Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 06:08
General
-
Target
JaffaCakes118_149fe8cb0905736943f27c64c3dbacfc42a84ceed4d78066566efb08c9e282e5.exe
-
Size
1.3MB
-
MD5
909e4d9c469f768c67cbd955bf3a9bbd
-
SHA1
751ce64503b9d2d345ab82d7e939602aeb833b5e
-
SHA256
149fe8cb0905736943f27c64c3dbacfc42a84ceed4d78066566efb08c9e282e5
-
SHA512
b1cca4617c564c5490a0e57b60b33f3e9e13070d242bb402ff24e31a2bffa9107e9f58826fb7ae4409af37044cfd508070e697c0293ac46c1f6bd17409ea3aaa
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 9 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 16 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_149fe8cb0905736943f27c64c3dbacfc42a84ceed4d78066566efb08c9e282e5.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_149fe8cb0905736943f27c64c3dbacfc42a84ceed4d78066566efb08c9e282e5.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Microsoft Games\More Games\fr-FR\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\x8TIUMdSeB.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\mQe7zIwqSA.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\kyAhxuXJBD.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\o4pIGJu18c.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\RBOUzXbIOW.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\1Gu59oh2IN.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\8Lq6d7xQt2.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\dgWvFyiHB2.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TfYr4aOzGb.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cYhs0sn2L6.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files\Uninstall Information\audiodg.exe"C:\Program Files\Uninstall Information\audiodg.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\providercommon\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\providercommon\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 8 /tr "'C:\providercommon\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 5 /tr "'C:\Program Files\Uninstall Information\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\Program Files\Uninstall Information\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Games\More Games\fr-FR\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Microsoft Games\More Games\fr-FR\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 5 /tr "'C:\Program Files\Microsoft Games\More Games\fr-FR\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD53659a1ed72d46b8561abf0f1b4cc270e
SHA17d33399d9859cc4e578e78ffcb0843ed30f2ccbf
SHA256ba6d9cf422043082dc83fd817060998ea7a54b3d8237576eaebad845f4e857a4
SHA5124d7bb578cb4f831e82abece0af43d870be80672d71af71aaf4da01b82c0dfbfc1cad44aeb1c75a6ba1a634811f47058829d5b9f53a9e56516331c95f0e567f88
-
Filesize
342B
MD52483ad149e7c987875840c4224d7b8d3
SHA120447d9808ed12fdc3729222b336691e7916df49
SHA2568f4104e0c81dc3243ec72236102e4361cb3bc05815a1ad0017a95ef7c6bc9e7c
SHA5120a6e10fd62cef0b819fa2066643bc7269a90bdd0e88b37e484a7d27f35ee688b20af8b80943fddf71ead1080ae20ef0bb6ee0ee9b6de70447daf97f05a590361
-
Filesize
342B
MD583442f2d89626b35c59314a88959ebd4
SHA15dab4d433bd71e621dd201031b6142ed921d0b1c
SHA256d6982b805f04e14e37ced6133c5903465a9b378ee37210fab1cadcd0dccefc48
SHA512fc02e946719a17d99444718eba95d306930078562a84c455e5b3bdb1091b05ea8ebf2e60e93959f16c5b1999795517db76c9df9058acb00acb51e277528edfbc
-
Filesize
342B
MD5596fae6eece4ca0f5218daaf7ec00751
SHA1dc9f23c04af3af8ec757e3ffb734f6c837e355c4
SHA256a29f5d998fc2faffe44efa009a75d5e5a500060da70d44994aa4891a2ef00c69
SHA5126b7b52bf22004612a0fd35f6656de940a22099f18aad3f3d3a88a9f06867bc6a50f3d9615c67248c44531571fdb435ae9e86d58c834c4d69dc26be469b86988a
-
Filesize
342B
MD51299ab3bf2581f15177c5ce8153f5516
SHA1e8b7c7079e8507eca7730e6a7fe9e4742cc069d0
SHA2566b034dcf6a4c4d277baa807b95850e60c746540fdaefeafb59315095972fbeda
SHA512f3ad39fc20b43e0567b8a853c69330630636a4a92d1e1506252806123546ff2d3798a96f2e67f9eb5c22f5d1def7ce3576068375dbb43002bb6ad20006ada33a
-
Filesize
342B
MD5b9ae331692a115008a5562708173ae16
SHA13861822bbc5a9ddd9b00e216cb183504d3486bbd
SHA256a48983bcebbcf8eb8e6e0b311f2b5df69cd344bb74c465a9def5e66b71c0c3e3
SHA512975a6779a1c9715509c64d0e0fb444af63778d8316e511892518c2132e847c1452cb716639baa2a0a81fbd6fa5caffdfe178ff9f165b316364b78264e05485cc
-
Filesize
342B
MD5b2c85531de90753611523dec69822218
SHA1cd6769cef06cb7d1643241da63a1b6834a6fa3c5
SHA256e41b412373fc92d358e3f0dbc8d4e764c8c399eebe542c6f9618e3dd192528a2
SHA5126a3c9635fa515738a08839685e320d971bb5f253749c649e91f5731982c0fd701ea9ad30648e8878379f94dce52f39cef2a3f1035ce1ffeb4487ee7c692d192d
-
Filesize
342B
MD53f62f1e5d19f320ab2adcaedac475c56
SHA1395f50f7b60e90d9d1c0905071ed30bf35b288a9
SHA25601b53c5d2ea2cae92ec00869cfac28e42a6b2f1982b1055b055d4b8b0d68db70
SHA5128a841af8b2e2e3e9bc4b8becc2e896040952b5ad284ef3043b9e2c2928b343c931d7a6770fe5963635eee4913b0a663bb66b9d0b2812860bd29be333a6dd9265
-
Filesize
342B
MD5dc018a047777978bc2e2f576ac02b0d0
SHA146684905df4e73aa0e503e538cc230e5d9625b87
SHA256d84bf675eeeda246a293b151906efea114f7374c9a7dd042601a4d555275fb6b
SHA51229a053381c7e97b49adc27bb6545359f366cab09528ac102ed6ff88b7aca5c8f99874d5f852ad0c1a1cbe3ad88b09e588eb02887ad6f9982c811b785ba6fe6ca
-
Filesize
215B
MD59a052cdf63d2feed576c1dc98a65db9b
SHA1a682f2bfc49ec544b0e3743959e2f2f2787179cc
SHA256b001cec9a1215ac67f9b347c38fb9cf6dd9b0d05f61d251ec77025c281c3d5e8
SHA5129d244dec315153ec4aa046ddab23d986a1ac913d558aebc34c2d976e1ec846c78bc204949fb46858aaa2fa287d54f4cf37214700d988bb2612bb5f4a9a392f73
-
Filesize
215B
MD59dbfb46f288dec700a450498e97380bd
SHA15bfdc87fc9f299eeac2530d97064943cb678cf14
SHA256a522dd1dd400e2db367658e735941d765624c788b61ec495f6406eda982d1aa9
SHA51232b0302a1fa7a959c4f2872060158c0be9856c1c305a1f7694be2482aa29d7d898c2991752941e038cebbd685fef2bd9c234906f8c10c9f9ebcb44de53a90cae
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
215B
MD510a490b474b98273d6e6692fd61716fb
SHA1837d0ce6970222dfd08c9eadd090aabb7dcd9642
SHA25607fd89c0a296498236d61d3cecea2ee20b8f6d91d8f12cdfcb079386804c164f
SHA51232b2cd9e5acf6635b698c5b3ab82041ce07b78bd21d63da7aaa22b362f49cec23f8d766fba93da1d82f72b14030109dcf2cb38dad038be4127a00f76d662fc52
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
215B
MD5003c5bb0f74de04803e247a594117f6b
SHA1c84b5d659d7db5b5e698f269e780e38aa12ddbcd
SHA25690c1fc4f14032cef6768561d1322c5eda5396274259929e939ae122d78b78134
SHA512429249c4d2d7d4989b1c364a148a0ec5540cd660e65ca0b5f9e02b8a380d5b879237d27d30840f869bb84471f581f16aad120685916773a14b1e356c3f7779b2
-
Filesize
215B
MD5e184bfc16bbe00c438892f49c8c88be6
SHA1acd37f274e5f844e0385bfaff4f0caaeb2b606b2
SHA25617ddde8af6f474d1816fe8caabcd78647723b273036192893f907fd2ad506749
SHA512dafd4805240188461669002da88c3d03b49ddb5dbc65f428898a206dd7faec438a61e5fcb3e223020012193e447960e0210e5af46bff4f3cb2c6c61167a35368
-
Filesize
215B
MD5c9ed083f55128b029030b6471d3fe36e
SHA14735b145cbddbfee34d6504d23f05ad00d604132
SHA256940e5534944d565c4543e0cf1fa604fe6fdd7d55e3dbfc70852655cc2ba8aba4
SHA5127a3be0542b7d4a8bce90ec44c02ea49935d900414517838cc77af1d275eff61255224ec4489913229efad4b99706440592bf83b0a2cccfd44deb887816b6b992
-
Filesize
215B
MD54341c4438f225b94a75a720c9809f61d
SHA17809b5155ad7b79ee607cfa677bc3ffe4096b296
SHA256bb85886411cac295e1a624be72aa7939814950a922c4bef841adc4c6a6892e5e
SHA512e5835b7cda433ea6321765617e360fe0cc869e36b58aaa43bfd2ec9c2789e7fbd89164144747962ecde772a1b0593cba3c3238ab1792bbdfbb765d86a7e6dd88
-
Filesize
215B
MD5f9b0e829c2d8f40f964f76bb2e2fb13c
SHA1c4e416a78d3fe232782dba2810df55eee966a75f
SHA2563a7208750925f728f3ac9951279241944de94f6516e69fa41526e3f3f2f231b6
SHA512cd9e6a1ab20911a43efba87eceea7d9c653c15d8a6d44688fc452015f2758a7e7d2ad22635f363eaa92f781489fe39bbf094bb78ed2c2dba5e5a887d695899b1
-
Filesize
215B
MD59d51cb8a81ff46a46c37924ce1c4c2dc
SHA180c43e19d517c37e9744f77572278d38161b0121
SHA2563af90a25cfde7ee8347988af900753d5a016c1e1f62a97bc506b9fd8b6ba583f
SHA5120322e03a843118a5a6a3d9d886075d40f9cdeff004e3165ab8573c3a7a26db58a6bc815f15823d679b59537a9fab246fa492a891da0fe0ed52c6211628a2e20f
-
Filesize
215B
MD552216c767d6d8432a04309b2857e8afe
SHA19b6b47fc3717865c803242c15ec6595323d1f4cd
SHA25665f1305ef32f790a5b5cb8d64f1c111f3a50660f796ab32068cec8ec425eae0d
SHA51212bbc8f4649d915b8268077bf2f7fd1ea575713aff740fb197505def9431799eb24d71852ff32e8ec8641ccefdc1a65ac7a2927dd62f301af32577b43c155bc8
-
Filesize
7KB
MD55368ff772add45e8a3704554e8aa131f
SHA10e8e65ca0e08aa706359378ff01ac9c947a444e3
SHA2566f5569a04c31e07c86ad9fc8a98196f1f0fbfe79f9f74fa7554dee05f8c2f34d
SHA512dd23081011b9036d7c8ae79d836fbbcf8f23a143155a494368f2d76332da86792ad1ada25956c8b80988b9a2842349e85405e96f63091092f2c88a279e548268
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB