Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22/12/2024, 04:32
General
-
Target
JaffaCakes118_5250c5d8b9850d6a659642eef478c6058cba54903f674b3370e8f0d9df55d4c9.exe
-
Size
1.3MB
-
MD5
da9a50af1a428fa3e2a29422fcf73fb7
-
SHA1
ca9adac746336c6327791b75301e99826a0d2d91
-
SHA256
5250c5d8b9850d6a659642eef478c6058cba54903f674b3370e8f0d9df55d4c9
-
SHA512
f73e27228fc32bee5fb6601926f12375edb299bb4685c53e5327b818482e6cf4bf5b4e72902246baaac1a036ded6fbf7be8018783b238a4b0d8c1e31e3d91a36
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 9 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 2 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 17 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 16 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 15 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 20 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5250c5d8b9850d6a659642eef478c6058cba54903f674b3370e8f0d9df55d4c9.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5250c5d8b9850d6a659642eef478c6058cba54903f674b3370e8f0d9df55d4c9.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\providercommon\1zu9dW.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\smss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xZLz5Ote6t.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\bo4ZIAkpMj.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"9⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LBVLNHYHv1.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\dk6czFnjgV.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uZApDsIgYI.bat"14⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"15⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\8Lq6d7xQt2.bat"16⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"17⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\5Yw7RONjUI.bat"18⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"19⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nfin2KLgOh.bat"20⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"21⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\F8wGhM86rN.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"23⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\dk6czFnjgV.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"25⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CL2HVdYORd.bat"26⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:227⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"27⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\I4yJNRBzAA.bat"28⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:229⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"29⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\nfin2KLgOh.bat"30⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:231⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"31⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LBVLNHYHv1.bat"32⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:233⤵
-
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe"33⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\conhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\providercommon\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\providercommon\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\providercommon\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Users\Default User\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
2KB
MD5a43e653ffb5ab07940f4bdd9cc8fade4
SHA1af43d04e3427f111b22dc891c5c7ee8a10ac4123
SHA256c4c53abb13e99475aebfbe9fec7a8fead81c14c80d9dcc2b81375304f3a683fe
SHA51262a97e95e1f19a8d4302847110dae44f469877eed6aa8ea22345c6eb25ee220e7d310fa0b7ec5df42356815421c0af7c46a0f1fee8933cc446641800eda6cd1b
-
Filesize
944B
MD577d622bb1a5b250869a3238b9bc1402b
SHA1d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9
-
Filesize
944B
MD5d28a889fd956d5cb3accfbaf1143eb6f
SHA1157ba54b365341f8ff06707d996b3635da8446f7
SHA25621e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA5120b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c
-
Filesize
944B
MD56d3e9c29fe44e90aae6ed30ccf799ca8
SHA1c7974ef72264bbdf13a2793ccf1aed11bc565dce
SHA2562360634e63e8f0b5748e2c56ebb8f4aa78e71008ea7b5c9ca1c49be03b49557d
SHA51260c38c4367352537545d859f64b9c5cbada94240478d1d039fd27b5ecba4dc1c90051557c16d802269703b873546ead416279c0a80c6fd5e49ad361cef22596a
-
Filesize
236B
MD5e76b89e9afd5fe8d875c625b6dd5509a
SHA1d13f6406024c5428befd7d76f887bcdc13a8c9c0
SHA25679fc5e755262874c04a192e157a35f622b7277eacba07fdbe9dde9c4351fb7c6
SHA5124bbbeb8899b58670360c35717cd13d0392fe8fd4c6a712f93883ed222938b96bd19592c4649c94c8c474069f01136de4811c404612140112e34763d82093b2e9
-
Filesize
236B
MD5a7881561488516256733ad4ab6379f76
SHA1acd12892e33c0ab6b256eb8cf0588e1a8f76cde1
SHA256cf80b9ef3bb821bbf93dc4b0413021feabed686c20d991f0f8384c71667b6cec
SHA5129e067c9d04c15045bf604490b637f039822ca26c0a5b2e7c992dbb9a2ec5a26ff0f18bd16048d291e8ea3dcabe8d1c03c92c392cba4979b08ee577eb17c3aa92
-
Filesize
236B
MD5b694f766bd071d4b1c5e776e236dcabc
SHA1f372088becfcfbb70621d2f88bfc78aac16a9aad
SHA2560b5305f47852ca3cba77766e528e87ad2f94846c50dd9a6602401e7dbe3b39e4
SHA512ad7add48670f4a018c64cf846edb365c05a7599d2a41380e8cc6d24e012ba70c71b680784885a705ff38fa2bc16039d05ff6f7c8732db62f9997d483d9f701f4
-
Filesize
236B
MD5f0b9a49e6654596f050e69a423f1adce
SHA1c03ff477e91889d91cf9f171677ab1f49a5a8dab
SHA256838db8e26247dfe0206d8683c1ea4200ec44e46fe83afebc6dd189fb5a4b4420
SHA512faf6aa733c15e7189cabdb7a4ffbea76e508a1f89914dd11bd7b485fece69b5a55b4a11f759ee79a4fe97844eec717239a7cb02e75ceb4052efec7cfba72213f
-
Filesize
236B
MD5922c072571882de80f27a9aec04be53e
SHA11363e2065285e76ef499a9be5dc5e635562d7e38
SHA2561d880699fcf82e9661643f53341912450237ce4b4d311d1ec7336bc0d1505997
SHA512ba114d3704c3c627bc37cc2143084382a50c47dc1cd54c431791dd34ed2a1de6e4d5ea1a2bbaedb2d09b88aeb760c415164e6d4833f73e30920d156d558aa018
-
Filesize
236B
MD505c22f08dd092d601b3b3e36230bf8b2
SHA158bdf05e8b218a145ecde7b31dfe6d8f503b9aa3
SHA2561730ab477329cd52b5bc6e2db859ae25ae0d2349d1cc0deb022469dfe5175613
SHA512718d9b9d941101baaf841dd1244917fc4e1146b51a1db5a81cf9f31d0281cc27a3d4de85c399fdec4c8fa24912d69352c6cadb178ede160b32f24f65195ac381
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
236B
MD5913371d68f140bacca35d65f35ae673f
SHA112ba4829694c5a7bd7e9f9f45f84e175501c2fae
SHA256a51a053de23a32dba794db1cf7e6c90a631f91ee9d16e114f25ffaca91324499
SHA5125f3f6157a0dedc6e7855ab6e39cde2e1db92df3704317b920b9d3dc0f5e4cb796811deb77716da30f5dfdfd25e7848b37e9bcb3e48036b2c1d2562b85968dbd6
-
Filesize
236B
MD501e6c2765497f07210a2c542cc45df0c
SHA1ef7897a10187d3ce48fdf6fd2116e3ab16be16dd
SHA2561b11a09bca6175ed7b4bf68aad408fdeadc7405b00e4ee3574fbea343f665441
SHA5124c6f520298646a149e42043c47350f2dbc5b505ebb0ca5b43e3a890a172e6cce302bccbefa077250d315eafe790abd016f35b4250d1ec6b6a05d348f77e236c1
-
Filesize
236B
MD520b4de25f8a7a106a8f1a590e9eb7268
SHA116c0ce58dd89e853c95ddb184d5a7e91f331bbcc
SHA2561a325d0ec4c267c77d0a4a9c711cd039c8bf032745303a4681d7833b27aa089d
SHA512a95f7ff75c39c327b0acd996deddf6b48f70c2f180309ee0199030d84072de9f2a4eb3a8422b9d49b868171bef0b5f7cb2718782022308991eb9f303504cbc23
-
Filesize
236B
MD54b05f6b0341d1e0632a32d0285cbfbb2
SHA1d2c45c68e2b84309b8b86bcefb766d6b13555989
SHA256a954e7235fb980333bac666105526452e866b71602ab4cb08b139125f0cd346d
SHA512ec31a26c7326f4fd7e50b8354f86347e26d4597aebe012dcfc5d3328d959217687eba6243ca6d316c9dcaeaea87d42f819d305b4cdd04efa41117e39e9c3a681
-
Filesize
236B
MD5a03e0a98397877103988ae5713db1031
SHA181b6441e81cdfabcdfb19fd1c1ac8e01b7003d71
SHA25638b9d9b2239f944839a13b97be375d3acb724f20e48f5a9230f6953029be4b3b
SHA5120d52ec1c1d58db9bb9ecfcbd045b6ff7919b67cb2fcb8bc793a2e4c82ad1edd86eda509e9f5ceeec3c7f4c5b7d0593d51c0b4c9042a00bbdeeb72c5fc25551a2
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
72KB
-
Filesize
1.7MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
136KB
-
Filesize
1.4MB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
8KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
1.7MB
-
Filesize
1.4MB
-
Filesize
1.7MB
-
Filesize
72KB
-
Filesize
1.7MB
-
Filesize
72KB
-
Filesize
1.7MB
-
Filesize
72KB