68f25448b41253ea344a208f6ea6be5db4d1a963474b7f3aa9b85d53528025e5fbdd596f18887b
-
Filesize
215B
MD518c0660495345a1ab25766ea0e7cc5e5
SHA15df46dc41a97cf2a14d4cc3a873f8725b02dda7d
SHA256d9ccbddd4349aecf1429c01b795faa671416805320297a24ce7e9b7cc63cf444
SHA5125764879c22ff4f8aa2ca70c352cf6e3141b5514a90d67267ef94028f2fc876dbaf9d233887c8c0be13afbba70ec495e2a651e09e335f043447d33a480c09d34b
-
Filesize
215B
MD5a957a0f28944b4a670b451d0f6403e09
SHA1f4ae2c40edcb58cf300791c6ad6a49dc80da2140
SHA256dc40fa8f702bf6fa9e14202ae6cb4a505df199a709dfe8a46a0cfbe6f5659954
SHA512dbeebd984102e3f856e5c7d60d27b6cedf4ff494b79da6eb81e8516a9640e4dbcda906b2e50fcf784babd76bcc81436b2b38befdf7a199eb9cd969f914046dd4
-
Filesize
215B
MD51457f72f92d3063707a06ad82e01c8ff
SHA1a427e948e16e4b1a8847272bb27ebf045422032b
SHA256089983c1f006e8640ac8d43d574e0840d7d0e555224ad3d949f3dc265e64dd44
SHA512b393e5d80ad20fc026c7e47dcd40cdff3a0fb5a1c2dde9d6b36bab714db35b0972cf74f4238ac398329568db55b88738e163971ee3e9ddb305d994852ba879e1
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
215B
MD5edf172546534081bd707b498432a8283
SHA14ca9131a84e3476a7efa37a30b43547ac4d11a6f
SHA256956cc2a00c37d8e48ecd3465cd5d889cb8b5726d50ea06ef3d323cc0a52e7958
SHA512b91702dcbdc1c6ea278de53ba9bc97b553b44c7596e3f8e3ef8064993ab126a62a74fb837e878bba6c4f56f569d17088b3450785e8aa87981fb10762d73aeaea
-
Filesize
215B
MD5d48c875ca55e5c291f81398fd220bb80
SHA1af1b348896647bc6da31c0f0ab1faaeb520f4d48
SHA2568fdd4c315498324f61db417f0add9316c9c126c1b2e27ab6997b902c0913e6df
SHA51276fdca3951fe0efc2c66cf3987bbed9de8db5b413916b6df25c7f3f1a354f4df241a38c5d9d6bfcb835ffef7d8d24b86321d3ff9165e870dbae4c0fff06d3949
-
Filesize
215B
MD5972ae278554f2345321c15e9996e247b
SHA19b52da0644d776e89b71b8925ff303c05712241b
SHA256ead7477ea673a8949c64105ec5c98c9445ba4a578b2b8789c579652d41abc0db
SHA5129280d36e62c258a2040fee09367baf0ce895713ef9cf850674947438a91fca04448585e338e6f15bddd3c770a56066e5a2357013cda7eca28acc7f8985280512
-
Filesize
215B
MD57df77dda32399b596bb7bc9a2cf50ba9
SHA15d84ed31c1e64616079582d8efcf47bcad36967f
SHA256c82cc0e772dc8f883d95f591839399b5d193857817bab5cccb812941505f5044
SHA5128214efb7bfe7435b55015bdd47288357e4861dd189bc9b9d4ef44878634f7e6355f9e6c0e7ea96a251defd6f7ebbb9085df71f5acd61443e9300dfe166f8e607
-
Filesize
215B
MD5cd5230d962b52f9307933ffe0276ef7e
SHA1e9f701d2ade900eb6cb7b6445c98ef79b3ad080e
SHA256bc08154af45421ac991d6368407128c210c75ec90beaa5bbf952160eafc5134d
SHA5124c9d0c68c17909079d2b96c3646bb10ce2985c01bfc334b286a84666aab7c376fabe0473410f8e39764f7843185b3366d94c879e54321758ea0fef72d5de0bc6
-
Filesize
7KB
MD5464a121d06a486649c223c0a4683593e
SHA170d5be970da6770a315498c4b2d67c1a8e3e09bc
SHA25685a67eb3bd24c99455ce32b70e56a777f7065bbdeaadaf422d6778ce56b11422
SHA5128db65e8bfd64065cf073f4cb3a9e435afb7090dde25ed5c5553023ba589b3565f4fb476548c2c5e556cb0795f8a64e6981a5b95d10ce0a45e20c3f317fea15e6
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB