Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 04:47
General
-
Target
JaffaCakes118_8ff3dd6aa26ba3b0afe582d3e505c9617af44c482d5232af7084d19d457ab09b.exe
-
Size
1.3MB
-
MD5
df8e9d891f2c9e0eed1350d1f9c319fa
-
SHA1
b0afddc1abefbdba66fd46ff118b322b453e219c
-
SHA256
8ff3dd6aa26ba3b0afe582d3e505c9617af44c482d5232af7084d19d457ab09b
-
SHA512
22e029d87930311108698554a98c075ac4051907f991f0f956b70785579d8ab5f98f92122f64a5cbf778354e386d49f8a48809f83facfda7997a50bd1a60d40a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 21 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 9 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 21 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ff3dd6aa26ba3b0afe582d3e505c9617af44c482d5232af7084d19d457ab09b.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ff3dd6aa26ba3b0afe582d3e505c9617af44c482d5232af7084d19d457ab09b.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\Idle.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\AppCompat\Programs\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\LdN2yJpTNi.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ISA3vp411k.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\hevtjRcN1r.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\a1rZrAbBst.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\NiQtqM3qVs.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\IrGY9odMle.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\WM6x9zCNT5.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\j8BV8simza.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\3jGxsc69Nm.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 11 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'C:\MSOCache\All Users\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\MSOCache\All Users\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Internet Explorer\fr-FR\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 13 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\Idle.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "IdleI" /sc MINUTE /mo 6 /tr "'C:\Recovery\1b8b1de2-69f6-11ef-9774-62cb582c238c\Idle.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Windows\AppCompat\Programs\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\AppCompat\Programs\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Windows\AppCompat\Programs\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 10 /tr "'C:\providercommon\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\providercommon\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\providercommon\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD54811839eeb89f4c7e81dd45411be2ba9
SHA10e95746c5947fd53a528ae36cc85a0735853ab97
SHA25605c280b27de6babeb7fccef13fa76a3891b1086119aeba622145bb582b9cc56e
SHA5129a0a8ebd4c2b10e716ed8f4be2ad4eac13044026bdd13d6bbc3d8a201a67bb64455a6f3ee5855674603d8ca1264f9f65b8cd07ea8c60d783a15391967c73cce4
-
Filesize
342B
MD512fc31873630163851c33567f3429e0f
SHA1641db7cacd4a68a46f5810a5e1972018130d0ef5
SHA2563b9b46fa8092b2d43ee8e4d76efbb9f7b7abb263309d154628a88c8f1b5773b5
SHA512302cac8c0a506a66338b4d4660f0b7a0c6e4c53f6b091878ea689396c33b8f16d3f93831de1f51f6a30664185378de53860ed7476c8dfa2d1fa863b386e560ed
-
Filesize
342B
MD5133af8c411ed7a28e2988b73029ae1bd
SHA1902778fa000b3a427306c98181ee87da304d5105
SHA25636a644a9944bcf564ac7b7c14f70f68873195652105d59a8cef61ea2ba59fa74
SHA5124d333ba38e8e28b0899ce4aa230e68c011ff59cbc2df4d7d08e63fb881722700b15574dea8c76cbf68b6b80b50da04bf31d4f50e724f3d62518cdbe44034bc64
-
Filesize
342B
MD5e881b6239bb08b3bcae58d221c860e5a
SHA11a596b8507976463567d5d24bb27b4317d902b83
SHA25681ecd641000c7570fa2c665efbff6bd7cd5379ba59b909a08b4099ecc53d9375
SHA512d704521af5ef0797146ebbb538f4cbcb7e6016af6db536ee006eff6c424e20979523a0edc51ac1cf992824e6eee0dff0849d9b6520ca50be76287d77ce1417b1
-
Filesize
342B
MD5f8fc35b77ff8be27b2530d7b7b03964a
SHA1bc0a003f36454d2e371fa33d53c8848b3c72d5ef
SHA2563c4a002395cf07ebfb18f875d94b86b7ccca1229777f5ce3ebedc55ce20e6aa0
SHA512a88cfd7488db9fea11efa1bfd0a427c85112821c8bb71dfb07b7b8fa0aa6fbf991fc3435da70bc96837198e771c4ac184c5b6969028a2558848df881a797e53a
-
Filesize
342B
MD5fc462a6df268803bf61260f847503834
SHA15240391592c37ca020dd01bd7d46d842c8fa100a
SHA2560ae9883069990c7598e4ef6ca5f01090e384a9b30489f778ce64fa8b9716adcb
SHA5128594564c00e69ec9d481d2012e55256e1a04565c268d7a699bae8ca69e08d84aa55435352f3e4ad4c5240c979729ede4b7fe49b83d2c45b4369b38dce7a5d52d
-
Filesize
342B
MD5325e36c5e615c0bb90e9764b1acac824
SHA18c499dfb99d7f4892c250b5cdec3c1d420f65817
SHA25629548c462dfed41dec7b41621ce6f576aa4cff4c04aa47fb3d06d701566ae015
SHA5125064124116b7fc9b5f8eade976864055ed74c715ad4db1f0d8d99e4a367a15612ad6152e67b04046abe259b3e49a474fbe3a9496d5ab86ecdcffcea76265ec76
-
Filesize
342B
MD50791f6447d9abf72e85de53fdc3e00a9
SHA19db451277e0d6dc8b2754dfcd3e5fd3383d6b0b2
SHA25698d671c46978a887649d00793313d75192111fc815babd7d1755e249754009f7
SHA512898d23ff7f4a8cd2b221dd81a8aba46b8121f3ae84717531b06f81ebb478bf008097a728780b2b808ba1973ac42b9eb8c880285e561341daa957a7f5ddca361b
-
Filesize
219B
MD509ba3c7bcfbe8f29c7c8455b84b51b7b
SHA15f97f816a126a16c2363707f860f2edd4f86926c
SHA256319f4692798a3a4eb5389316121cbd0dc6a2a27d897739dcb2519052707c4045
SHA512e3551500b82a7b8b937256eb3008c66e811c723edb5d09fc0ea26e0a250a09cdce764a2cbd7cce8d96ce8334926d5b0d98f4e045af2f7822a08e7b94c623ee25
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
219B
MD50a5de22fc3e92c9ce06705afcde96652
SHA19b8e070ff5a6f7967546c712d5e70532a2416c0b
SHA25655e744f27001b6817010588a2932f7bdd03786d8a6cc34a46d66c7d2d674bcfa
SHA512c06e682140099dd573fd2bc0d2197eaf8da21f9ec4415776a5a780bbb712047d909c5d8569f4481901760a9cad86bdaaa0a584c4dc6d8b9016a3a3f93a552108
-
Filesize
219B
MD50c59067805c749f337b20716b6cc03ea
SHA18d15a4553dfe68dea214b05cac279d6aa952cb60
SHA25624513dab1410c01273a3d70a31256b234842e5432e8b2eef8b5bef34e9bbb886
SHA5122e18a1c4957a6c12c9e72ee65422324b15ad2b8f56f4db0dcf00e9d4b28741be892c0d57ec34df9fd34099178315649d7a0e72b3967b432b90ba8d2997343ec9
-
Filesize
219B
MD5e1763228864ac88ed12e33c8b246b485
SHA11a1d2be69093b0f1bac2c13bf0b3526078560455
SHA256fa3cf4121a59a9b11cbc000e420f152c0e362d7f56b5fe4cb6fd652ef80b45ca
SHA5121a67374151523b63ad31c6d8eb82c5c9f5cc8a74b7c72aedd57051dd5af23461009c299213aacda1e5c394e51adfb3788e157abddf31b1a86f58885f67f0343a
-
Filesize
219B
MD5687b7d063084b2528206e5e8cbee0128
SHA1f3ee886a1826a2dda3f0ac2be4e5c708c9833029
SHA2563c26ec1dcd30a61fb3dac1a0248adbabaaa40bc25de4d8fcce9a6a2db7256124
SHA5126f463757f825a6a3d84a959f81754768b2a4e91521db2e68140e91d18573cbc641583e789008183d78c26695c6a99ba1227b7e316028eb452305ee0b01bf17a7
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
219B
MD5a0b3be66a0a734468c246721dc5edbed
SHA1f22bb2d30efe73e2f4824dd5ceaae05f8e822dec
SHA256b2c3c635bc71ad3f52079cc0c7cee3a96009c68f9c21f0885958aedee1a3fca1
SHA512b97e6d59dbecda0130bef128e4548c19f951fd56d75934c0b187190102623854c2a14e4dc600afbf4fb98bcc94b41e145827a1bbd0f600f6b23c55814a01a7a4
-
Filesize
219B
MD52d788155005b8a43e1d2ac5474d73935
SHA1e8ae530820c5d17f6f9ab7e541c81cbdbb39afe3
SHA256997d335062a455a80e152e0bd570fe2a34955e268544f7d0a94bd46f31608b33
SHA512d8c44069fd7132ba196037475a0ed0fbc7d33f6776619f346769753133f4bf1c69676448c4c8449c3ff9789e1d28502bdfb62c83cbda83262695a8cd3db9c51d
-
Filesize
219B
MD52a117f83132d692cc139178026eecbbc
SHA1d30439f5130ea4d8ccce5a3d8f3a4f3d73dfbd73
SHA256b3b18cb760cda238b77542fd9ead2cccfc25f475e6a7694b95ddc75667b8b954
SHA51201afc5f639898988f28eb2676d56482be17876f226669a6428f986557517f28b56062ec0039f32883e69721cc55661ec804730030c6749be1d670ce7d2a79f50
-
Filesize
219B
MD5e5294ba91cffa54f56ce0fc445d2a659
SHA1a7b448d8257614e83dd003cbbeb3bdda6e68aa75
SHA25668797527e0283c81ca60993bf55d633c7e418e258dab2fcd8b39299e2dfa226c
SHA51243ca641362cf62e7a8f153994d3d4a79f2f83a53db4616236a6bc3ab5910601ab7abd347e0fb564b6090094ad4e2683cb899300b759171e0aaca1a95fcd35e38
-
Filesize
7KB
MD5ec2acd6c1431abcd341de510fef1a078
SHA166b92339f578af3e66c944a14bf3444abca22293
SHA25669ed54b030ef6a9093a0a62e7ee594af2735505ffbac68f5a06d28c253ad7c65
SHA512637f1567252631c22a6035fc6d3dad893beb7bef9196ac9491fd19e4c44d1654821722c82681c9218e3aa3cd17e50e8827be15546a689804989921a923f9a19c
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
2.9MB
-
Filesize
1.1MB
-
Filesize
1.1MB