Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 09:06
General
-
Target
JaffaCakes118_59864850b77e66bf4809b2301aee7bc8c1fde10128ad0e305e1a8b9776975182.exe
-
Size
1.3MB
-
MD5
66cf11246903ef39ba0dc99c47430da4
-
SHA1
9fbed04ef116ca9df742575ce306f41600d4c0b9
-
SHA256
59864850b77e66bf4809b2301aee7bc8c1fde10128ad0e305e1a8b9776975182
-
SHA512
77a25d0da4441540f1909943b68556cccc9b165234cce6a3b0abf32ddad94b31bdb877f712f43a8c82d8afce0081dae8999e1677539a47bf07ade588b74a0944
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 11 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_59864850b77e66bf4809b2301aee7bc8c1fde10128ad0e305e1a8b9776975182.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_59864850b77e66bf4809b2301aee7bc8c1fde10128ad0e305e1a8b9776975182.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\smss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\Templates\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\cmd.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\lsm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Media Player\es-ES\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sNl5EWIzDs.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\iqKdioc4MG.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\TZCyxGcg3L.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\fBgHK1Vy37.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uugdhbmYnk.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\veDg5wW3gS.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\gyyX5OxKdc.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\o0FbW2pZd9.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ER58NgmlZn.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QLPJAVlmCt.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Nc51i3GWIc.bat"26⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:227⤵
-
-
C:\Program Files\Windows Media Player\es-ES\services.exe"C:\Program Files\Windows Media Player\es-ES\services.exe"27⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 9 /tr "'C:\providercommon\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 10 /tr "'C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 12 /tr "'C:\Users\All Users\Templates\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Users\All Users\Templates\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Templates\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\cmd.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\Users\Default User\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "cmdc" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\cmd.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\lsm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Users\Default User\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsml" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\lsm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Media Player\es-ES\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\es-ES\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Media Player\es-ES\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD563cab3bbf5072b324743fd57a2bbef48
SHA1a029b9a8a26c7055c26c3188d30929034280adc5
SHA256a11b7b127a22ef40ab8733c02a00d386d386a60f070de17cc040e7d1b5858658
SHA51280b38707b80ba1e85d1fb610e4ae9e2057def37971c72e1a61c094993dafa33d4406540987f2de9a7e40ff237963a08c4ab377326172542b7c01f5cb89f21856
-
Filesize
342B
MD56d9777541682d1ae014934e136274433
SHA15b2ae5a096945b3acbb94ba91386c39501b6aea5
SHA2560d761ebf0166f2ed61f0749933bfbc0475911137f65d7c7c213064560b348968
SHA51263b7d0ae2dc7fc22f5554a21da95713787524dcb412f9f0f4558e8ba13171f923a5b60af70ff43c0333b32d9c64bc43f31a1fb722ad326d2578e3e604ee8d141
-
Filesize
342B
MD5d313f5c03894bcbb64500f646b998602
SHA1c74596208fcc3cacf014d27523627b3ba67bb225
SHA256587858c4f925921e68c17458516c1d2e1c094b4cc37da036eafbb2879d2b6932
SHA51226bb7a0bc63ef11683853b3496aa3604d25f1135f8a2f1144dbd9c5d63623bb3fc3d24e8ba45112e1d5e6c41c91e0c59b879f9914582c5129ee1f60061487de7
-
Filesize
342B
MD580904a73451e0d9753b310175b26d816
SHA1328c45a1ee87534e34b6ebbecabcc8bb85a9b9f4
SHA256620394f4af1daeaea8763695c339fbe71064a6862a4688c5bddbf73fa104ccf5
SHA5127aaea35fdbb2ff8465e2bf71c763975fe322fff4f45d834a26f3c9fe9b1391ec5db14d8070f67527b0aa92cd394bb1bf8f9bad6308648ecb3dbf7f08543ce5ca
-
Filesize
342B
MD5e81c131af04753a4e21df51a5b048008
SHA1cf67c9a91e8f8e89784714c90d7ca6a254a49576
SHA256121995e169e9633173ff143dcd46e9bc6db600b1765493b0d5351f7f5d77bb35
SHA5129bb0199e605e90f71eb04d36939f5408a7c0d5e59afa8b46b8e5c61b306f059e69a9a22c7bad16511a75d964ee53b1527819be805528c41baea80777bb13cf59
-
Filesize
342B
MD587ad1467b327a8c93bae5915e79a5fe6
SHA121d242a59fc20ee0d7084d9788a505f3f86cd1c8
SHA2564529cba65874cbf04d056c2f154cc55a5a98e46a2aeaa3921153ece9094ecbb5
SHA51201bf9527035e8557d4b8924edcc85c943c344fb8dca38ab06e100d08f2ba6a642ce99ce812ad0a3455d9b5105c01d8ccb539cd5575a59073ba7ab7080598c170
-
Filesize
342B
MD5161d5b8153b770dc45ba28491bab59ba
SHA15ff6b73412499ec62c133a430f5fde857dbcfbbb
SHA256b44219e59b3c0cd6360c45ab3d0e86bde42c7770336321db1dde591acf02a36d
SHA512304460dbeaacf9b765452f38cfa60c781d530bcf86f9ed40092b556e3e4751bcde0fbb71c309a8e36849eb85decaa98131355f9d398f8bcdd6cff0afaaa4bf19
-
Filesize
342B
MD544c5ea6b46ec8d9680a152effe9c1853
SHA1a7c1098b48e6f297c4ecaeb252e311f6732f1c1d
SHA2565473489c3e43d2fbc1e170dc94c61fde3a88036b884db3130a58c8ca5b319c75
SHA512cf8af1806b2aca3deda6d74acbf32005d2217a1920c969d03df2e9c241367f03676f0ec00ff490b73537e84a3aa8f362e298723e24e8d52de1b6027e672418c6
-
Filesize
342B
MD55cab40565c693f1d67d25010133b3ab9
SHA10236561ac01f531d9e75327fbae88f2c0b6b7137
SHA2569dda1646d1e67e358a373e9d6225646b64dcca0f5a879b6ab7c2192375b12814
SHA512005417622af807e462e69938175069221d26ce3d8c9235008211111a5205ee291ba8a6b01084f387b8a76c7635a57984ef46747db7e760ca4d60a376ada92883
-
Filesize
342B
MD5565c82c82c1042b42ab16f85985e6d7d
SHA1acdc8b38501dbc78226ddf5bb47affdac4ff3a43
SHA2566948c88a0ee659901e4c02c1b073ed7fb9d46c53c1cb15eb7c334fc21294b712
SHA5122d1634bec70f8c9e9e5114ac91cb883c32dc9c51ce95e9763b98811b5ac669f6266d06be584b1d838dbf028a6355004fcec0d1362476222e8c6396ead7b81ef7
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
221B
MD56a1f574df52cc2c784ff1958afcb5281
SHA10c01396931e51b78b3153f12ef0745ec0f44a321
SHA25646799a964ffd4962285a7dfdcc420ea45a89ab8a032742fbb6123b47991067f3
SHA512cc7da5f03bdda8ddc9df25d624f728189f77bc12bd89c49330cbe48ca95e0abac42394fb3221d69f16e6cc209f7a0775d53eeca9660a8c02fd1990cad3b14698
-
Filesize
221B
MD5a51c6fb496f78f5c5daa70a16b12c1dc
SHA1eab63688c6589be54c5372b684ff22ef1a7bb417
SHA2564662cd0c07c77ca6b5051c1f542d2ac37961225ad245e5628b5bb35add155fce
SHA512899e55b2876e795d0c1fd5f4ec0d6106a73fa4a49c3d71ad783028f114bb44212dc6e34791d5b77ac702c36679c9e2849f84b5aa1d974b9a336b791f24c3f473
-
Filesize
221B
MD54c4bd8932ac01334ad048afca4fa4d96
SHA12e754bee75693430f6d12895b227e733341d2a8b
SHA2563e6b0d8575d4f055b79b5b505363917249d121891626301caedc0d377332282b
SHA51267b1ae77f8ae1f86394c21e15ee9c8ed489e98e6892b2f7d64bd275b61c5cc5de216624bdfd878b1e8ff2b24510b9d03a6619b048aadad4f4987a5d444363b54
-
Filesize
221B
MD51a61fe327245ac325c1411c01dd740f2
SHA1a1c84b8a2885169e6f07760f9011b3f0a19973ee
SHA2568986f892bfcde18db3525f92e5a555a257a0a993ef4060049a06397bd088e310
SHA512b15c81a1acd6a1ece5f1b86558992727f60c05f3b0be373017f883e1eede21353ed5e8e3b366d8dfa51c59af0002840f67245b077d841fa356d0b77a2a24e46a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
221B
MD5f5a6d7045d2139dcabac886cb3e83f61
SHA190e96862cc44d409c06cc7af5ccdf440fca30def
SHA256a048e005129d9562cbf22ca5b910845fcf66f8c3e34a8dfb7a85a6e1e4276d7f
SHA51281df100225fca0f86cb689e37e10280d4056ce64bd84b336fa64b163449cbb3ca4b29c219aa9187f4e9ea49b57dc747c2b72a0880ad217144edca85caadc8e7d
-
Filesize
221B
MD5451b43c8d654dbc1e43a50b03bcfc056
SHA1a36ac5a04eb53666823a40104cac7c9f13ee3003
SHA256084899153051a2bac04e7137f8ab9a412e3e09fa4aa661a2c61dd8939a12147b
SHA5124c07167fac0cd1025ddbeccbe0cf5abf607c723e14f3a2e6dacdf263613ff3d32a17ba3925043a7c59c8e8492049687704391c07b4ffb6c0f1e8a6db541a5959
-
Filesize
221B
MD59add7ec1100b6211557ecc550db30337
SHA12ebe659c195a8c08dfe1c0e81af1552f7886f144
SHA25651cea10c030b322583506698e07764f9af674df03728d2a8b2c6d186bde3dc78
SHA5128ea8c42c93c131b37265f07565743daea5b3e2baf19df5f13857d2b5292ade48be0e4628756191eecbfb5dfde768e1452516ff6acfb814695a6ba1b59df35aa3
-
Filesize
221B
MD5ce822bd1793027cfefc1a941a4b0056c
SHA18c133e7c6f2ada4444cd875e9bee546ff4fcd6b7
SHA256f4a0bb4db51b0d1f35e1de1d2587aa9fd3259381a89aa980d137a5cb12107c46
SHA512d598db7d6887b21996d82b1ea9c0b287e6692cd804148b915eb32456605b766a57c9030b0d6d9a1e6162573a06f4efd8fa3784ff3c75b5e39f4ce55ffbf8c27e
-
Filesize
221B
MD5ef5e3bd35765fc1596aeb6f24f8b469f
SHA129d90fd13573cc7be81168bfb27bb8d8159861a2
SHA256f42aa52a022042ce575eb3ab364946d95e77cb540f1842c720ca3fece5e98c47
SHA51279cf2bc6f8b48efc6de8ea538eac649fb00dccb1efdedaf5fbb02853c4adfcc70554ada7ba2d79c77ea3f5a2b762436b4cfa3243bd306accacaa0a31dc4c4250
-
Filesize
221B
MD5ab30eab47d33cdbc284a5bcfbe691011
SHA1c9d6cdfa381a767a48ae3451400711ffa3105967
SHA256505fafe016aaad51fc2e4a1a048346a8ec9106025cfc599ed8df76f36134c617
SHA512126b48e2094bdb85e75e7bc32da0ad6a6731882a134df707f57c2b633356849edd3c71c3fc780899e42f3d3396429602652cd246f87881df8c5363c132b8cb2b
-
Filesize
221B
MD5917059db89d61e5d66859f5b8bad4449
SHA1e670039f0c148cf86942f61ca02c397b8f8080fe
SHA256017a3683f7ae61a56eb44230e29644cdc697f7f856723329cfc7615280deaa4c
SHA51293211fe87f33ecbdafecb889a6ebcb3dbbe579276ab704f40defbc6b544e712064bf877fd8aa1a47e1139b470dee897022cc4a8fb708e7141e62ade1fd1f3c6a
-
Filesize
7KB
MD51ca7518658540f8c5bc511e20b04f9b3
SHA13f0cd7bc93921d59023517d07f02ad78b2ff7789
SHA256ac5496a5cb6b43a468f21985a34ddec90db0d79408a3d9177557097cbbc5bab5
SHA512cd19ba25bf936a4277d1a58968059c2be3c6094faaca3ce465ba82ffd215e1c66757ed8fdcb1b7ee7d3586c717cf8aee911f0109cf0565d31fcb6295dced4a6c
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB