Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
12-02-2025 03:06
General
-
Target
JaffaCakes118_ec99191a86cf84844ed7bf77c7e404b2.exe
-
Size
81KB
-
MD5
ec99191a86cf84844ed7bf77c7e404b2
-
SHA1
f69e7b91a341a7401dc83e1055d2b42f8338f5a5
-
SHA256
13df7493ad9c328a21e7917abb6f4208c7c1b880e28d6750d1b0c60a27aa0e76
-
SHA512
df31b924f6c9690c76c1ce94824ff89b668dbf6afbca7ff1c97f4c925092a208f23d530d1f5044b6152b913d46b8ac514ecfbb45acc56dc55f497e1a022e835b
-
SSDEEP
1536:yxqjQ+P04wsZLnDrCYAcLMNA7/utGgvdsaFOqJ75Bw:zr8WDrCfcLMyyMmWa15m
Malware Config
Signatures
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 11 IoCs
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 24 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
-
System policy modification 1 TTPs 4 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ec99191a86cf84844ed7bf77c7e404b2.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ec99191a86cf84844ed7bf77c7e404b2.exe"1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_ec99191a86cf84844ed7bf77c7e404b2.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_ec99191a86cf84844ed7bf77c7e404b2.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUFGODU0RTItRTczQi00NUIxLUEyMzQtRjQ5NDNERTIxQjFEfSIgdXNlcmlkPSJ7NDc2QUQwMzktREIzMy00OTQ1LUIzRDMtNjgwQ0Y4NjZDQkJEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjIyODc4OUMtQzVBRC00NjZBLUE4QkQtN0RGNTUzNDBDNjAyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5ODUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODQ0NDQzNjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjYyMDE5MDI1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\MicrosoftEdge_X64_132.0.2957.140.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7fec8a818,0x7ff7fec8a824,0x7ff7fec8a8303⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9A64760-A5C8-40E7-9327-BEC772763DB5}\EDGEMITMP_A08FE.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7fec8a818,0x7ff7fec8a824,0x7ff7fec8a8304⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7db6ba818,0x7ff7db6ba824,0x7ff7db6ba8304⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7db6ba818,0x7ff7db6ba824,0x7ff7db6ba8304⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7db6ba818,0x7ff7db6ba824,0x7ff7db6ba8304⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD5d9e8a1fa55faebd36ed2342fedefbedd
SHA1c25cc7f0035488de9c5df0121a09b5100e1c28e9
SHA256bd7696911d75a9a35dfd125b24cb95003f1e9598592df47fa23a2568986a4a9a
SHA512134644c68bd04536e9ea0a5da6e334d36b1ce8012a061fa6dabd31f85c16a1ac9eee8c40fee3d55f25c4d4edf0672de8ce204e344c800361cbcff092c09d7a33
-
Filesize
6.6MB
MD585b506435c4b023af9790319906b317f
SHA18b55cd704c5c4df6a73563f60d12b1b58effb4d9
SHA2569cab79c0a7eedd2f603c6e02eb6e17c15f2b9037dcdb7624c8d7e95c72445c98
SHA512ba113276b401669a607020470ae877c3244a7d799e9a18040d9817b253a0fd7ded3e4c049193071456cbfd32046d1386fa965d1cb81f5f83b50f9dbd05438b11
-
Filesize
557KB
MD57679e34fc882e5a30ab033ff506813d4
SHA16caa16b423d6cccf4197b3233045ac05c55514b4
SHA25644ca58f75a04e7a67ace15810cd3905a840443f27eba29beeaf5304fe6964e5c
SHA51268fb6e965b3e93f3632aa548fd27b0e26c582fca1e1d4ee48dcfaaf4af4c378fc0aef598866f935e389226be441e669ae5ec2233d5c2805ffe543191586b4fd9
-
Filesize
161KB
MD51d726458670422a3955ab316e03c7e88
SHA1178b511113882635eee8e1a7930fc626a7aced66
SHA2566d76c0ca52aff949cff0ccf67459352cb3f74a6cc8576cbbc6a44dfae5a219ff
SHA512d5f121d1c701a1900144b8a908ada1b1844c287b297c48ddcceb080cb500126d75e5adc4f346a923677cdc0dd2204bb1c157d63467f37811b065f6d08faa9073
-
Filesize
1.8MB
MD5db785cf66d6e434b146d4fa9fb544913
SHA13c358d1ff54b912fd8992d568872678c29ed2f9b
SHA2567432a81735678e4f3799de0e2746ba11a3054c5d312a1a2e2061ff59cfd0ce6e
SHA5125fc8aceeee777d09a014c099cdc7b4d51de2c9fd30a32f77dba6f67ce0831533cf8056af0cc8098665c215310a2b05354cfb0694537214fc91e7ff63013b2ebe
-
Filesize
1.1MB
MD554add4531907dabb67cdb9fcf7540f7c
SHA1d6bb2a318a3e6939cf1ce378a93efabae5d223d1
SHA2564b82a5801524f4ed83ab9a80eafae57fc2b6b5f7464cbb0d9b67cd0c91c0b5a1
SHA51236ff5f8449b0ca0365d93b9859c0bdad499d4c3096f5ec3137d1af61f2e02bd67dfb02e857822d71b804027cdc22015e277e3dc0800cf2a4853213a90cf6744b
-
Filesize
3.8MB
MD59d5eee4fe746e10205ed8d5e6fb0c49d
SHA19c96d9757814a8918c74c86dd616b347d0736d5c
SHA2567673bd27ee0dc5f98524a41db0bf2c1645405deb13592f734fd622821aeaa5d6
SHA51239580e79bc1f08c4d96d1a80e7c1050f10e16ffe6ea9fc597860227c65dd09c832f831d51f0f0005b5e9579820c5f4de23756a4416c36aba5a398cc64ade8363
-
Filesize
1.1MB
MD5bbf80e9092dc8e87e0e450df989cc6e4
SHA1fac018e4698f282b9d25e52ff9cdfcc646d97154
SHA2561519a3ea1203e03eb93b3bb00685f3ad7746732231e5a9ea7dfb098a00e202a2
SHA5120d1bc04cbe4a726c47152c7e2b295f487db4789c3b040add9fb2b68c278e4c77d06bc582359bc59672e635a7318fce94a2d3a6ba9730035dd5a85c370b9befb2
-
Filesize
1.5MB
MD5b4a36a924b65d67e0aca125e3e70280d
SHA188ddfc7315d71715cfe313a5fa8c1bc0241c6168
SHA2560a34bbdbd8d9d0f6312b1706642854baacfd7958dd2d7950c1d5103407d015ab
SHA51299ec800ad818b8468b8639c07b61045c2cdf36cfba391dfd4d978f0ba0ca103150dc65b71317f8c2ca418188d07ab901363fb36571899cb54207e49b137dff38
-
Filesize
3.2MB
MD5856ac42fbc0c71b0b7de013db0bbd3f5
SHA1d668b09a9aefd0c5dcd969d6b2ec0cd59f58eaf5
SHA2566bb06e7c1b85c5b1e57317781168cb5d9259bf955a3cb7f17b98070dc72526c6
SHA512cb3a79f359ba1ebdf8cb381ed60443e4dea06da851dd67bc2c4d7931a22a7300836e30df66ac026389410852b2bffd574cbe5bb9b7de3530a509acfca79a3b15
-
Filesize
1.3MB
MD517deadcebdf50756ce3471ee7801c7d0
SHA1cea7c1450375fdf6f49a5ecb4c08bdd8480da7dc
SHA256e6c464bf2a94bc6b3895dc82d9bce044c3845c8b13c8271399d64f68f4def13e
SHA51292511faa8c8c6da107fb99f0a0179c7bbe2a340a6ca4f71dcfbcbf9671f548abb68077c97cc080b203e0bd80e0ba54e6276ba7485bb51bdb898d8433501dc700
-
Filesize
1.1MB
MD5d62246270d884b35fb982f3fe84298ae
SHA16759963a5f37fff0898f816cacc469f83973cafe
SHA256f68cc706950d29d185ab3f38c02df5d9346c61480995d5908c39e8cacebf64b7
SHA512119bcf4175f5ffea410d624e52d4ca4c3573a86e3db8f3ee030858065a33b8a56ab521d6d254ad1a27ebdf88adf20d7ae25d937e9b1f0b368ad1046c24c48302
-
Filesize
6.6MB
MD5b4c8ad75087b8634d4f04dc6f92da9aa
SHA17efaa2472521c79d58c4ef18a258cc573704fb5d
SHA256522a25568bb503cf8b44807661f31f0921dee91d37691bf399868733205690bf
SHA5125094505b33a848badcffd6b3b93aad9ad73f391e201dee052376c4f8573ba351f0b8c102131216088ffb38d0ed7b5fe70ba95c3ac2c33a50c993584fe7c435e3
-
Filesize
509KB
MD5fdad5d6d8cf37e8c446dcd6c56c718c3
SHA1412883fd3bb56f2b850d2c29ee666d9b75636faf
SHA2562ed31146dc94132acafc7e759086f18c83560693a813b1d842a30908f50faf7c
SHA5129866ddd370e7ab75aea143c5ede3ee96700ed662aab7fb3e989f9beedb2800b488f985a8069a61025cc8201bbc42e23d744717988587c2a8a66f2e91ea7cbbbc
-
Filesize
3.6MB
MD569e1e0de795a8bf8c4884cb98203b1f4
SHA1a17f2ba68776596e2d1593781289c7007a805675
SHA2562b6d153b9df86033b7a83eb4f521fd4f7aeec35dc54ef8d1ffe80f5bbd030dbb
SHA512353b664271d0f49f94b60c7fbaf5ab6d5b8df7690383517a90ba675f750d9b28628bbd5ed92a6782879607f4c21214b15ea95fd6a5a8d6f9540a1b75ddb9e665
-
Filesize
138KB
MD5b84ae39dd0420080bd9e6b9557eea65b
SHA15326a058a3bcc4eb0530028e17d391e356210603
SHA25692439a773781fc1b4e45de7fad393bb9ccd05af99dc1a1bb2246a4befb1f5924
SHA512860ae09c5806622420147af1073cecc065786968737547276641af710b4caccd16b787bdf7212dd1d8ab16e257dd5c5cd20790bf000d75d82410cbd5bf7af388
-
Filesize
1.6MB
MD5ae390fa093b459a84c27b6c266888a7e
SHA1ad88709a7f286fc7d65559e9aee3812be6baf4b2
SHA256738b7b5da8ca4798043672d2a32913e0f64268c7861eecc9fcc4c7f9d440d8cd
SHA512096b5190efefe4c5272637e0721dcd339883f551c5e0cce568ed0bd63b31fb9acef6b09d310966482dbc7a944cc7a5878b0ad6bd68c30d1871254865a1660851
-
Filesize
1.1MB
MD524eeb998cb16869438b95642d49ac3dd
SHA1b45aa87f45250aa3482c29b24fa4aa3d57ae4c71
SHA256a2cfd55902b1750070e9154a90e29a10b9e6fa0c03bc82d8f198678e9bc46cd0
SHA5122ac6de5c3e52b31355300ff4e846ed0627d8d4af02c4c07c0886694a09237ef2ee76e004883fae76a959bef0b60bd4138a9c88ad22139c6b859786c8e37bb358
-
Filesize
3.2MB
MD56b7a2ce420e8dd7484ca4fa4460894ae
SHA1df07e4a085fc29168ae9ec4781b88002077f7594
SHA256dec51011b3bd2d82c42d13f043fac935b52adeaa17427ce4e21e34fcbd2231e4
SHA5127d2cd278ee45ec0e14145f2be26b8cdbe3312b300aa216532c41e839ba61c12ae379025568c85634f0ec3bc95cc481bb17f99ab30c711986651569f0f1f81beb
-
Filesize
1.6MB
MD5af9aba6ab24cba804abba88d1626b2b9
SHA16a387c9ec2c06178476f8439a5a3d9149c480a9a
SHA256e6a06e738140a8cc089bc607e5f5e1e2b224b71d52e0be0d01f9deb8e9763a90
SHA5129e004f2eccb4e48d2c98a8168f7fe752ad3195b66f0aa1d7ec07dd5819539bc94a50ffb1deb291e7fea11932eb88fb5938b1ef0a93cd8b1902495d1f7bd2d950
-
Filesize
2.8MB
MD5032ee4d65b62d87cf809438556d30429
SHA134458fcefe3c67f19c3d2c94389fc99e54e74801
SHA2560099c710e406e0423bb0b11eb4c113508c67f84a0972a2d14c038687cac1753b
SHA5126b912d51e93f1e4756ecc5321ec08a6eb5e15413a9d9cf568bd14ce2a5199d064f6dd5c7d9d5155296d1a4ab5852c81a8fc138565fb788e7402c09b61281a5cd
-
Filesize
1.3MB
MD5b8bffe8467716db4da9d94061dc33d07
SHA1db4bac1757b1b60b26e2fef0fc88ce708efad352
SHA256b03986224aa28f1e1850bd2fcd1a5f5f2fea34c2c0815d8e6943f0a98b754af2
SHA5125d6f6363c9c87c61d2be785280d420725fe7cc4b68908e78fc82dc480260a400500a84f1c9247b34437cd520d702ef5fc4546024fed891231630514d1418592c
-
Filesize
3.7MB
MD53646786aea064c0845f5bb1b8e976985
SHA1a31ba2d2192898d4c0a01511395bdf87b0e53873
SHA256a129a6de7b90500483226192b260eaca1ee116a007771d421aa3eee38af48d6f
SHA512145f8abf2ecffd8ecc3745dbd9ab2e360826fa46d6f21dbebece7802b9b5980f4ab19e2dfd180ce0cfb84366f3ac5c87cd1b74a085e1a0dd620b6c097900e0f4
-
Filesize
1.1MB
MD5a31628879099ba1efd1b63e81771f6c7
SHA142d9de49d0465c907be8ee1ef1ccf3926b8825fe
SHA256031b0b0de72eba9350a1234eba7489bc04f94823501fc6a200266fa94b8c51dc
SHA5120e86020f61fd08578507c3cd37385ffa2ffd964407a689b4c3d532fe4dc826eea58391f938840d18ecfa6bae79c6ece31b8f63b50366c2fa4d6ecf5194475759
-
Filesize
1.1MB
MD5ecda5b4161dbf34af2cd3bd4b4ca92a6
SHA1a76347d21e3bfc8d9a528097318e4b037d7b1351
SHA25698e7a35dd61a5eeea32ca5ff0f195b7e5931429e2e4b12d1e75ca09ddab3278f
SHA5123cd3d64e7670ab824d36a792faa5d16a61f080d52345e07b0ef8396b2a1481876a3b30fc702bf0018a1b02c7788c3c7f1b016590c5b31485a90e3a375f11dade
-
Filesize
77KB
MD5b12643c474212bb143db46f8bc34e86d
SHA179d265b1704bbcd040b92edd3c0feaaa930e007a
SHA25627f638eb1a11e81d36c172b9aca228da667410b04f318721441832a337f4c131
SHA512f39bd2811eb879cd18d926d6b3dc47713b1bc7edcdc58b815d6e21072f743a65195a55853f408b7565dff7feee18e57257e524879d90c73694e4496a7d600e12
-
Filesize
101KB
MD51ab83158fc7735753a8f47db770a7043
SHA10b5a26f62b2c1311ce2b652090e12b3a55c44542
SHA2561d3d4abeb63c80f17a01787e0f7294558d91228b452e09f1dc2a73743e902450
SHA5123c2a8c39292a66a373e75a63c7bfcd9be305653260a818b1834651b045bd542bd76918e0bd5e5ccf1d8bfa56b363899e97063c2b4d896f8b630077482728ad26
-
Filesize
104KB
MD5d077e004d6c9aeb1354a8c79fde9fe9e
SHA121be1475a7af8f556343ad4a63898c04d0505af5
SHA25650f955a634df784b00054c5805a8a38f6b09bd9da2f0af71b66911b9506fb33b
SHA51212f1c83cb9252216de4745015058346fc0df0842616ae07008726bfe57a3834a78939e45ef15f79277c671863ea65fa047e78d7da5f08614ced6d48732e01518
-
Filesize
107KB
MD5042deec5c6eb61fe7a09f6e8b398fe49
SHA108edd4b93d10ce0c42e51b28d8fb44ec2245314c
SHA2563461054723bdb22adfbb23bbd310f441cef02108ca41b15677b2197e503ca144
SHA51235885d4c3d33c688aede63807a86145e750ee1e4b74d43a1c20b75ba61be28e9eaa1a9eee99d9123f4288efc6e2361373c98726bbfac918f17ad31e5a88345e9
-
Filesize
41KB
MD5c1ca7d063e73949ec79bb7d31c739a5c
SHA13a0140578078a2f64ae5b0b1438bb7afbf60cbcc
SHA2564d448629d93874e93560c2e979019608e29a67f8d68ea882d2453f9d56f2a56c
SHA512454a108cd66263112cc899cdd0354be500ad02689a323ba6fab76eac903c881ea1e75f2bd57bc9a51a6a0fb5aefdb384d1265024777f728c6c07ecaf0a603162
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
308KB
-
Filesize
308KB