Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 10:12
General
-
Target
JaffaCakes118_fb43d79ab41658a6f304522b338d6d6e8c6024466044af843d334965b36dc393.exe
-
Size
1.3MB
-
MD5
ee63672f5ad3a6e90387806eacac682b
-
SHA1
5e0fe39380c68d064e32aa077ebfc5c18b366a09
-
SHA256
fb43d79ab41658a6f304522b338d6d6e8c6024466044af843d334965b36dc393
-
SHA512
28de182b33e4957295c5020f452579cb58ddd2b112bbd16032a326d67f8591a22ebd2af0371c9a80d9359ab666f7f31d5f2e66fcb9adf6a7ace3b1a9b154c703
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 27 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 5 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 27 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fb43d79ab41658a6f304522b338d6d6e8c6024466044af843d334965b36dc393.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fb43d79ab41658a6f304522b338d6d6e8c6024466044af843d334965b36dc393.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\209d6542-69f6-11ef-b491-62cb582c238c\audiodg.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\PolicyDefinitions\fr-FR\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Globalization\Sorting\System.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Portable Devices\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\ja-JP\services.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Nc51i3GWIc.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Oupdpj3XpI.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\axBdnWD1Gl.bat"10⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\q3WH03M43W.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QY0o5k1hVk.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\a4RGbRhdNM.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ZBm8ilTxac.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2sHl3bGdB9.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\989MOUOnUX.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\svsOdT1nlB.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 13 /tr "'C:\Recovery\209d6542-69f6-11ef-b491-62cb582c238c\audiodg.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodg" /sc ONLOGON /tr "'C:\Recovery\209d6542-69f6-11ef-b491-62cb582c238c\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "audiodga" /sc MINUTE /mo 12 /tr "'C:\Recovery\209d6542-69f6-11ef-b491-62cb582c238c\audiodg.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\providercommon\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\providercommon\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 12 /tr "'C:\Windows\PolicyDefinitions\fr-FR\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\PolicyDefinitions\fr-FR\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 10 /tr "'C:\Windows\PolicyDefinitions\fr-FR\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 14 /tr "'C:\Windows\Globalization\Sorting\System.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Windows\Globalization\Sorting\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "SystemS" /sc MINUTE /mo 14 /tr "'C:\Windows\Globalization\Sorting\System.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Portable Devices\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Portable Devices\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Portable Devices\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\ja-JP\services.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\ja-JP\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 9 /tr "'C:\Program Files\Internet Explorer\ja-JP\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Common Files\DESIGNER\winlogon.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5dd812301f3f5bcc7f4d51dac433add94
SHA19ce7f4e122cb889c97a36968a1c4a2f161419f17
SHA2566712b811b75969f95c5c3a547291a16912fa47ff6da961e47a29ac236139f49d
SHA5121adacdadaa0b5c0c713fac1ae87233aaf2d154f3b919c6b6b19189ce7d3c40bfe09e26b5e6d6be76896dea39a2054e71ef6aad62be94284abc0ddba4259b388c
-
Filesize
342B
MD549e5cb60960bb63129ae348e10260033
SHA1c99b701e01038096063cf58df11d74ef01f44af7
SHA256cbe45b3b242e20cda0d59bd9d8892c37bf593734f077740f30e76e21dd050272
SHA512b7754e89db1cb3193565c9557074148adb86ffdf88716ff5e93bdd93e2a68494a5dacae60611bd31cb907e19f743deb645ab7e1194440b1e99aa44f85382daea
-
Filesize
342B
MD565318d82abf2aa41075f81bd90148833
SHA13dfa49617b0b2d3099f4cc6aa2ee7e7d5e759eb7
SHA256855e9ecfc083e784c05a79050af2668566560a210e4dd4d5f55a04c5b02deb27
SHA5129f5e00a4239f529f5feed4692a8815ac324f6baa7030a506f4a488e16a9c49a8775da8b100f8930d66ca2631c24cffe66f95f175605be9b239d0b925c5ba56ef
-
Filesize
342B
MD52d713d8c374d89f95e923e7fbe7da896
SHA1ed9da25879585dc2e63059baeae57ecc755b6bbb
SHA256a08d60dbab4e8a03d4a42bc9726a8a4e10bdca70c1ca52045683fb3050506d71
SHA5127a1c2c6b08b39de7817fbc4899d749ab34f82e85b6ee7c44c20303fb2efbee8ea7faf633da6ecd01d005451ae138879627bda79e8d7334cb498ac2f52993b9cf
-
Filesize
342B
MD53625ea40004fbca9f8eaac6aae005023
SHA1638d4d294e2b22101acaf9b2417984dc73b5bb7f
SHA2564ce5fa28547cd5560d87e43b1c8b1e604a09663203b0cf809df1812286d1803c
SHA51217782efbe6d3fdd15a89fc9d68828382b24346931db885808def114cc0facfb3d85c9b3ebf7134dae506b428f61dc9c8a69559ce52f87c7665d9baae0ddf435b
-
Filesize
342B
MD53be50fc46c976a8293d9a433fb23fe02
SHA1c996011248601ba6bb536ca6c081588aaee0cfb7
SHA256c8b062581f2800a1ad38c8419364b5fa455a9bd54a8cdb906fd38fbfe328121e
SHA512d632e7e22ccd0327e55b497015ea8bdb2bbc1fed2f88b60cf45d096e51451d44ad60c93fa2ddb380a877475fd164c0225d5260a72de02515b01933e5162df3ad
-
Filesize
342B
MD5b8ffbdf8075bd269308b1410ab3fd5a8
SHA19da7a1b88c7cad4d32109f195565c1840629494b
SHA2564274aefeec6480a9322889e84bb79fec5cd12fcf58e47ff4b861f70c33fb45f2
SHA512a9d0f40528f7fce603117bd13618bac6d788c9bdca8588d2575e58d7779cd739a602dbc42cdfbf2a4451ef4f2ef6c4e68d4b8c00d42dc6fab086197ec40c3bf4
-
Filesize
342B
MD5a1e79b1f2365e05acff86ca1a7a2ab02
SHA135491327eb6fc70597819981a57c9ad550a6cba6
SHA256ad6a447d3592dafc814670c107e19ebc9d238d1dae388864f9ed8284f4368038
SHA512dc137e7ba398088a1444f23015055eb08c0c566b47f703f696190ecf23b37b2a5082afd7db7b73d94be1deb2c9e203e117e5112a8af6db536ae9ee1fe63f5f34
-
Filesize
342B
MD51799fa940a7f14527c0de9d993dbed20
SHA1b0131d084a6f63c4933ddfd1fef9ca5089bedc6f
SHA25637c50078d883500d0a03eadc25a14b110d5ab0d5480f31b98169cfb248830bc9
SHA512b6fc9b42a92c57ac0e4fc4f299467ce01fc9bc6d55bf9806224eb2a77be98280f705e9c4f1ac90c92e80220d1e705925dc0ab68e0a8a98eee2c6c53f57b6524d
-
Filesize
222B
MD57ecd9d5370af0d3a10453a34b981a949
SHA18528ada294e6fed2dba089d4e68feec196c6a661
SHA256743de603c4692cb7cc7db49e39742aa99fc4c4172be17f17ddfc034e96e6b126
SHA51213135c99b95829ca51a2ef56b80e40fd415ebc4a0ca63e2c52256339114a6c2caa87e0621ffead331565060c6410590a69f2cb7483b5b9496bd907b220b639ff
-
Filesize
222B
MD564f6a6947c2bc332a9b4deab7dba02e1
SHA12fd33b5198f75caf3d88cb36e83859b48f2137a3
SHA2561f885e786d6d54b20a9c1bef0461e8529eeda0c2815134e8e3012c6bd6e099a7
SHA512d1fc856d3b4bdb4de6b095e7165c92b98a94d518d0ee7f67dfaeb2da99065a4a339e6e9c81c1b4f4f1d6cfefa628c13acd34f9eab84ddfb324a3b6efe962debe
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
222B
MD599a0f38fc4d607c80909dc7fb9764bf6
SHA15125d10074d860bf09fcbcbcc16c036ed06dea08
SHA256b4fa40663bf85b03a70cff2818a15e61bd28d0903764243e96d5e6bbf163326c
SHA512b6a5d5076f64ff0c95236906debc1a4eb0b2d8c201980976b6e0230194bac3812cbc528674a5dcb3a6f1cc3030e7ef60f1da0a2a440c38be298375277d267d59
-
Filesize
222B
MD5c9d522a9b292114bd149dc991914942d
SHA111ee96795f0211b0ecb16fb8765590b3f1669472
SHA2561306bd87557e52557e5cdf45b6e46cba6ff614de03af67df05b2d8a487ee0fcc
SHA51286d2c18d7010f87ba4b0f5dde6b5cd68643d83a97dca03a7caabfdf4503db2480cbbbcce7bda591776d50088c9ab97c9a66565b237f4c2efb7256b79e6f94538
-
Filesize
222B
MD54813c33c90d6b89502cdc70b3eed4863
SHA1a82b9e7b45b4b938468d056ec1238a885998992d
SHA256af5ae3f4afe9628ee7d3c8d3720911d4f875df3ca66524cf6c4e6d504e2553d4
SHA51236916656015b4686b4e7612d825417338c5171f42df9394d431f7b11fad0ecefc78519fb0cc40fd537e48c3320261874daf5103c4fd36adb5cd347fc6ddcd74b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
222B
MD5235ff01d19e68c85a1c348e47d5ab14a
SHA131f1d875f5a25e467aaf1f79acccc364569472dd
SHA256458d980571a92535af6a9d4f279d2d0ffb0b88e4bb4928c6c6038e151b57c0c5
SHA512c6e42bceb357b4d1ab8161e8f8c1487db9b73bb072a10316dc126b2e2595f5307a3642ca401fadc1e14427397c33ec2c0c7fee7ea22c526f7097ae93eaa3c761
-
Filesize
222B
MD55177686b5a7de57fa36efeb7c4bad8b9
SHA180d58c3a2e6447edd6c7152f6910f2af56aa2e3b
SHA256975865dccb224483e4b64857ce6f9b58cf1932d74000daf4acbf61faedcf19f6
SHA512378d1565f86e013b90915907ddf40fee9a14a605408d1476ca11dcb4e58e559323967be17962f3c11ec9f6250ab74a2e5710430b3e175b983472abe73abc1e82
-
Filesize
222B
MD5601d949ceea04e07ef0830305342fef3
SHA1fe1c9b36ea09e165ea38d807908689f05677196e
SHA2568b62ce9565ac12ccf74f32966095e203a1f18bb3389caa36d14e2aa0ad4748be
SHA512e635d352fcd713736c0a33c56e53a8c692ba2f94e5fef4effa673f6b269a44f73d4de5202ea45e986474b28158831484e4af7a8183bebf314ebf1999abf17d6d
-
Filesize
222B
MD519bdc166189dfb651e2cec543eb251c4
SHA1bf85439706750be417f9a6d1aa3243e917f02101
SHA256bf36dec05cf0891f37a3002a6d0a647bd384f2d04c513da77ea72a82805f53d8
SHA512b7c9746bb060e14306727e6f366cb1f32a3d108a7f7a6a7f3c5268752bcb5334f0af1082528d0d46b4d4bd81a2066e2c73fc5d942ad2ebd9b64b3e14ab642731
-
Filesize
222B
MD57b28f7e194ecfec3290c9c8e77a4af9c
SHA18cc4699167bb4a22d47c4aa268cf88165f111da9
SHA2568bef1596f44ae9e2273079c8e5dc971e60b8d7f3fe7527638ab0c822e2c8b867
SHA512a0416061efa2a2082e0947ed45ddea3d6c682fa58eeaa8d780f09863663d0e4084c2bae525bc16c238d0084dbf6238018a019ee94b3111d5c241e3afff1f796d
-
Filesize
7KB
MD5b2ac77c1c0b4f3c5e814351d4f8ad211
SHA1abc31f368475e623c6de88e9bfd164ce95f0b515
SHA256addc8a5ba38ae1ba95fe2ed4957af569691ba18566d51aebdae415835a168806
SHA512f26bf2433463588a22a26e0d6100f3848e747ed5e339c0a246ccc763745ba7af248be2fbcff940facb27af5818f2208b35c46740a0e54aa9189f69a4b4a0a3aa
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB