Analysis
-
max time kernel
441s -
max time network
1171s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06-09-2024 01:47
Static task
static1
Behavioral task
behavioral1
Sample
daisy's destruction.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
daisy's destruction.exe
Resource
win10v2004-20240802-en
General
-
Target
daisy's destruction.exe
-
Size
848.3MB
-
MD5
68deeac4494153376a00405a6333a40f
-
SHA1
e602da2a9ced7d14c454a29adb7885b71b84402b
-
SHA256
bc8b44b994c5f3d431be21ef9bcad73c672c17dfe01731b1bf78fe7067039a52
-
SHA512
95b9129f1cbc795c5e8f7403deb4e810f3659755a6353c67934020a8dff158e9c92e52ed099c49efd35eb0938d7e6d84c34397f28f8d58c142afa38dc5e473a0
-
SSDEEP
393216:KO/V30PM/IJglhHZNRLRBPjVoGgzKkrFbvvepwW24OcwMVG1:DSPqIJArD7SmEKpwW244
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
daisy's destruction.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation daisy's destruction.exe -
Executes dropped EXE 2 IoCs
Processes:
Saudi.pifSaudi.pifpid process 3288 Saudi.pif 4516 Saudi.pif -
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 37 api64.ipify.org 38 ipinfo.io 39 ipinfo.io 36 api64.ipify.org -
Enumerates processes with tasklist 1 TTPs 2 IoCs
Processes:
tasklist.exetasklist.exepid process 3188 tasklist.exe 3028 tasklist.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Saudi.pifdescription pid process target process PID 3288 set thread context of 4516 3288 Saudi.pif Saudi.pif -
Drops file in Windows directory 6 IoCs
Processes:
daisy's destruction.exedescription ioc process File opened for modification C:\Windows\WonderAvailable daisy's destruction.exe File opened for modification C:\Windows\DecreaseHands daisy's destruction.exe File opened for modification C:\Windows\SourcesShowing daisy's destruction.exe File opened for modification C:\Windows\BehaviourVibrator daisy's destruction.exe File opened for modification C:\Windows\AtomBoobs daisy's destruction.exe File opened for modification C:\Windows\AntarcticaTucson daisy's destruction.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
daisy's destruction.execmd.exefindstr.execmd.exefindstr.exeSaudi.piffindstr.exetasklist.exetasklist.execmd.exechoice.exeSaudi.pifdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language daisy's destruction.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language findstr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language findstr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Saudi.pif Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language findstr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language choice.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Saudi.pif -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
Saudi.pifpid process 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
tasklist.exetasklist.exedescription pid process Token: SeDebugPrivilege 3028 tasklist.exe Token: SeDebugPrivilege 3188 tasklist.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
Saudi.pifpid process 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
Saudi.pifpid process 3288 Saudi.pif 3288 Saudi.pif 3288 Saudi.pif -
Suspicious use of WriteProcessMemory 35 IoCs
Processes:
daisy's destruction.execmd.exeSaudi.pifdescription pid process target process PID 4296 wrote to memory of 4212 4296 daisy's destruction.exe cmd.exe PID 4296 wrote to memory of 4212 4296 daisy's destruction.exe cmd.exe PID 4296 wrote to memory of 4212 4296 daisy's destruction.exe cmd.exe PID 4212 wrote to memory of 3028 4212 cmd.exe tasklist.exe PID 4212 wrote to memory of 3028 4212 cmd.exe tasklist.exe PID 4212 wrote to memory of 3028 4212 cmd.exe tasklist.exe PID 4212 wrote to memory of 1780 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 1780 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 1780 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 3188 4212 cmd.exe tasklist.exe PID 4212 wrote to memory of 3188 4212 cmd.exe tasklist.exe PID 4212 wrote to memory of 3188 4212 cmd.exe tasklist.exe PID 4212 wrote to memory of 4980 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 4980 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 4980 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 3592 4212 cmd.exe cmd.exe PID 4212 wrote to memory of 3592 4212 cmd.exe cmd.exe PID 4212 wrote to memory of 3592 4212 cmd.exe cmd.exe PID 4212 wrote to memory of 1036 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 1036 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 1036 4212 cmd.exe findstr.exe PID 4212 wrote to memory of 4796 4212 cmd.exe cmd.exe PID 4212 wrote to memory of 4796 4212 cmd.exe cmd.exe PID 4212 wrote to memory of 4796 4212 cmd.exe cmd.exe PID 4212 wrote to memory of 3288 4212 cmd.exe Saudi.pif PID 4212 wrote to memory of 3288 4212 cmd.exe Saudi.pif PID 4212 wrote to memory of 3288 4212 cmd.exe Saudi.pif PID 4212 wrote to memory of 4412 4212 cmd.exe choice.exe PID 4212 wrote to memory of 4412 4212 cmd.exe choice.exe PID 4212 wrote to memory of 4412 4212 cmd.exe choice.exe PID 3288 wrote to memory of 4516 3288 Saudi.pif Saudi.pif PID 3288 wrote to memory of 4516 3288 Saudi.pif Saudi.pif PID 3288 wrote to memory of 4516 3288 Saudi.pif Saudi.pif PID 3288 wrote to memory of 4516 3288 Saudi.pif Saudi.pif PID 3288 wrote to memory of 4516 3288 Saudi.pif Saudi.pif
Processes
-
C:\Users\Admin\AppData\Local\Temp\daisy's destruction.exe"C:\Users\Admin\AppData\Local\Temp\daisy's destruction.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4296 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k move Desktop Desktop.bat & Desktop.bat & exit2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3028 -
C:\Windows\SysWOW64\findstr.exefindstr /I "wrsa opssvc"3⤵
- System Location Discovery: System Language Discovery
PID:1780 -
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3188 -
C:\Windows\SysWOW64\findstr.exefindstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"3⤵
- System Location Discovery: System Language Discovery
PID:4980 -
C:\Windows\SysWOW64\cmd.execmd /c md 7992753⤵
- System Location Discovery: System Language Discovery
PID:3592 -
C:\Windows\SysWOW64\findstr.exefindstr /V "TransformationComponentBrideInvasion" Calculate3⤵
- System Location Discovery: System Language Discovery
PID:1036 -
C:\Windows\SysWOW64\cmd.execmd /c copy /b ..\Evaluations + ..\Kansas + ..\Monkey + ..\Cookies + ..\Frontpage + ..\Ownership + ..\Thu + ..\Momentum + ..\Nvidia + ..\Kits + ..\Take + ..\Statements + ..\Earlier + ..\Presentations + ..\Runs + ..\Deviant + ..\Indicate + ..\Award + ..\Engineer + ..\Ty + ..\Feb + ..\Ads + ..\Sounds + ..\M + ..\Logan + ..\Pixel + ..\Atm + ..\Ports + ..\Ireland + ..\Chance + ..\Stewart + ..\Puzzle + ..\Milf + ..\Basics + ..\Invitations O3⤵
- System Location Discovery: System Language Discovery
PID:4796 -
C:\Users\Admin\AppData\Local\Temp\799275\Saudi.pifSaudi.pif O3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3288 -
C:\Users\Admin\AppData\Local\Temp\799275\Saudi.pifC:\Users\Admin\AppData\Local\Temp\799275\Saudi.pif4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4516 -
C:\Windows\SysWOW64\choice.exechoice /d y /t 53⤵
- System Location Discovery: System Language Discovery
PID:4412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB
MD524f255fd8532d15d5b371acecb54ee5e
SHA1e818d75277b108a6715af7aabf4151c6fe219dce
SHA256c0e7af5284a6f6928e46b2d35bd2f3e258227fed21284396df570b94c9aefdf9
SHA5124af6c424851c95fb17834558b7be61907415e312cbdcc1bc42cae4c739e5181aab5a49eeed4c41420dac6d8fb1d65dccab85677e6a349d56849f2685921bc11c
-
Filesize
872KB
MD518ce19b57f43ce0a5af149c96aecc685
SHA11bd5ca29fc35fc8ac346f23b155337c5b28bbc36
SHA256d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd
SHA512a0c58f04dfb49272a2b6f1e8ce3f541a030a6c7a09bb040e660fc4cd9892ca3ac39cf3d6754c125f7cd1987d1fca01640a153519b4e2eb3e3b4b8c9dc1480558
-
Filesize
61KB
MD5a39632492bdd563525ff001f1b86f0e4
SHA12f2adcb9e9c3d113cc0423ed3d6c5a92c87b6663
SHA256318f36657f1cd378d54e0076449141abd81b9342ed71069295f0b76286a97bf7
SHA5127182b63e5544c1176d71fd60e469fd8a4c4b32806ac8acc9405a4c06227dee52b86adfd7219f3a52179f42aa84fe7ff9bbcbea3c6503a543cb9c6498e0c48c0c
-
Filesize
99KB
MD5a6f61d79975cb2b509719c66141b6585
SHA11be912e6a4ccb6ff68534c928d189d40f753da29
SHA25634f21e76ff95e314d32f4c57c02b9f1e127c60f5713ac90ff6b83ca89e722152
SHA5127c22142ef2d2da4cf54a74840a44437bd8fbdb0651210dd7a07785a7ccef5e743d4a5ca7032890f5c0ff04c02c75ed19076cf250c8789d4ab0e8bd3ea0259d5c
-
Filesize
63KB
MD59ea019a50d3f99eda1ac5a023f5bfb3f
SHA1c2bcdb92b5591a8f81a58199752283bba61fe27b
SHA256f9b572b644728ae7766826fb9e23e4b697ed2410eba03932e38581a2b15a482a
SHA51286a7287dcfa4309ca28804e4ab469758804dba43709465f8d7a341ef45be6df10e57d9851430c2864675fabded8244737223d6061a98ab03ee2e61b26a864de4
-
Filesize
87KB
MD57aba05f59455b446e95576b9a5db9cef
SHA115913d78c6f4acfca103781b90c4ddda5e8748ee
SHA2565379782cd93b84b6e0783423b774b3fea7397fb10190f3424da8d40d479a11ed
SHA51210594d23452b38c99da659a1e6d1f4cb6e880ca499a209816457404e96c9d4cd529800f060529654d7acf9b37aff95739e650e33545dc48534cb1abb95269166
-
Filesize
2KB
MD520db8abb0b58bfce2d12ff899e819402
SHA175deb5a682ba679460c177cf1e01d3a8d0306770
SHA256d4f1f749b022682097ac05deef61b6a78d78bd7aa8829209fb0b057f082cbd03
SHA512bfb2e8579ab90ae5a46f9246048ecba231150fccaa4107afc9bfa243d1a43b2ceb8baf85d5a88cd338b5986b8f4c6141eb5777c9f7299371f8a73a9fbf5dc246
-
Filesize
52KB
MD5350486fb745a1f810f0a28a53f0dddc5
SHA1580b192862da85a1a3ba1266f4d502298d5baf4f
SHA256270ecffb55583dd2f0daf3d2d81e6e99a70926be93591295bb630deed46b15ae
SHA51225747d567e6eb39a7b564b66839f9c7560e9fe052db73cc34f1212dc40a5164cc56fc906c084ce1731239484740b6935386aa10e02876ac03d5b79fc338fde1c
-
Filesize
50KB
MD5c8f43801d3fea6fa84b15e661eb57de8
SHA1748e0ee1c29144374e89b7912134e1c9511962ba
SHA256e0d1ee2e3cffccc5f3732e19557959c0d39603d011f8cbcbbb56f0d9dc7ff30f
SHA5123b51abd920843e33d702f7104a42b738e3605f7d65b0c5cebd6649563ddd4ff451d050f5b1acb5118f25066cde3cc6d44a472ae59edfb7daa1b64f705f90a5fc
-
Filesize
15KB
MD5c02234632af315d6f7836aa9384a0c73
SHA1ac31913f0d0a359447bbe3f2975137662c38f980
SHA2565cdce3385e52af077cda84889bf670ecae40075017493c7c5fc949b4c5872bd5
SHA5120b65fc6f024a67984f6cd48710ef2ceddf8a9c49c2d9d9d42c95b46f77d8e9f72b41b75d213cb4f38ea0f64bcfd346c3eb5641b48629eb6141a8870e0c613496
-
Filesize
56KB
MD5e48388dd9e0aedd98363a8ee899d31c0
SHA14d08a1c34c2f83371c2324997f4d5d5c2b4f6f46
SHA2567f222b2266e5661b511c38253a06785cdeb4960d1ac50b8a2d2b44b3fd6ff783
SHA51252ad9ceef3d67b7a8abf450a208d166413a54c63d659b2f983c2beaf5b6f89e9dfd490a8569d1febb9e8e708c979bf247c9d14973b710a6b9c3fe8a05bce12be
-
Filesize
58KB
MD5b91d435bbaffb5687bfe3058658285bd
SHA1ea435f4c116ded230376706c569d8daa900bbd89
SHA256b35b27d72e588627174ca07464955396575af36e24e4e546d78309fc7add3b5e
SHA5122d97ee33e25517f1d9c1a6d1a6894d077a9e8c9e2696ebc4b5b9ec68825e9c84c7f01e115dbc930829759038da7121e3fd56aa67b00d9cca300ecf7a86a077de
-
Filesize
69KB
MD5ff1d4e381695d48100a92e77680e3bac
SHA1ce7158b1618f1a4c4ce17f8e20500b038484120f
SHA2568b6cdaec997e5d31133e0df353ff0f9f3171c81d61094fb368c3454680f9367c
SHA512482f180801140f345726efcdddde9dc77ce695a48a27b3811fc8a043c450c4eef9364fc6b60e9a7675e0d7f16b511f2de54c649e22b716c5a4abdb4077922040
-
Filesize
54KB
MD53d738ac6cfcadcdacceb6a1f7339e48b
SHA13340454640e8900a07dedaed6d92de5e560bb098
SHA256c490ec35c8d09289bbe6f81df6abb99317d63ba950f36fccd96a122045e24e91
SHA512a89daf894e21a31d7f0c63b4ba86b1f92f7b3a37dba37283d203c20ea2f34a6ee9a23716d442e8b70da234236d4b8fd4a29b6dc99c3285fc4071a3f6add807b0
-
Filesize
91KB
MD555698cca8dba864e09d9464c67a38029
SHA1725f70b0e0c7fcdb2102351919206969274b6e66
SHA25637e40f3163834d1d135d24420c2b470a5d7ac0c7454ed5f3bcd47493dd843fe5
SHA512cfee11b90e1d6f6f160a4323ce500d5683cc9c31ad1f107e20cab3ebd3f6e7d77e2c9b52b9ad854ea553cf67d261bfa85de2d82fe82b5c25f709f12a1120dca2
-
Filesize
71KB
MD5aa6a8c0dae15c0f592500bd8facad795
SHA1a3464148458fa47000a922610613ec4566251632
SHA25623404b7a1724c8c224fada5a0c7429cdd0a62f3b17e5c45a913ae1b0b1a77f65
SHA512c617859708e14b35ef4280c57a814ea6e0765b3499e32d4a014d871092f5d62ad8c416a308cd07475642fc1656d24839fba094ad4c7e604feafd276487207e32
-
Filesize
869KB
MD5d4f9f9bddbc23ec4b089e8c8b9552141
SHA1087a35fad96b427ad23eb86fcaca77270477b754
SHA256b3733786e1a273f7da72579b4a26c10a8b569219c765c09ca5a4170e4b83321a
SHA5129eea0909dac7fd0fdaee5864ff247844f4a9b690057e5ab82fcac98959b03af75229c622e46a97b4fd916055c0f65f6ca1610c4d4f396a83815977d85b9102e9
-
Filesize
93KB
MD5616e36dba3e3e214ed1aee198167a4a6
SHA12b0febf3b291c157ca3190aefc35722094da1532
SHA256946ea516a4ccf57c61daf07a0e68d12ff8c78c85265c87e0deef81bdf8f78c12
SHA5123b6e4fad2da9ef68f026f8489a459d56985c5591476a2f36d5d4c83c3b110a6e95b1d6401f29a6b45d7ee1dad4e18340e0792d6e3bd788bbbe4cadb276c6f198
-
Filesize
70KB
MD5327f5bdcd4541496d30a05f9a6fe842b
SHA19120d2cee8214f0d5ede22a7c65f99cd5f1183c3
SHA256235670fab1d55058a0cc9eac2ff09b047769095e22bd18ba43bb9319b6c20bac
SHA5123b4de8192878451c7293803f30ff4452a7dbc2993860e7cfdda48556b062a84e5de8de44700d8d7bdd7c41f7ed96733f8425794bbd9b9de9fcf2b72d0cd4301d
-
Filesize
90KB
MD5a443cc49cc739f07a01f812c6df56bf1
SHA139a16793a3bc225f4452ccd8d0aba365ee593278
SHA25607c18c7636b6fc4feab3263d4544a04fc8ac51162bee1ce9a8fcf08c3a22bb5c
SHA5120fa9295754730beb47cb7e7a668ce67c5408eafab18151031046e5f814057c86da72d575925fb4b4634fc68a6fba50b3a298ec7cb4db4a9cc7d7049376d671bc
-
Filesize
64KB
MD5e5863b510e4b784dd5c92aaec8bc6cd4
SHA17cc1404717757a2f729f71ca010072ef403d370e
SHA25658288091bddbde712eae66ecf92c078dad75d19892055c6de942fdecec26eaf9
SHA512366bc746917db2141f8fb6e00f6528c0026710ec42c4e9c6e1d3dd170a1b05a18814a5a10df7a565355b3515eea404a71c82aa77db164b114b15dcfd969df3cf
-
Filesize
66KB
MD5f30d40c6dc021747ec711cec5c540c67
SHA13a59f151d44058c609b987847d192509df506abe
SHA256da25e600fb5b831ba7e9ea97922aa93e39e48918ff1ef73bbcc8fc9637811a05
SHA512a4ec445f8776cead5a23ae85932dd21f56d394323455e4be28a78c12fefe7d7e3b8859dafd7e1a7aeb5abab5cc53de249ff1b9597244a98215a0b267feb0bd80
-
Filesize
78KB
MD5cc16c91de5771b6bb13b0b0d3d1b36ed
SHA16153fce28df72327bb47fefc62881bf2fe2a8f04
SHA2566d0109dc4ac50969a74455ab3470e9ab1e1e9db36fba806086cde963c92deb05
SHA5129a5c6c11500cb30208392b32a4434ed8a6ef6a0016bb78c7fecd64bfcc7da3b1c5cce5e1c8148da122e2077de7a2f0e0466c2a74a3edfd678442d0f5bc6e55f0
-
Filesize
91KB
MD513c53091b190c9b9df321d61659721d7
SHA1183767c89c56082a91457774033a983e8821db63
SHA256bc02e43d1e838339185c837c651861ec01cfa7da7195fe6fdc42fcb14ad08a4d
SHA5127122035aa3f19c9f0a8a87db1ad3b20484f88cc681be9f9540813ab5e859b1fe9a39ab4aa3b8b1acc05b8ab5483170f31f0cc305ffb637c72b68505b0107d49f
-
Filesize
56KB
MD51166cd50a320b6a52ca5660cd3ef4940
SHA1ec1ccbeeb4bd5e74d3254fe476f5caf8225d9d6d
SHA256f5297af98bce02876a971da5a312e0d659c43368bc8ca7bb4b6cc5a4469cd140
SHA512d9e06782c54699776bb766a86c239d1a5b7c68c238241c9bae9023346ce20e509dd5f4a5c0ea3f6febe0db26ebb8d4f16d24c452b2b48452b727c589ff62c114
-
Filesize
79KB
MD598eff6fdbaf188ff8bb9c230612e7ab9
SHA14c55318bcc31980134c5455b7f736522481e7865
SHA256bf06e2f8f8e360f5e8fd7cd39ee631cf2156d7d67e45c54e6ac3638117c30c84
SHA5129b928a550ab978609323b41b0da1f8018a980c3fa50658fd3ce74ce888a2fb6880a480e844c7c9be3921f478fc06cc0e4a6e87c5cfbda6d5cd2ddcb5331eafd8
-
Filesize
54KB
MD5366da4e20f6973a658850d0cb0560140
SHA17463be54871d0a728a36d955b5e4b4935f832539
SHA2562fdc969a47a50f3260018e708fde26e93c2b8b9b56a5f2d1e75d8ba2fcc0dbec
SHA512fa733e99ee72c39b643f9db1594c73f4928b9aa7a1f0b543409a16de7fb7ecfff26c3e2f0070a1c386f3ede03c214371fcc968231f6c969b23c063257eed4e83
-
Filesize
55KB
MD5ca2b98b4b4bdfcc2ffb39176fc62faed
SHA144b13597a8c63849fc318ea82b612a3b48714514
SHA2566d0392db8f087952b0e8f81a6beec3b6d888272b4ebf0d55b6736d04c4d2b0bf
SHA5125c7b466a4bf02882566a05294acc9d8057340ff420f62a08d509e9d229765b3735e425268ae16147d6ca64e65e0285701f3edef6fcfabbd87b4a6973157d78be
-
Filesize
69KB
MD52720a96bfc6c052ffbee90eddd29b91c
SHA1b707906e1c6327d91da83b2637de9b526ce8421d
SHA25697bf82b8f22ce2f8ca3fb29a5a8039e9b679655c62077cd1465bd0dd4baaa061
SHA5129a7817a69f7240e0d8db0447ea0382ed6d0c9741471b4e242fb92447a6bc447bdecfc672664ed924128f3d632821f03a05798c3ca74d91268a955e0e5a228d4a
-
Filesize
93KB
MD5b870a2f983186cda64ca0a0443fdbebf
SHA170cd2505beca64a15454723c8fb185562dfbb594
SHA2565d8b919ef4f7ba8aee86a32d1b5e23f1c3e67d8b16a5b75e0f6d68735d03af95
SHA512bbd130c726fd439993673d2d577df8d79f938c914c17ecbfcec41341fca60d0afceb1d67d27b52d9c43490fc4213dd37f0353f901af99ca9db46016a5e386b45
-
Filesize
97KB
MD5fa483b9a86de25df5b733f502e92fe7d
SHA167ade79afed62eaf24b814f4c1436fadbce363e3
SHA256c02e0aa3ad116a6ec3d7ebc0572500135339beab871783efb8ce8f02fbeef7c2
SHA5124df99695dab8d8e0571d8a6d1bba5fce17c8d5bb6ce44e4151e99141589dba9e4715dbb72fce470dd386c6768863cca98ed4b0e79d53ce3f738b2a6e11a028ed
-
Filesize
53KB
MD567757b0d30bede0af4631b56ff072809
SHA1eb6735867fe0f5f9ffeb42a2372799cdf1e364bb
SHA256860014b58934b74971388c4fa01f3bc0eb90c424e689f4df009521d162bd5924
SHA512b82c3fdaa1906b57d92286ba345bdf0a84aa56d5e9c59f79f16d6167cb8accb37001f5223f712d39321fad70cb26b71da34cc9703df4082aa80d679afb541df2
-
Filesize
82KB
MD58b88132864173b12be49544e452ea4b5
SHA1299d8a3805f9a10c7f0c78b7674bba340b784711
SHA2560b6dc43385223928d54f5d840d36c91564a36e7dc835fed0379f41fd4e646262
SHA512352ed7c2ededc87dae45708698d4b1e8d803fe9cbd740b0744be71e48d0a6e0612babaf0a688e90003173a433f787cbae7220495d23d42916fbb6a6130b7901f
-
Filesize
96KB
MD535f48790b74e042b3edb9b34e3a5f8fd
SHA18006268733957ac11d3af06856388ee6b84739ba
SHA2563d98ae96420747ce126d7fe2f1e9b210de27ad38f4802e9a42b390429a1697dd
SHA51263a0514bac44b9d5ca60602cf8ea80fdfffa6733ec7ba13fee81736748050bb12d747b35368c7ed2a5364b34bd669281abf8c9444dbf36b092bf45605596be4b
-
Filesize
58KB
MD535451d20e34907863dc1efc7caa019fc
SHA1c15a690db71ac5f21fbf2186939c36c6caf87dff
SHA25605586615c257451ffd0730829d376be051c505ea5e73525c9a3e539d5c1145ef
SHA512de3552af3ca3d90a846107cc7596d9f29ed75dcbe4308aa636952d662162d36b3b5e5b0c19739554fa68a3c39405dcbf07c5f28bfcdfb4bb50829048322f66e6
-
Filesize
63KB
MD58f7b991c8211319025ab7a549f997d41
SHA128f6af2157090dddf26ac677410409904e3e4c21
SHA25621297aa5fab44bb0d2a1fd086b7c1bb9540147ac886d961ad194d1658da94431
SHA51284c641f39b28fa8fcc4a7066aef3bacbba9aa6d1fd77610a1db17ed89fab77532e1eaf9336fe9509ac2fc1dadb7c8a2804b6ef8967daba9100379e0d11d1ab75
-
Filesize
88KB
MD5eb8f36865f16229dc775e9c00a4ec3f1
SHA1824c6711705c7a75ce0a6904a38eabe7ddc6c7b4
SHA256c3e3cf04f4501eeb37db51b7be288db941bc8f4497067a552af7b19aae1b17a3
SHA512701d8bce6354780e52abca6772fa43c55888d2bbd983a13dc7c95935d52f874903767a5b2eb12bb97fd58460099b6b52f25336f47f4ff0849d081c7c3a1d3940
-
Filesize
65KB
MD557668416f8e93c60f4abb89d1c517ce4
SHA16d2b23395aecfc9ee45cbd69469e946b77eaf3a2
SHA2560e8cb087ea27ae4af9360c478822260600d9af234ca0e9521f5b05904142705f
SHA512da7e61d9cd89886fcfae4f406e983622d2ecb5714b9398776e65da24f7c91d43915aa1e6e8a45a9713d3865a8be0f15ff2bb34dc45643158c3cf8c7e0395f354
-
Filesize
74KB
MD53f9e5757f9c3ef75e75310416c72c35f
SHA1ae7449c0c4f3f0ca5480ad391219ba989d2e0dbe
SHA256f656b202b7682064680a2b3b7e4305ef8b378aea601ae7530db148bb6f9a6400
SHA512ecaefaa239cf44306134b4618e1d82b80e6ade1f58583c9098a0ed3fa219fe6a87b9af977062d3f654dca1618256a132c80d7aad579b66affa6836c2be64c8df
-
Filesize
75KB
MD53260fe976c04ac1cdb493cd611b08005
SHA1ebe4cc15f418825da444be729091c472e5b51c73
SHA2565494bb02fb31b7008904ae3398ae33e15a6fc8444fe4d7d06279b88e1b466e02
SHA5129959f975feceb743553f1daf8c6814181e361877d2aabc80127628e45c11c70b3fb5d55567c392e13c16626099b18411a99dc2f86fdec0556fa34e0072f521c5