Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
26-04-2024 09:44
General
-
Target
007f485b70277dc3d8a978edfd561241_JaffaCakes118.exe
-
Size
5.5MB
-
MD5
007f485b70277dc3d8a978edfd561241
-
SHA1
462d813115a1435ab9235ad4f02d1df2660ab847
-
SHA256
330721800674398e1a450deb059418e7dd7758eec2aeccfa1fe054eeb0850e4a
-
SHA512
3b8139a4375561d8979e2aa25b4fc21eedea74f909e0909c38647d4ca84d15e8ee435377f1714f910914107306da9c9adc0e6316d287ed3808796ab3dec59e28
-
SSDEEP
98304:OoskEEoskE0oskEeoskEkoskEWoskE4oskE0oskEYoskEC:X
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 12 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 6 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 6 IoCs
-
UAC bypass 3 TTPs 6 IoCs
-
Disables RegEdit via registry modification 6 IoCs
-
Disables use of System Restore points 1 TTPs
-
Drops file in Drivers directory 24 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Executes dropped EXE 30 IoCs
-
Loads dropped DLL 18 IoCs
-
Adds Run key to start application 2 TTPs 24 IoCs
-
Checks whether UAC is enabled 1 TTPs 6 IoCs
-
Drops desktop.ini file(s) 64 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 64 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 39 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 6 IoCs
-
Drops file in Windows directory 64 IoCs
-
Modifies Control Panel 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 12 IoCs
-
Modifies registry class 51 IoCs
-
Runs ping.exe 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 31 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\007f485b70277dc3d8a978edfd561241_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\007f485b70277dc3d8a978edfd561241_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"3⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"4⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe5⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe6⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Drops file in Drivers directory
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\smss.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655007⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655007⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655007⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655007⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655007⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655007⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655006⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655006⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655006⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655006⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655006⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655006⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655005⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655005⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655005⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655005⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655005⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655005⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655004⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655004⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655004⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655004⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655004⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655004⤵
- Runs ping.exe
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655003⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655003⤵
- Runs ping.exe
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\Gaara.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"C:\Windows\Fonts\Admin 26 - 4 - 2024\csrss.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\Kazekage.exeC:\Windows\system32\drivers\Kazekage.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\drivers\system32.exeC:\Windows\system32\drivers\system32.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.rasasayang.com.my 655002⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\ping.exeping -a -l www.duniasex.com 655002⤵
- Runs ping.exe
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
9Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
736B
MD5bb5d6abdf8d0948ac6895ce7fdfbc151
SHA19266b7a247a4685892197194d2b9b86c8f6dddbd
SHA2565db2e0915b5464d32e83484f8ae5e3c73d2c78f238fde5f58f9b40dbb5322de8
SHA512878444760e8df878d65bb62b4798177e168eb099def58ad3634f4348e96705c83f74324f9fa358f0eff389991976698a233ca53e9b72034ae11c86d42322a76c
-
Filesize
196B
MD51564dfe69ffed40950e5cb644e0894d1
SHA1201b6f7a01cc49bb698bea6d4945a082ed454ce4
SHA256be114a2dbcc08540b314b01882aa836a772a883322a77b67aab31233e26dc184
SHA51272df187e39674b657974392cfa268e71ef86dc101ebd2303896381ca56d3c05aa9db3f0ab7d0e428d7436e0108c8f19e94c2013814d30b0b95a23a6b9e341097
-
Filesize
5.5MB
MD5d15dc02c21c381e5bf360fb07b007771
SHA1e421b671f67bbf98a3f263d4b0aebcf52913d288
SHA256d1fce81166786d47cf8a1a9bcfe0530d0a1f4216df2de0e95b9433cba645da5e
SHA51224223404360077af81d77129d3886cf0fd265aec0854941d0b562ee2df071ef5ef3c67b407fb490ac324a84e99fd53aa1f650754c93690ad291c46b0120974e6
-
Filesize
5.5MB
MD58cc926a6c9c6c396247abd3916117841
SHA1f4c8b4a043366884636dac0d14b56d2531f1f2ce
SHA2566386455967bed176030d4e0bd2575363343f8c17a2817195be53bedc612d44d7
SHA5126fabdde87e0120d46b09f418c52969493daadeda935b628322ab3f63e48b6cf99dffd035d9858dbab9b104e281ade887a792ee7cc3b5e339bd8c82cb11d1302b
-
Filesize
5.5MB
MD52b9434595587e20b2c4e93b5d4453a13
SHA17c3fd5b0af424c5a6e14aea22fda4a3e19134eb5
SHA2565d01cca1f9b34f00ea0386d1774e4beb2455541226257517aa388aadcdd7a916
SHA5127a47cde74ef11fc2bdb19983c02360bfa7cfc7632bf11fb9c70f0307957ee580c1f99be023ae43efb0d56a13fb37950f2679d3663256de9435a9fd6b5586bd8d
-
Filesize
5.5MB
MD54103384af49c7008745a41422138e355
SHA1c4200bb89607fb32efe1b67e70ee9b7cf4985317
SHA2561092c08d6ce0554c760edced6c3a0f271192b447c5810024d07297956ec0cade
SHA51253f088e0dc23d7dd65db92ff85bcce2c86912f130ca7ec438341240691df305c6ebf8f524a8a2acbdcb350b944bcb695cc43193e20b21467f8beb8dc47586156
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
1.4MB
MD5d6b05020d4a0ec2a3a8b687099e335df
SHA1df239d830ebcd1cde5c68c46a7b76dad49d415f4
SHA2569824b98dab6af65a9e84c2ea40e9df948f9766ce2096e81feecad7db8dd6080a
SHA51278fd360faa4d34f5732056d6e9ad7b9930964441c69cf24535845d397de92179553b9377a25649c01eb5ac7d547c29cc964e69ede7f2af9fc677508a99251fff
-
Filesize
1.3MB
MD5d971efdda959b5ec87c6bb6bb2c6f350
SHA1f05962526cb25a1ea5e176265e235443eba4ec70
SHA2569a72d90064de8ee12ca1cd99511f5f682314cb4bde1b2884f6dad6d0c74a252d
SHA512bc78144c2fa562f7b8eab80be69f7ed148d48d600d72d98c018649fb19fceb4600bbae723e5eb36c410026e7940180e2eb2d4715bb660f35e813b4cc257758ef
-
Filesize
5.5MB
MD5007f485b70277dc3d8a978edfd561241
SHA1462d813115a1435ab9235ad4f02d1df2660ab847
SHA256330721800674398e1a450deb059418e7dd7758eec2aeccfa1fe054eeb0850e4a
SHA5123b8139a4375561d8979e2aa25b4fc21eedea74f909e0909c38647d4ca84d15e8ee435377f1714f910914107306da9c9adc0e6316d287ed3808796ab3dec59e28
-
Filesize
3.6MB
MD5bc552a660422bb3904e9d695955aaad3
SHA195b0d7ad83d8dbbab437bfb93de5ae4a8371c629
SHA2569d2397793f3e5246cca5b9b7b4505b060be47ffaa15bd7e7e2ed467a2745867c
SHA512c36a79165fdb34ea17f942a72164baffccdd637e2a1439e5a9e7d692c763aa2e50a6623c3c641c9b27530846dc5371d0287ae71ec5a9315c0972fb4880aeb658
-
Filesize
65B
MD564acfa7e03b01f48294cf30d201a0026
SHA110facd995b38a095f30b4a800fa454c0bcbf8438
SHA256ba8159d865d106e7b4d0043007a63d1541e1de455dc8d7ff0edd3013bd425c62
SHA51265a9b2e639de74a2a7faa83463a03f5f5b526495e3c793ec1e144c422ed0b842dd304cd5ff4f8aec3d76d826507030c5916f70a231429cea636ec2d8ab43931a
-
Filesize
5.5MB
MD53e8d0d07c4e6868a9261bf75c8aaffac
SHA14e3dddd6e458d2c6fad85df7251ba5e7473a9068
SHA2563e09b9eb168262ad90abc1dce9d06848e7804a52f7a1e32be5e5f4b36296d0b4
SHA51217070199f845bc879853dfaeed4afad703bcb2b11e9ab9af8b731012ba7428d89e5d73654b527910c1f57a3eb6f445462afda963050adf3cfbfcf9d6ed7084ec
-
Filesize
4.8MB
MD58c175b82618202fa6ea58b20063c4e95
SHA1a8daf2417746e8cc8c466e5ba533a2ab0bbc4c8c
SHA25623efe3e7a5d2ac6f03c38a57a84b482dcdc282df5bd5b7145196e46646fd3ebb
SHA51229d771777ffa8b1c1005a00f0f05f6621a4417de2db5611c26d08af8de1d0b105465a39659f157b21eefe62b828627f33d54275e9a41098c79c34156a24abbda
-
Filesize
2.2MB
MD516cbd7c82be91d7d75f1b517522cdfac
SHA108606e6499697b67cd891d0f7603fc74e0de682b
SHA256cdd30a9e6500ce294b812572d5dfbf50441e0b7dd8fc398711f89d4092ac8b00
SHA512d8435797ecb0d8d551c18da00b520a57cec836a9a5f2bf1a330660a6168d31615dc0e6b1c106d1145da088d083843be4229ad29236591d74e4f04c275cec3ba9
-
Filesize
5.5MB
MD529be54f740f6c2eafcd0afb6b723ce00
SHA1eae3255dd335e299a27531e6a0f6f37dd01dc044
SHA2560cc49ab54e944087f9f9849c53d8d8006d65c400d969934a8f810b76050343d8
SHA512229f251bc46484800c2ae88a3c0145f048e3b3ade160253e252e1cb0d8577fc79306789ee9c31eecfa98e2a3a24b95270f8d4ec5847c3d326aada26bd364ad71
-
Filesize
4.5MB
MD5d3181f3e809511b7b5c176286f34592e
SHA15e32d3feedd482abec04fab2741c6b6c167fa1f5
SHA2562a7eeb90c4b5f4966e56c121000f9d6a88be02454c4c5d05f29f144def114e58
SHA512f3ff6c5f09ac8a968ec34976900695b14515f1fdb8987c101a8d1075a24cc3b9e8b58fa84eff4f003b4fd9a2106924b172847a65ed2403014f5944322b8e5a62
-
Filesize
5.5MB
MD5d2b79d9714eb8d8bcc7b2ebc9efba745
SHA125fd087dfe0ee55d0a99ab70b15546d2ba5ba77f
SHA256ba18943af192a194f0d24922bf7ea90c9e2b5e043529eec85f4a150ad2c3ac45
SHA512591dd60e5565cf43a8d658d0104770a99b83712ae450c47fb81dda48bec67b60dad775e56272f509179a2ea87e01add5b05325cc2a86f45c3669bed10fc29018
-
Filesize
1.4MB
MD525f62c02619174b35851b0e0455b3d94
SHA14e8ee85157f1769f6e3f61c0acbe59072209da71
SHA256898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2
SHA512f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
