Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
23/12/2024, 13:19
General
-
Target
JaffaCakes118_55008b6e5b922c53915f20037c1669fb91a888fd6beb41b4051e3f0ac811b313.exe
-
Size
1.3MB
-
MD5
99da1d5b06d7fc95d645428afe348458
-
SHA1
530239d5c67235c6e8891828ec5e1e113a6b9f7f
-
SHA256
55008b6e5b922c53915f20037c1669fb91a888fd6beb41b4051e3f0ac811b313
-
SHA512
f724dd409769aad7b4cf4942479b4210eff57fd1a6bc2cf4440fe25c12ba348ee0bd57ca8950fa2360f15e4cfaa02310a64b1e2d24cf938a71112d78b68bf90c
-
SSDEEP
24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Process spawned unexpected child process 24 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 10 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Scheduled Task/Job: Scheduled Task 1 TTPs 24 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 20 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_55008b6e5b922c53915f20037c1669fb91a888fd6beb41b4051e3f0ac811b313.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_55008b6e5b922c53915f20037c1669fb91a888fd6beb41b4051e3f0ac811b313.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\providercommon\yTUdeXjbLOhnrN32dgrxVg.vbe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\providercommon\1zu9dW.bat" "3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\providercommon\DllCommonsvc.exe"C:\providercommon\DllCommonsvc.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\providercommon\DllCommonsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\dwm.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\spoolsv.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\LiveKernelReports\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default User\explorer.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Branding\Basebrd\dllhost.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Windows Mail\it-IT\sppsvc.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Java\jdk1.7.0_80\bin\OSPPSVC.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\ServiceProfiles\LocalService\Documents\csrss.exe'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\wLA3izB53h.bat"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:27⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\wNwF62sylT.bat"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:29⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ounU5LkXKE.bat"10⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:211⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\KLWAYFjljO.bat"12⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:213⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\a1lJXnITmE.bat"14⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:215⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\iS8tBRk2Vg.bat"16⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:217⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\etpQuxQFPn.bat"18⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:219⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\FIx4sKIZfl.bat"20⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:221⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\uItNEyebdJ.bat"22⤵
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:223⤵
-
-
C:\Users\Default User\dwm.exe"C:\Users\Default User\dwm.exe"23⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Users\Default User\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\spoolsv.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 11 /tr "'C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\spoolsv.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Windows\LiveKernelReports\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Windows\LiveKernelReports\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Users\Default User\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 12 /tr "'C:\Windows\Branding\Basebrd\dllhost.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\Branding\Basebrd\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\Windows\Branding\Basebrd\dllhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Mail\it-IT\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\it-IT\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Mail\it-IT\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 10 /tr "'C:\Program Files\Java\jdk1.7.0_80\bin\OSPPSVC.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\Program Files\Java\jdk1.7.0_80\bin\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 5 /tr "'C:\Program Files\Java\jdk1.7.0_80\bin\OSPPSVC.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\Windows\ServiceProfiles\LocalService\Documents\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\ServiceProfiles\LocalService\Documents\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 10 /tr "'C:\Windows\ServiceProfiles\LocalService\Documents\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5dcdaafff6c3142348fd5b8bf08f71e2a
SHA1221209483feb3fba79cdcc0196f1698914b3a3de
SHA256a50a6bcb5c58a26bbbdaf8a9d0f19778b3f383ad2e9e70cde948e5f706aa3c83
SHA5123abfcb5d434dac9586fd2d7fc3ee01d8e47419a1575bda10744fc8c59172a56a247d57e7f05b2dfa901e1039ca9b930d9696967e21db0ec5a02e4975876da463
-
Filesize
342B
MD5c3349a8f6e6d003c2e9c1b069a718cdb
SHA15e354ac8844ddfe3c85db45a24b0dd044677fd2f
SHA256253f5accd260313aa027ac659e60e4c65f3e380cb21b44d7cba9ab64b02e5f71
SHA512ff3bdf18281b45b7f5292189c6d411a6a406bfa7139d00d42955498953503764bb98036cd2db167e6f5375f525c2fb28b6cd334857ab755edb2c8a4ce5c96bb6
-
Filesize
342B
MD57e1305dd095062abb987f512725d16a6
SHA1d826d7559b563fbeda82dcfc52ba0e9a5669e67a
SHA256572363d5b2abf160c404aceb923f902ee7a03b96bb03c08e21f1c1aaa1affb23
SHA5128b698033e9df6ab3482c3e8edef9c5da1968cfa6987d5ead88bb9c2f31176ef50ca462ab62648813b6ff15cd4524014ab3637ed2f0776a37870746f21ecc7dc3
-
Filesize
342B
MD5593d7f094aa905910d1f60a866aac9de
SHA1f03bc5c3cac46ef03a150c91d48635deac4bcdb3
SHA2562d0236accba963b81210ac2b50e1bcbe5b33bf988326e85d703db1972b51ea90
SHA5126b2b3dba2fe128c918cbe0ebb222143224316cd919712df99a9893248ac29c36c8c409af66c58d670745794c706195a786352c208600ca02cc46c07dfecd9f94
-
Filesize
342B
MD5db0248dcf384aae516beefea17d8e91a
SHA1185247dd05696a1636a93fd5d6c6de7901b9b8b3
SHA25653436a488a6095d789d14442b6e77f3ac62a36a800deae75a86b2f73962dc5f0
SHA512e1ce0344d25b7d9ff13c78a4189be0230c5f23129ef0176b58aefbd194ab057c4997febf817438b821808a329dc0a96c1a3249e0b5cb3c6a4eac238e9170e573
-
Filesize
342B
MD5835857401c0c023350ca529c6fe6db6d
SHA1d84eba631e1c0b037684fa04c1b5ec77174a8835
SHA256fe4fa749bd2071a85650cb9295787216112d8cb32b08b89c070a967159377b19
SHA512027a329b38bc18117f7e78e75b2613cb0c21f960bb1a868bdc4b08779530e97bb5582cd7a86d5379600f391c8475bcfc8e895ceafb9024cedec8f642db92f53d
-
Filesize
342B
MD502610863c451847aa04b6806e23ada20
SHA173cd7322f643f1e4b04208df6a9e2ca60de920bb
SHA2567fbd29146d898593708cc8257b596115c97c0a9da34179af6f9a9405f9a234e6
SHA5129050e427eadb4edb2d1019ab80168cebcb1542c0b2a7c568aa9b09f93da53cb647f244669a8b6e6c6b5cef9769c07615c3c71d2d1e0dbc8adc1d02dad065e5ac
-
Filesize
342B
MD594fccdd3be91966c067175d2631beffc
SHA1e4e6cdc60abea405d47c18752448912470a970f9
SHA2565e2234a891d787572a4587d6b34b1d0ad2fd32513ba11458ee47a0d2f9e264dc
SHA51261baa9c06b3fe2e4fea07b99adb5b4d6c7d3256f8584e1479a711590b40faead9cc84824976a675b4b71cbcbbaedc5d16cdc27e6ca0a4a58f2118b0a590baef2
-
Filesize
342B
MD5258839458764a87f90ceef67de5ecc90
SHA1d289016eeff243f9b6494d7e8bdc92b53d4fe402
SHA2560bc9188979232adca450097e2fa40d8ea8a6f72922c3c7571ae29031e07fe292
SHA5126f14a7b9a4ecae26ca13ccd7d397011d8f76d20a8fc9040074c4e8986dea3522de197d51e8b10cef00786bbe50aee66beff50f16a890820248f51ab0427c1d19
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
194B
MD5061c2f3814f8b3c63bcb17f2a54c86bd
SHA17002286b682769dfaf753cdd2e79f932c66c26c2
SHA256b73a5fe0c44f01b4cd5a5d08e2d963762ac173e1f36ab95ee6a17b67a9f50f99
SHA512f7f76eab15ae6097669aad6da55b46ae1e48c44a36e4a18332d6737a45c6fa1d5fd486fd83015b94c7cb3e8cbe0bb8e89a11e43262a5473a5d13256f6ec7a50f
-
Filesize
194B
MD516dc863ec36b7a4ff61b8f3ef683bf23
SHA1d9aa46c051f5741bef25d24dddfaf20b97f4cca7
SHA256d9222f19017b02d37a0d15f88eb221d5d6bb2650806c90e094c11f964ca71b77
SHA512e91b6f72f2bc56a3747e704f728a546656e0e28b1beec486fcc1921ed3bcffa4672bee3bb0e136ff64fa302410a90eb3c3ed5af314fa5f2d497545a7e11cf209
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
194B
MD5fa96c744c98b8a7def0c761784a9ee5c
SHA16be76ed19d102ee1fd8c99e27c829c77c633e4e4
SHA256154403f1b3ed4a86bee3ebe66160e9615f4a5621e4c84b101a9e1431bee684f4
SHA51222e1c357cb4f4fd98b923ed9e4d9153bb93b1af610000f86f4006418d9851460f97b272e78b0ca12e3e5658513dcf80f0becdcd8abf6fa8b38aeecdc1638d3d2
-
Filesize
194B
MD59b6473f74f00cd2199f3a79df14aee0a
SHA1df5d727d9514b473d701fea8b0a12287631bf298
SHA256dba7e60361978dd9af67ea74013530d16abb0cd3e6a7a3113ce8b9774ecdcd94
SHA512421ea2657e2891215d9683bd58876e2c9228a2b2efe14b5f06bee3f98228783328b5d4c10627ec9c4cd31f1c486b221ed1d7eb8b8d3adb7e8300fef9b1fbc340
-
Filesize
194B
MD5a6b07d4ba0d94c3290d22e1874c475f4
SHA1d8be12947f45cf1cd358a3a7dd68d22b1decce3d
SHA256897cf539e095fe6dc0b919f6105095b61a9f4836649cb4c5f8cc3e0e5da0b1c2
SHA5122bc44971af2db5908fe110987f0a6c800ef9271587e04305aaa2523cae06306edf2854fdc0a9e521e506f0c89a246b36b36a6114ac1cff5cf633eea92de90ec4
-
Filesize
194B
MD599085d44a66cd388adc198308b03f906
SHA1c9d5777c926faa4d38e1712fa342de4237bef2ed
SHA2560fe0aa382fd3e18e4eb6b507b0f160bfa73be4ee4dd089dc979430aeab66302b
SHA512609aa71077df40952b737e2c1a01eb362b258ddb3e4201c7fe671dc84561e58dfe80178e56e45389e1dbbd20d04166ef4e417a2140cc9c07c25e247fda5a2f05
-
Filesize
194B
MD5eeb27b504a1ae63c009bb02704cd31d3
SHA138e9b0f335b32fb012d9da28ac5083a4821e204d
SHA25682e8f2e3c1f754c1cd033b0333d595344e270b6fd78c1c5292055606344a0fe4
SHA512c69b83f437af8d1bca24960b8700358d41eb7d3edf4550fcf7d5f732fbde63a82f5bea71cc33d37f73ccc23a2b4a8efdc604fe1fd4d2e78895ab91bce66c900a
-
Filesize
194B
MD5a68b988bb0786ac1ab988b4338b260fd
SHA12442e8f161ecf655a0a262aee1679b1947b78250
SHA25645494e0528ca494a86ea93095d2db3392d98f8b5b14d0a216daeac88068f7a2c
SHA512ba3490509a4ad24cb5a784ab889e57707b216a142a2ba3a69fb701e124a592d6233115fd4363f082b4b3ef6c0f093453eed9138fcc47f29da7f2e594d6cf2f34
-
Filesize
194B
MD540bf95dbd535e86c196b2573f42e590a
SHA1929dba43a1173de82fd1b7e9d8f0a1784c5b4772
SHA256c045124f754a0695ce3f686c5342058d0148ef000cf7543efc610011594ffbd1
SHA512f30de4e6fd828f4d55286fd0035911a099ece3272ad0c583c7d2e4cc3fcf29f8f764af7397281f4fbe9f903394a9d6515be08d6d92578be5b0c8caa50a6cc6f5
-
Filesize
7KB
MD53e593f1a899ccaeac4e57c77a995e0ea
SHA100e13db92f2d71d0bbd2e6f0fb184ab521c9223d
SHA256802cc7678e08813fdade3581f257d0ca950b4d22112dcf1fe19c2f481e79ffee
SHA512a4cf221258ba90a903c40d8bcd01400857ba62d13ebf5f7cf4b314174e228a9e2fb96a821cb21b22484e732ce086918ec245d92cf42fd85a382436de539377e0
-
Filesize
36B
MD56783c3ee07c7d151ceac57f1f9c8bed7
SHA117468f98f95bf504cc1f83c49e49a78526b3ea03
SHA2568ab782f0f327a2021530e7230d3aee8abbecb7eed59482a3a46e78b9e3862322
SHA512c6012d4bfac1ed14d0fd9f0eabd0e1c3d647b343db292a907b246271d52a4b7469c809db43910ddba2e8c5045f9cb3d24d0af62d363281e6cb8b39ee94a183e8
-
Filesize
197B
MD58088241160261560a02c84025d107592
SHA1083121f7027557570994c9fc211df61730455bb5
SHA2562072cc9a4a3b84d4c5178ab41c5588eea7d0103e3928e34d64f17bf97f3d1cc1
SHA51220d9369dd359315848ea30144383a0bb479d86059fdbc3b3256ac84f998193512feb3b1799ab663619920c99fe7e0ebba33ada31a3855094b956fcd351c90478
-
Filesize
1.0MB
MD5bd31e94b4143c4ce49c17d3af46bcad0
SHA1f8c51ff3ff909531d9469d4ba1bbabae101853ff
SHA256b5199d3eb28e7de8ec4a5de66cb339a03d90b297e2292473badaab98ade15c63
SHA512f96658bd19b672fd84038bd7e95c89e14f4e6f84e3ce9c6fe3216861a41203406148c6a809c2ab350d0d6c5919c845f619deb1fc9b1f1814dfce87e566bc2394
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
48KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
72KB
-
Filesize
1.1MB
-
Filesize
72KB