Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22/12/2024, 18:27
General
-
Target
JaffaCakes118_950692092fbe9533fbaa8efa361a2d3f69b0cbf5ba919cf124eec089e36587e0.exe
-
Size
1.3MB
-
MD5
7f397d0b3842f1b99f104d6f8e50df6a
-
SHA1
49d6b35fdc8c22fe36b6a1c5b7946bcc88d9f063
-
SHA256
950692092fbe9533fbaa8efa361a2d3f69b0cbf5ba919cf124eec089e36587e0
-
SHA512
01803593037ddae77fc084cda04af2993bac8e79b92a13c428de055ff4f62d57637f30fe54e11e2b97997f84ebf1a5849c8093270bd6c12f357a253c1159f03a
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 12 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 12 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 12 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_950692092fbe9533fbaa8efa361a2d3f69b0cbf5ba919cf124eec089e36587e0.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_950692092fbe9533fbaa8efa361a2d3f69b0cbf5ba919cf124eec089e36587e0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Links\lsass.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\WmiPrvSE.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows NT\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\OoUlhQHDc2.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xgactKMGCU.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ZgKlNS7JdR.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sJ59Arupck.bat"12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\7hZg3igX7v.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\AXFqcUy7ES.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Iu2jWrKESR.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\2sHl3bGdB9.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\syYKg8QxNI.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\YzNOjOTGFC.bat"24⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:225⤵
-
-
C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe"25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\Links\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Admin\Links\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Users\Admin\Links\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\MSBuild\Microsoft\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\WmiPrvSE.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\WmiPrvSE.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\WmiPrvSE.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Windows NT\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows NT\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Windows NT\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD561225b39b3599e5138f1648ecfd3a838
SHA14117c0da213a21f31fb608b203eb3d090e9ac53b
SHA256a4d5c4c6cdfc219c0957156dcda0c303ba7996424fce5e24b22fbe14b3adac35
SHA512ec999765430dd896c93a52aae4123c736d9f24911c9e8a938c76007c0975c53fa738505e3506b6a78663f0bfeb374de387c059a94848ddd4814bbb94c80b394e
-
Filesize
342B
MD583f40bc08b931278ed0e2385df108ae2
SHA17ffe3ebef6c3c95a95999c956c662bdbeb3585c1
SHA256353fb3bfb7980c011646370d44ca9e43985835a6e17db36a7d47bd26e2062c7c
SHA5121f0bcec12117718a81bc790421b1381bbd64ecfb1affa982a43e82e623ea6d1dd8b2bf861342ae7f20a57420f7400c5d4506037b2185ecf263d175296c2f50e7
-
Filesize
342B
MD501ed29ce511ccd4f343692835d8e2bc9
SHA1c655cf1b9d862cf4dffd5dc4b94e5c02889034eb
SHA256d3e13b454f8ee96f5ae8a35b53f385572137c9977eba4d4343e37d294dcb823b
SHA512bb5c58be612dc6f0ee32881ebf8a04a72595581a83f1502d51be72720ccf931ab27c3b3987d110db503b9d946b5b6e893c760d33c23d1f7cfa994b6c9e0195b1
-
Filesize
342B
MD54bb82a6ac4ca509386ab8db2979daf37
SHA1fea28834eede57bf97cd50cabbd3bfe44ccc4fd9
SHA2565772a6c0249bf1c31cca98873f615413ad76f4a6f89c531ce0d055fa408d1771
SHA5125c465900ce5146c71d853d931e89505eb41bd8ef54d820d6090b2b5fd873acb9e696e2a95e10a2a3dbbb66a3f3943bb1dd6fa4a2154ae7f177d9de5d5443de0b
-
Filesize
342B
MD5de91e51c81f9b66deeb81b47c58dd273
SHA1de7bbb65f1d0c10c1c535ad977de00589b14a922
SHA256bc4eb4da43fd84c205a033de77a8d029596d92ca624fed96251a0d78bbe1b63d
SHA512a98ec23cec1b7d515a5a2a545d15290a4c8899f3c4145a0db624ea8c981081476be2d47cb29361a6093478d6dc22e2069d7b124dc70a38c800a798ea889e1713
-
Filesize
342B
MD5b08292cdbbab3f17d4d355040f221d79
SHA11e95a1a8da9e3c3f05bbc19329241e310924661a
SHA25683d7f0cc14140f9c6eb7097bba342896583dedc84d308522841b7845e8be969f
SHA512ef48df901d0c220ad1b285e20d1a83fcded525f3d1bdf1a572fc47cf00b0af1231f148aa18ee7c983680e6c66981d6fee1adf02d3f9bd0a025f52acc37cef16a
-
Filesize
342B
MD553b7d807be5b3e75d551f9c8046c7aee
SHA128dd0c4f04f1ba9996c42cbf94b959028f2f1afc
SHA2565a0350a9c9b058104a61000f5efe0c2f128ebaf56a5dc43f382941bebeaffaf8
SHA512d1baa731600eba46ec9f1319d4cfc1a20aed7cf57e8b6f854809eee4985986a175977e5485f7e410e6d19711d251a5c8f3c4ecc345b6a99bda372d8d6cf514f2
-
Filesize
342B
MD504aa162918019a84580df00093e1328a
SHA192ac56400cb890b72de09ae8894d4d2231a9b340
SHA25646bc151cf979ce22afabb4740e5dcc01e95083ebc45fc4479a63c53093854b2f
SHA51208aebcede20c3780fdcb03458f8f445837bbe6f911a26f668a3c7dbf924bea298e5151bb3d8b7fc88ff3173a01d188e307b43416adf796280d6a88fb8634b0e5
-
Filesize
342B
MD5c46ecedd50753025e28b1b9196bd93b9
SHA183141056500309ee69d78ec3644ba9c5942439ba
SHA256fb942f7ac5d151b911c104b5a311c026fdf8fbb9a87312d32350b6ce38f47587
SHA5124274befbe4485a5aef624f4f00ff539893d989ce179cf8109b373ea2a89843da489cf68e332fe9d7f8f8e70c070963b9638cfba0a5bd5aaf428c0c392eb7f4e4
-
Filesize
218B
MD5b77a67b368301e517456cff4b5004a05
SHA1b35a6119b528d21c476dfd8be701d97bfe91dadc
SHA256de95f73e21af7cdd5792cfb42912033a3a8ca6d7f7df4d9a3a25e432ba750cac
SHA512775f4b28ce2e80a78b385eed31975d52b0cbd7e874dd4c89ea9b081611750922ee3b36f5fc3f54009a4b8cc8bf81461db3e8eb68aea4ffe8454d6c8888ac8263
-
Filesize
218B
MD522353145ab12f193cbc92396cea8641e
SHA1ad2ad021e1563557a1a5590aaac6f4b5d9282b06
SHA256de474a871ced478bdb82217c8c4bef69ea803d0bc30ddc6e9379100cca013657
SHA512145aa1928e47218893b4ed78deb9a7bc8877266295f806da21fb5d8f0f5c180d48f1242ed6bbe5230a0c8788ccd635948ff9c29e2143cac7887bba87deafc27b
-
Filesize
218B
MD54b7aacee6ea558c4f0ab877331846a10
SHA1a453b81deac13efed6e59f82519b033cc424dea2
SHA256edef93cb22db01d473cb4a26511b6ddea89eaafdb6b90962ef7ff2209ad71fb1
SHA512c00eab3e9066458cf6ccc05cd65a9377da1d45514fe983a698ad65a8987b130712065e3efefed487a39a0408b67391a82ecc0e11c05d28279f44ff8d6e4d9c30
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
218B
MD5679aea951147f59e14edc5d433296d67
SHA100a5d220aa1b17777e0f033935033de2580f901e
SHA256fb713432364b7f0b2f53fec6f4013e03dc5538899768514e0cc1a8d9eb94e523
SHA512e7136c6425c4faa8e21cff453aed4083247838e38fc595f8784459124bd191ece626ea5ae6be601e9e60d8f63968f05b404d021f7776627f1d7293018b9e33e9
-
Filesize
218B
MD594444403577a40a456c8c239326dcaa3
SHA190e217479ef560b879da0dbcec0a54d655fc411f
SHA2567df3c7359e70eaab60a0cc8925b20a7c8ea98b11fd401c2f4f8803b8e584703e
SHA51296e5ac89c4e8f1dc00f30105b3c34a3a5da7693436f17b5ffd03ba6dce43e30855ad0127f3f23927c3d1b2d05ffc995798f9cd7a1707795a6f04532128d4d872
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
218B
MD532856273a045b6868a59be0014e7312d
SHA149ddf166a875e1fb0c9a9d4e82c25c79e7d0e075
SHA256448098f03cbb57d2520b418b958402ab7fec1cf6b7e316156813b2ac43e778bb
SHA512496ac20be0b46adc39094a65e46e52428d78d1e0c3e444a7b9c523423254b6c79855a65ef12f408904c6b6fbe3bcdffd9fe253245a88d96580c3f995e2954c87
-
Filesize
218B
MD527ea70e4fd44a1994db00697fe4af532
SHA14740c788be3a0f5b3128bd62f6ab63a527b01fb2
SHA2566f52da50147cb39d5006e4582e220198973d4e4578efbd1e2ca5ae20aa2ec5be
SHA512f6c27123f239fd03e196ead83a713ecaae93c3d856cef0500ba739bb92bf466d90401a5906f6aa1143e9854df853cc3982a9d9b6cabcc2b39d42a53edbfc4391
-
Filesize
218B
MD538f7d96d67db10fc07752df98629187b
SHA171aedd0656f83c7e903c2815ee16e4d6fe349848
SHA25621338c51e5afb3d65c355300746b9a234434c2d46b85ead26ed9309d8e8c2b8d
SHA512b86536cbf9f370dfaee8e52fec4fb741f2a86a39f728ff062a95966227e038c8bd09973f83dd61d91e2d2c9a118c4f37003503a8805d21f257556cefd0513d10
-
Filesize
218B
MD530eaddd21ea81e24b485df2e13ad3712
SHA175662d0debb387e41c080e7fbd14178595d3f8a2
SHA2561ed1d55812f12514d6c05424f268286c944aff400ee29612abbba8198581ecca
SHA512cee7269bc597f8fe371658a799d107600ebae834b738b10ef99bdda0a32e381cf01c037563a41c14f910dc388394500414b507c89684afdfef5f5467ea14388e
-
Filesize
218B
MD5fdb0fec7a4676dbb0fb3260124e70f9d
SHA1c53c264b80786faae3cdbc0e5eb63b956c07655d
SHA25624649bbbd129b79e1627418cbb200fc1a27700b01c741e5845bd1eb7e93b2bff
SHA512d4ec7dce6803545f19542c8e6d7486716bc8b1057572321ce59798d7d0df31bf693cad668396ed13ec6c8aba565a0f7d4f52cb2ee29f2f71a41eae7b04b14f2c
-
Filesize
7KB
MD5b786b3a3614e54ea2ca84a12c959778f
SHA18ce12e45944c2ae8aad418c8f5dcb61cf4f565fe
SHA256ffdc2d61c9e06e70e093a11d2b56c762df0d930e449fd889c123ea2ee4a1a35c
SHA512dfe6999482d0bbe615b2d81c3de49c696a2e9eef766de556e578316829ce318565ac90af7d3cccd8b454e5e972a93c3d0a7bd64d41b363b0d518fabec22b940d
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
2.9MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB