Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 07:53 UTC
General
-
Target
JaffaCakes118_9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed.exe
-
Size
1.3MB
-
MD5
36582a4979101409c174ce13fa15d9e1
-
SHA1
97f68e30fb7233c1690d3c74b26d6c16d9b55030
-
SHA256
9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed
-
SHA512
ba7f0b884de35302340027f27873f2666dbc06512cce61c5551c6505bbc9121fa450e0e653a2aafd51f0649833f5a3eeb0a7043cd3d3a08e6eec3030d7fa78a5
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 27 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 11 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 9 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 27 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9c439ae43d2dca91ac80deff51448ff1a13929cf65022adcc40e4ddabb5978ed.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Uninstall Information\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\wininit.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\assembly\GAC_64\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Media Player\es-ES\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\SendTo\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\Aero\es-ES\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QzqepdNQ02.bat"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:26⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"6⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OMiKQlKjHz.bat"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:28⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ixgWq8OOYW.bat"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:210⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\VbZulfStaN.bat"11⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:212⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"12⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\j5VZ5DKdOS.bat"13⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:214⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\dXV640YnNf.bat"15⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:216⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\vCRFnHZZKP.bat"17⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:218⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\cSLzsZ1i8q.bat"19⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:220⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"20⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\p5ITN63wlJ.bat"21⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:222⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sT6xLp4JQ8.bat"23⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:224⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\6n1oUPmZQq.bat"25⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:226⤵
-
-
C:\providercommon\wininit.exe"C:\providercommon\wininit.exe"26⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 7 /tr "'C:\Program Files\Uninstall Information\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\Program Files\Uninstall Information\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 10 /tr "'C:\providercommon\wininit.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\providercommon\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "wininitw" /sc MINUTE /mo 14 /tr "'C:\providercommon\wininit.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 6 /tr "'C:\Windows\Microsoft.NET\assembly\GAC_64\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Windows\Microsoft.NET\assembly\GAC_64\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\Windows\Microsoft.NET\assembly\GAC_64\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Media Player\es-ES\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\es-ES\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Media Player\es-ES\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\MSOCache\All Users\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 14 /tr "'C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 6 /tr "'C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 7 /tr "'C:\Users\Admin\SendTo\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Users\Admin\SendTo\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\SendTo\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 10 /tr "'C:\Windows\Resources\Themes\Aero\es-ES\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Windows\Resources\Themes\Aero\es-ES\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 6 /tr "'C:\Windows\Resources\Themes\Aero\es-ES\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
-
DNSraw.githubusercontent.comRemote address:8.8.8.8:53Requestraw.githubusercontent.comIN AResponseraw.githubusercontent.comIN A185.199.110.133raw.githubusercontent.comIN A185.199.108.133raw.githubusercontent.comIN A185.199.109.133raw.githubusercontent.comIN A185.199.111.133
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
185.199.110.133:443raw.githubusercontent.comtls
-
8.8.8.8:53raw.githubusercontent.comdns
DNS Request
raw.githubusercontent.com
DNS Response
185.199.110.133185.199.108.133185.199.109.133185.199.111.133
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD546c4b7c80fe58cb95cb787228dc9ab91
SHA1524138ae02189079f9215803d603e7aba65c0d4a
SHA2566d4d69a494ea5ec5fd8a7a3e68d0c54b2fa76f51e067389026ddfbf9f7f64f72
SHA51227e14eda3041f56a2235f408e42600d953f1b54892e6b76a293ff1642f720289bafae1b23958670e8aab18e69d05757729dc388e0a131b2094d43c7dce2f847a
-
Filesize
342B
MD5f02d84eee2712ec61da571f9b62b9bd8
SHA13bf93c0abb7100301dea568271ae576ec83d7de7
SHA2564026b607398b2bfad7f34aefbc5952c25a958276a72b3b0d9fe25632c8fa05b4
SHA512edee9916688d42b80ebbdb07205904dc47f35f5e65b9cb9326da349c2301202faec06b73705ae609a7b5c607c3b11ee58bddce23b86c88022bf82ca37a5c7092
-
Filesize
342B
MD5a843e95cbd4abdd9b5b10f32ec961575
SHA1868c4342e811a95af60d2e48b8905d99aabd7f88
SHA2560690e287f06ced29cedb97013d526d9e3af28f4102a705ef7377992bb612501d
SHA51201764a5db6da743ab2dc79bed33a76ae1f263e9139fe6ca1c16cb05ec4d4ce626a01718691e7af3f9ac4438616d915c6ac09bfa2b1b68e1b55c8cd27072317ce
-
Filesize
342B
MD5c677c02bea52b087169e887fc359d797
SHA1d29f29b7f1875e30b2679cc978d4f1e725f563ed
SHA256fdc47a7ba5bef1a15dc089254efe4d0e6648de85bfb54189e73425c09fec3373
SHA512f34cce0c0ea1128da89fdccb90c0ec037946a1c385d260ded4b31b4e3072b34942b2e21d146dccd517d851535177c5fba53a2b9e28dbc0d21272208331004fee
-
Filesize
342B
MD5764ac4ce33ab094db9507836a151d7de
SHA12bd7192c55a1404ec824cd58768aad76de5fd440
SHA25614bef9081075c3595aa98859679f51ae20e907c8d8f8ccd4ede345c8bb5310f5
SHA512b82cc36650fc9422a2d9470f2e60e7592725c7710d4ed1b33e29fd91f0bd957341d50c740e13f0034dfba1cb5f6763fdf19f3631cf0364ab34e12290f44a6830
-
Filesize
342B
MD573e96c7258adac4de7074cdcfecbff52
SHA11867b5ef8bf435451f21f90ff91a9c71980bd434
SHA256b4beec4835c526529b4273c784da4ad2fb700c90fefd48e81f1e5cdb9da86b95
SHA512ba505c93e6a5b667d8b3e522ca6be28b45bb6d6bdf0a8c9b522478a90fab21ad6e53f20be0901b6448a41b131480d837fd57a58dd3112c90880c194e6fd30abd
-
Filesize
342B
MD57fd484eaa1801209705ac830ccb77096
SHA115df92e8fce8d3e8f8554a55516d437f80bbcaeb
SHA256267b78ee8c30030ea6f1101c8f2a735f5751f892f1c677c3bee78b9296ae4e95
SHA51202265e514d984964b97054dd934006d69e6cd887cbd09bf0b921a0e8103694fe8912fd851010c7f04c5cb8b582641a97f57a193dd945871ae5d93a0d1382a2f9
-
Filesize
342B
MD55ef6d06d24d5d8c6ce4d88cf322c421a
SHA190786ebf590a4e8cc912a7cb2245fab1a3061e21
SHA256483ad14da7b0a124b4db09fc6a17e780c980b93569521f7108271d1cbfaca7b8
SHA5124bf3e89946c3c9f32ff25818e34ded208baa7dd053d37b4b87279fce0d09180762e904b69068087f7a0b34d632cf472d1027e46472a131ccff5110fe5fe2741c
-
Filesize
342B
MD50cf4380eacc1b0e8d63f96886056d048
SHA1a7523547315755b9527f88b0312ff8d2d9cac784
SHA2569befd3a9be869a55eead8f5bde8c3af85add4749166708afe882ae4f3551fc3d
SHA512a3e680a172f3d2e577875e36ba5319f5ab1a62cfd781a59e0deb113c02a9b060ae715cca545595bd518a5be6dcbb5239e03f3ea103a49a63a5e54495bda7757a
-
Filesize
194B
MD5f1139406c0571e635e0bea181d97f03b
SHA18b09584f7c49fb0eca6be24a566b6e1eb4ff26e1
SHA2560806625fd024a88d47dd822dfe399049cbbcaeecd50199cfe2c1339114543dae
SHA512e6465f69b32730925c672d59a22d2378f5631b19ae9bb547c080b9262bd5f21fc9fd6dbc283bd584bd804bca42975e6b302a5ecf76624e17c66e309f6ac1ab11
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
194B
MD5f81c3c28b21834fed89667df466f34f6
SHA1a67028b2d76566b72afa62554747195b6bed36fe
SHA256d43008e17cb3e6b5b43ea4493963a75db7f188399cc2cb6eb4dacb2bbcede9f8
SHA51287a97d79b01ae67f69f9ca50cbdf5997c6ab47b0a4be55010c6160a4a84cc074abcc101be28e566a6d03be10fa5cfef7544212833b46d9f8cffab5ce0ff56d34
-
Filesize
194B
MD530f6357027342ce302ae9e34f12c7c0f
SHA1d70509e302ca1a73c81a562c4f6f6b2adc87a6e0
SHA25670d7b9ca08e28fa44071e6d2fc9041f401e1ec1b51e7e88097fdbac95c26bb0d
SHA5122950a5b6c74657409e5cc260f6d86d57ddbe7d9d7b322bfc5dda24aa6df19b321cae13f6217230be16326d0564269ec2c0b6b0a0d9a706204bfe32a7cbef5ec5
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
194B
MD51c4df36ef4c47c2c542ccec84fa25ee6
SHA1b1194dccb2313883853bc47f8eee1b2f7acf1e21
SHA25621723634f70ea02617c73b284f0677df50a08d4bdf20d3651d9090a0fd846261
SHA51242afb89d592f77329c4575f250ca675268948fe80d4f9502c4ea2129114e0b2c6759263966d6b107e59917a2c771e38d20b4ac6a7d1aeb48028e54058db0a333
-
Filesize
194B
MD54a2352b421faf52f9b36f7209abcfa3e
SHA17af459d3e292fcc5101c5456f433ac12d8588532
SHA256b8e1bd00d279a5824515f4ea9cb0905cdbc2242a22bdd653e54ecc9f0391e321
SHA51236f0425166d11f18d1a1be5a1327f5330e6d11dbfead9360c510b87bbfdf7102f1ce80dea5140302713ee7cf2c91e0c230dd5d44aa0d5dcd73c14732c6600166
-
Filesize
194B
MD5970d932e843f9808de833fee46717870
SHA19490b506b97d7fe3f436834614bb793f09abd4d3
SHA256e3854331e543548db3f1e6c6c29e42d1dd4cb7baf21d437502be927c80274284
SHA512310490800db55d5422a454596b71464f6d1753d35202a26fcc266338ab116a899dfff2fff1c14e052f8e6335d2721519101d3124b212e7462a32fe3af28d776b
-
Filesize
194B
MD50ff9c652b483a2cc256d6f163327ee3b
SHA10f1b19b8893867924c9091300476b41753f8a5e7
SHA256d24e62ed4de2e2afa9c4ea6df63b6b016282b0824ceb19ca20286f55b05ccbca
SHA5120dc3e0b8764615db1b1d3f45d97aa86a03bf05d9109ffb5f78c5318dd7f3bbd7534bebc17de03a1c6eb8332e9df21dba8fbb4be151ad82f2d1f17b20f24833b5
-
Filesize
194B
MD59162c920f43d7b3f68a7f73ac0046c8d
SHA1072a0ef59d0566056fe7832a524263d94a1a9bcc
SHA256a64dff0802b1e4cd5bf80fc2003846b19ddbe6575e3eacd9515711f16d2eb17c
SHA512cbf8ca299571deba24556bd0f1a9fb1a893a9bfb19a9e827976566a085cfa8362388957412e3576c6f9b26c4c9ea05a34b991d8fc22120c268004ee654eef460
-
Filesize
194B
MD52f2217f8e2016217ef4ac792a503caaa
SHA1c3849f7f3f8d9cbed150947bb64f56fe474daac1
SHA256490f22dfd2e963c32736341f87ceb289c91d947ca8a1ee404c35090d2d418b6f
SHA51223a7383c0f7c693af9f6b2a6e4dcabaf23e79a5ebffcd96667c8903d3fe7ddc5d365b1f6a733925b7b610a3ad27c96537e755d1f6ffec353c130183657f30d28
-
Filesize
194B
MD5496ea3492c0e54e983204c12501a9452
SHA1f0f9d3ab46d652cdfb5317abb5fe6ef1ce85c000
SHA256ee5fc9f635af871758274516e443b9b5d29a70c2e298d47e3d90e419f3436b15
SHA5129708c3fcf1539bcf1c3fa541fcfe8044ad80a5b803cb1eb61e50feb676e5acb6d2687552a368edf78763bfd2dc6100784c09ec92e5481a5891666a5716bf8ff2
-
Filesize
194B
MD5a46d6e649f546b98453915c0606d8aaa
SHA1d4749e3d382d73abb05a883743ba1e5024ef1930
SHA256928e130883813fcd298327dcb55c98a998af87fde53d18220022f0b4dbc0e83b
SHA5128368c9ee9747697c9ac529a4d3f87dd797769f6332194269275a6404f91b911667e8460fbb553e311e8bb95f6c51cd7d5bfdc4840e1e47e477e989065038fd47
-
Filesize
7KB
MD5ff2ef5e4f31ceffb5aa2366c1f129562
SHA1a4eb540aa69ca7d53bb6cc298b9211755187fad0
SHA2568284e5d275097103fa74fb316f48bea0b720a71fe1afa6ffbdc68155cfc8e5e3
SHA512f465426dd06255e51604ee3a659c6fb7d18023092f4056eee3bb0a1ec9cfe5468d28a44db8c66ef7458b1e0804deac320a3a47eb3d6698b03e94d9b36676e0e3
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB