Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
22-12-2024 00:54
General
-
Target
JaffaCakes118_ed3534c1d51dcfec460ef7ad46040fff28a3ecfa969f49b15578d28fc56ee401.exe
-
Size
1.3MB
-
MD5
48bf84d51479ef4e8711cb3a726ead0e
-
SHA1
2f14456bdd40a61f941d1915338681461ef5618e
-
SHA256
ed3534c1d51dcfec460ef7ad46040fff28a3ecfa969f49b15578d28fc56ee401
-
SHA512
e37163990a534fa0f3b1b447f96e235190e171855fc5c94bbffe83d25fb1fd728f9bb10e76ba205673eb7aa6902ee3072a8240f24ced5d1566b9f9a202a499d0
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 6 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 5 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ed3534c1d51dcfec460ef7ad46040fff28a3ecfa969f49b15578d28fc56ee401.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ed3534c1d51dcfec460ef7ad46040fff28a3ecfa969f49b15578d28fc56ee401.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Uninstall Information\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Pictures\Sample Pictures\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\9ncYvmuuF5.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\vdJwOJplm6.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\BGyPdaK1JU.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\vCRFnHZZKP.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\5ixwcMXCIg.bat"14⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Ys8lvSze9b.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Z87Ce65nyU.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\5cWoBfSAzl.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ER58NgmlZn.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Users\Public\Pictures\Sample Pictures\lsass.exe"C:\Users\Public\Pictures\Sample Pictures\lsass.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CV35gbisF1.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Uninstall Information\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\Uninstall Information\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Uninstall Information\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Pictures\Sample Pictures\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Public\Pictures\Sample Pictures\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Pictures\Sample Pictures\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD55c9148a182b66cf70164cc99a0553b27
SHA1bd6bca0b1db95f83ff718a35f6c7f633b1df5077
SHA256cf6f50fd76ff1617fef1914e4bc8ece26f7fc0d084bd9fc9c4772bd3bcde8d1c
SHA5122975702040d9afc1f2d562b86be84c09ad805c77393895a132c268d794b9f1fff06f99eb4e1e8d8be198c4d626d78a63b604851a340c42d215e477458ffe5681
-
Filesize
342B
MD585fda3f973574a1908c93a7f35b6cf34
SHA1b6fc86f7162e357e27f149c493d0716556d13b9c
SHA256571d46db267e3a042fee6d12c9e068b31ca74b11de055e788b72566e0e8e218f
SHA5127b446486f3608e17a461307c6a78253a2befc37295bd2ca2f6485dafcbf7ef5b7ed0e08f5712022ba955d5e7add1f4c1210be1bbd78600335a2304a7cca94c04
-
Filesize
342B
MD52a2bbb1b1c63c6f1f0941d66e671afc0
SHA169200fac05d45339ce4b20fa5cd9ffb7e72d2af1
SHA256f21b6ae9d97a18ea19752cf86dd387b0195281b222e7fb19769475099f7722c8
SHA5122758910e776a37980154ebf1173879c2bbc6e524496fc6bb9f4428de1e082a9da9adce5f73640fb99cfb7ff9b9c3dc99a6fda78924b20b80e8b728fc3549ab32
-
Filesize
342B
MD5405bcd2b0bb63b155ed0d8b2899d1e42
SHA1dc42ba818ca3c66209fd3c2c9f003962a86363ce
SHA2562c1a6d8644d5b5c1f823bbddfaa6ac59f632c6e8e720346dc1b9c4f6d9f85a77
SHA512a05e0873df047c605d7f0ece4b2a4afe3208123cb36b91f9635ec7876920f3419fbe655769e4d7b8f84738597f1dc91cdb9373730ae37047cfc208b2c2ff875f
-
Filesize
342B
MD5185ac628d46132c63a0bc3ebc0c4debb
SHA113944c96878173285b02a41db5d4bef71f7f00c7
SHA2562a040e265d23ab16cf5ed3aab1868f910d0d8420f009e638580ac38e8ba839f3
SHA5126ba831886b0960ad5b3ab7d03c755e627b5150afb94ab882dcb384dbdf6fefd5ea26c455027d0a028bf04fb74982538f2842820d38f2eea2dac0779e5730a39e
-
Filesize
342B
MD5f26301ec6629601d588e3e7b1c7c7174
SHA192537f7917bd133fa8741d0760215b306d28448d
SHA2568880f542c785be28ba9e97df5a8fb31d9e6220b91f41e8294559b249f6c14b5c
SHA5122b909a4f067cf4e87440af0d01f282105a24f6e32e4324e236cd46105686ae00623c1143d5104d08f05d6e816d514bfddaf7fc72a1c3ae5a43b8b02ea5c747c1
-
Filesize
342B
MD572268c781140a9293b542fb0f47f00fe
SHA1bff146a55b6e715970b7bee97bc25b126d473c6d
SHA256e8f14d137e99bbeda728ce6a0dd0cf69cbfcc65328001e1ed3bc8b13fa81617d
SHA5123be93fa37b5dd11af130e0fe48b4b1f38074f7f0e30d24fb55609329ce0e40427d85f20556e9238ab13c66425d7c5758a338ae7f90e6575b9fe64cff96177718
-
Filesize
342B
MD52b870492074bcb9f51ae62aed496be89
SHA1cc03e6118b08fd96f8f64b77c04a6f7107894645
SHA256b04729b7ae874285473169e3c567a9d95a0bab20bbec2c43dbf0992d104b2253
SHA512a2c298fe9288dc6a1f2dfec781cee34f2a9f72dd60001a2a862919c760a0ce8e555b1afb9caf30f7ac35a81a587d3384a70a4755b2ecbffbe1031f0a678f5f07
-
Filesize
342B
MD59385e480800b041106526f2ab1bcc3a6
SHA1bf66f23e793b5c012ad33c381fe734aed845c27d
SHA256a5d0cd1b07f389fe8862b4465065bc94578e1a0e3258914bd815aa4b07a8a844
SHA51205bfbc6711b93812d0fbae3b86cae1ae98f8be5f6f5fd7c2cb34212a24dbaf622261d2388e2beda290fa4be2a5ad953dcf1c490ec4ea5b462dace75979b17c4c
-
Filesize
215B
MD5ed4aca3c614a530e17c367ef0901253a
SHA17d43bd2909ec4bd9c6f591cdf476b45171d01f7e
SHA2561cb896ed46c0fc94916a9968ccf1fd57d04218884b4a235b0143d71ed64a9bae
SHA51244b503c197bd6be2f8e4607bb9d9c88cf2438ec06a583547bd07ffd39420276ba99430cf647be49a5d3b641f2d522ab88a8b1deb4355a8c8fb0989a84260d77e
-
Filesize
215B
MD57c36fbcdf6515c4d7b3f131e562c0ce5
SHA16279c441db914137955236ae453a72782be788be
SHA256eb68bb5d891cf6f05610770e6137254c2f5ff00d18d6e8c19763bbfd244fbda1
SHA5121bd9517a1f4553c83409be8fb923a30c9aa9007135c82244248e930d60b8ebc500e8a6ee6e2ac641f56d7d6c640bbf8885c91e5403d9940e7d8d93b842ed9783
-
Filesize
215B
MD5df1857cc9518b1ee963a367da03e5da8
SHA1f3473c9cd50d3832da2064a2e80d34aa2901320e
SHA25652f99533c4e45043b1288c07bee817adefba0bdafd2e7a170776f5717c57f4db
SHA5129edc96882853bb27e3a6573fc16a2612aa7d02a5be6d92b336e98151ac90af215a00250ce9bf7c8e2f10ffbce416f83e2ec60c58c98ee61be5269852680750c3
-
Filesize
215B
MD57f895f4bc4c6ca3888dd415f175cff8c
SHA1078200c908ceae5177d887ab42986524f3c7af04
SHA256b593fe07def251598d8ef819b2b7d3a5337afad0b3f155a5a469e549083ebd15
SHA512c6913d8d496edce41f51301612b3db362a7747d4782667a182947aa03a5cd77fb5a22295ecfc20e72ef0b2ba4a6ae26833082092f0fdfef5904fa994d23dec1d
-
Filesize
215B
MD590dc12541d1d6df00b07c3bc7c3c1d7d
SHA1b4e7bafbe82b4f5ff8d18ba9586e6ad85bdd76cc
SHA256cb41758ef6f670d954f9654de107d5a9fda643c8637fa5d352089a6057a5d71d
SHA5124a2b25085ed603cd67bcb556f89d024c278af4fcaa73f1832624137a770ab1511db9a15c5ecbff86b56554d22ce4e1097e33069dff3084c74f7f28434e6ffe5f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
215B
MD5ba34a3538c76e73b8d31b695a4c3e8dd
SHA1336ac86a17f060ede7ffb5fc93dd2233b2f4d8a1
SHA256fcd3eec4300c1e566378fbc0737cfcc9d5636f611bed57eaa6b2eae00cce7472
SHA512bba96463a96c8957d0440c0f09445bba87c8f68240729accd0d7ec13ef4de0c5628d2022d837c9a4de93bafe11c46fadef861466f8e6f1a7be14a5b4fa061a25
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
215B
MD55053b9a08cef3cf59251b77926391e15
SHA1914a12ee3d3b36eb433702e00188f92f2e3038aa
SHA256ce3da63f6f7e0d429825c1eb7ffd74821512654adbcece2b4a238442b967353d
SHA5125690600dfaf8239b7ad21a5227267e90724f2cb6daa896ada310569a81338350c49807f39956d0fc71a0813d5d5945c42086eeb532252301253a57df81395214
-
Filesize
215B
MD53884075e7229fb042d550b943238625f
SHA1320485764d6bd40dc8508970081e08f63abd7285
SHA256ccb29c477fa5b3946e1a11b4c702f32f941f8957cf0f8da13afea89dd08bb8a7
SHA512c1b0bf3056443a07f1f60588ee6adbd906dfad117c6f951d761b39d69a32b2a452d21676431cf3102f17d29d195116c8e8e6cdbdfad1bb83a6e4b977e6b5d63b
-
Filesize
215B
MD5494489cfa2c632b2402b00ca70217ae5
SHA1b46d28f96955c4eef1ee3f959e8573fb3068d55b
SHA256e576e8f74a09f73adeb9f4a76a89f5a638fca13ca1676d18836e7d199caff1c0
SHA512cd3a7662b2fce787980b9a16d0644803e52acaad217266906ba6105de1ec79e3ef6e4ad0a8d217c2bc196258df97a831f451e791435c563309b95fa0e01f6d51
-
Filesize
215B
MD5b80dc898316902a122c237d65b7139be
SHA178161ab22ca5407ad5967c7696612fadcd7bb014
SHA256178e0143aa5cd18786af6eef3000663a417e7f533800d78d7ea4efe86a847c38
SHA5124ba8fbb83d8c57cd8dc604ada1226766dc4347c4272d5490510a5b569d80768580c96325cfa1e8b45ae51895a4549933e29be81099bdd08fa21c050894164ea4
-
Filesize
7KB
MD55637a6117f4315c82dbe26f2bd940c03
SHA1a6167d9785108449d0b850e261d98a44e80cc27e
SHA256a9f6ada829037a1eab6ef24829edec6c18a2c999870e9e3811844b31d08404cc
SHA5122b586af500370d19c5824564d0c85311bd6cf7d5f80842a66e6009812a0fe0569d714fcfcc526aa00378d40a1ce4061de0afe8c1d4eb53d558a64469a8c2eabc
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB