Analysis
-
max time kernel
148s -
max time network
136s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
04-01-2025 22:18
General
-
Target
NBFD-fabric-1.1.jar
-
Size
4KB
-
MD5
79eb607bb56a4aa11e7ae4efe7723ef2
-
SHA1
73868f01bcf1306c62c4a26448d2433e1abd55ff
-
SHA256
1824e40164005f433dbafb13e77ac0152a1992866c5e5ade502bfe1155ab4228
-
SHA512
baf5da6510c80b7201326fefc910e5641b8f9ab0fc118d9bc19326e88b35e2866b33ec36c0f85a6361d9f5757eec73dc78b16492b0aac2c4ca9ceb934e24addf
-
SSDEEP
96:tBMnAYMkg1NHXrwjslW2eJu6Vx+Y8Qx44V94ft//jMd6C:wnOrOgu72t/L26C
Malware Config
Extracted
C:\Users\Admin\Downloads\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file 2 IoCs
-
Executes dropped EXE 7 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 16 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 63 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 54 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 57 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\NBFD-fabric-1.1.jar1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SaveExport.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x128,0x12c,0xd8,0x130,0x7ffb082f46f8,0x7ffb082f4708,0x7ffb082f47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff61bc45460,0x7ff61bc45470,0x7ff61bc454803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6380 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5997685269510605767,3175983411237989609,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6872 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\WannaCry.exe"C:\Users\Admin\Downloads\WannaCry.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 176831736029193.bat3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cscript.execscript //nologo c.vbs4⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe f3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im MSExchange*3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im Microsoft.Exchange.*3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlserver.exe3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlwriter.exe3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe c3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b !WannaDecryptor!.exe v3⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe v4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete6⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\Downloads\WannaCry.exe"C:\Users\Admin\Downloads\WannaCry.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\cf8c9ee30d93469f9e136a0d75767015 /t 4580 /p 14881⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD538335d3a374fccdd0cd95d4c1756cded
SHA11c8c771f10cff7e142344ae6b8f71706755c37c1
SHA256a477d3e8e916330e35ae04161bfa51773c2935c3d196a487cd0bc866eeba26a0
SHA512f4552dc858b6e7afff4c8ef6beed99f299d3cd29ae8b65ba810a3cd256f136caae58299a55c17b9e5a0849d956071e54f32a140d33c7b3635967f8db9488900d
-
Filesize
152B
MD5c8c74ab5c035388c9f8ca42d04225ed8
SHA11bb47394d88b472e3f163c39261a20b7a4aa3dc0
SHA256ea821d15371cdfef9f4c01c71fbe39f9db7bfd61e6a83e09b14886c5756cd9d9
SHA51288922af80d561b3cf10963160d245044554f9011e4aec4fd40c740b06e5e87e9bc16ed309e296f549d9244b6cc93f627d6dd010eb2d325b38cbb1d43d8b95157
-
Filesize
152B
MD5e8978379b8b4dac705f196c82cddb401
SHA1873169c69e4aaa8c3e1da1c95f3fc6b005f63112
SHA25683528bc9af5e037e40f14bece26788301e4555a6164b31e6010d93d7d18f0afa
SHA5122d73194d03ea51d4154ee9556950dee1e666720c4b53fe671cf2e7647889d480c2941757d6b9b4c60a29a6799478450136f4847b0bec5d4b6aa630d9ca856308
-
Filesize
48B
MD56d9a3dfba8b86c652074fcbde0a34b42
SHA1047e2ac16faffea697664bd5acb6bf052a06e7da
SHA2560e9220cb5cc4ac861244f0e508daf27562e8ac0bb1a0c1063ba3b710d7f7f064
SHA512452331bd892ebbee765d4b4a100a1edd00e5ef6a00f5083c76c45610352a47be4ccf0d2b76ae9b1c3c1d658b77040ecfeda03255ce13e94a1936313a9ff35d02
-
Filesize
3KB
MD59f5059b80492be0e441272fba669f8a8
SHA121b4b85c53614880885499d7b062e87153a7809c
SHA25684130f1ee6967dd0d1f947a25ba6953127eb4ec9371f3df1bb9c443d6f8ad0a3
SHA512dd2dea9d61e42c65be06bdfbaa1d0e291af8e823801e32a3feb7e1c977d87a46032301f284ef8626c7867c3957d4bcc6eb210a591b5c78237830d42a2196dd8e
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
1014B
MD5b890eec55de94ca45f60c548b48690c6
SHA1f75c90c58e1aa185f69f81f44363afb664b80869
SHA256aa8d7df9e4496f48338d581b98b0fc9994bf92acbe17f3f25f48304a9d73c8c7
SHA5127cf2d07aeb1920f72e6572c1810131edcd106b2ef7b2f0cad3ac25a35149877fc0601ca0244a44037467a8a073f344d377c75c219f639d1ff6e105447fc0f386
-
Filesize
1KB
MD5e226987a7a7d00da0c4921feaec3ede7
SHA124aae84961d965c3ac995c910fd2b19db32c3dfa
SHA25676a0317fadc0d32e25f63f3bc82ae9a3a8eb39366e1df43a12bafd26a334a757
SHA512bdbf3de47e2a32e7f064ec5459c159dfeffd4819ba1d43f5f704f4d82a94f584f13ecbaa435dfefed7ad19d62a63014852400038cc7b88d743427c70e478b2b3
-
Filesize
59B
MD578bfcecb05ed1904edce3b60cb5c7e62
SHA1bf77a7461de9d41d12aa88fba056ba758793d9ce
SHA256c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572
SHA5122420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73
-
Filesize
5KB
MD542b3ced6bb59ee9639f9a8c634733b78
SHA124b7fd5b6f935cc8722b8e998042e192c0b3bf69
SHA256ef0de943b8da0b567e9367e23dea668beab14a71fef53d2a16eb1754a6788c45
SHA512552d6ca81fc932cd12073b5a34ba18063f5ee88fe344d78f648230b996a1c627567566c0e70c9500951864caa438a182fa71874e98a8bb405004b2989bb0387e
-
Filesize
4KB
MD56309b175f98ed11c255a389cef04fcab
SHA1655b8b8eca0f0cdc5aa87f7ded2659fa06bf5228
SHA2561a9c9fb90ebeea62866af1ffe12778457225eb2bdb89476fc580e60e46366131
SHA5121d814614ccf4760403f042117960c2e5ac350f14eff03afd35b226f0d5f1168d4c4ff678e6a76f3a2072a39a4b481c8801a893175912ada7642ffd461d5802fb
-
Filesize
6KB
MD5581c96491f7920259a15a8021cbbe0e1
SHA12628cb92d35704cc9b80588fce5cb33ceb8b890d
SHA25635b16a8b7944be7aa0dd54819fdb4258cc8a3637dc96e4fe0cdb5609531981bc
SHA5124d1d4e251d6a13a0e606edccf570ae22fa12fb7c57c108cb7e62c30fd6e188c575cbeb03552bd67ff8b88fa330c47368130abbbe810992f1f16567c96041319f
-
Filesize
7KB
MD5116db3f0dbefdfb204fdc24e75bcc5e8
SHA14f1dc64f7a9caed92db931e6eff2248f63e08138
SHA256bc40e6a21d1b71f318d4bb949213acec8005ff959501886de855b657e1a768b3
SHA5125094ef6896cf6e060301e4b9357cf4510e2a7594758333513152983b0025e54e1e49b15b4199d22a234490f7d7ecc35ca5c94bfd74350a274d3384c8c8d0429f
-
Filesize
6KB
MD51c79b5a823fb2b4fd930e93ff749ea59
SHA13de41869dac3905ba3a66ae4cdd97d40b042fa4c
SHA25658f8933c7979e07250af039b0cb074f1e7b10c7c8463a6f2f0cdfe11a77aa4bd
SHA5122bfa5fcb78b7d28bff4cea36f06414b353eebc184a1b34e11498a01b84442fc53d887cd76057f9783e9772e1a82c56e2821e26eba4a6aa51bb381acd86dab562
-
Filesize
24KB
MD555182d891d98ec9d988cec04bac8752d
SHA1e18a06e1498ff69c1c2697df7e195cf922a92e01
SHA25608dc082566b36f693f93e341a5eb4e93a95d5bfed35b952f5ddcf4a5d51e963d
SHA51235b9bf0c05da26bcebb4e259deca27c84e28521aff5a27af8205624581d1b0a7da6350ee7de0a2329c9cbc1d8cf205c1487638196232cbe794aaa91b0d86d0f7
-
Filesize
24KB
MD5671cfbd0275770e681ef4ede37140969
SHA1ac145dd046e86ab6aff6340664c509c4fd5f1746
SHA256dfafdb318c177ff96d9b85ed518f229398c3f5161f0ca48ff427516292b9d823
SHA512d76a8d3a91d1e5e84b35cfa815736c1d0bd7252381f4e540a8d7102385224167b995f698559c95fa18ed3a50e14a58fb0a96bcedb57d4770df50f98c6d331faf
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD525fd0e89a4e6c450e5e2d4e73ad11668
SHA18c28052a0162032706d9f3fda94bda036340570f
SHA256e031f3067e85bd69ed4215e41e17316c9516cd994f7d7f1029d9ee4380b3759e
SHA512faa317c669f388b8e4b23e03cb06e67e81b2d4529e12c9c00ec7ca0f556af0d860edcbdd81ce202683c9b15944b69fed85b9fb64e7d85e85574ecc9d00b40936
-
Filesize
1KB
MD5b1a685a15d94495f484766a946a2d688
SHA1c15657e382fe2b3472e95dd03fd773b091639d67
SHA2568fd2bf98abf79bcea1abf1ad1337b62d9c707c26c2240eb9d9c987a1b1daabea
SHA512027419e75641a77d795a75b40788ca43c5f81bce579b80d0749a67caa3429397c6cd04c5e225e8e933e1d4b5094801fdaf7c2e079f1f60d326509455db2c285a
-
Filesize
1KB
MD5cf818c7d0b02a3598974952334d08232
SHA1de27d2b40c2a9d5a5a36b62ec50eb029e5648912
SHA2562a1e4afdd7426c025a4d18a0d89237dd601e3ccfd098c176783975f784946cc0
SHA5120ea16423d5a74fcd749f73dc90f24318ea46db829800e81dc25a0b3088bef2acf5e367ab0a1bc26821700b2b50ff646c1900c27be34baab371dbeba401816940
-
Filesize
873B
MD5ef84894a7062bc562cebb25eafb8bc15
SHA1c7558e3663e5c5e2d2ecf2c9375f5393cffc10d0
SHA256c4e7303e3d0e3966dcdc3b9589c3782a25370b8a4b3ac9aefda94123f39e65f3
SHA512cfcf50a91a48e4e7efffb70da3713197cc4eb40b08c74712a1c4ecc2f14979240187754efc13ed9ca638f49179a4f89579bc038ee25ca31aba2e74eb4a2376fe
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16KB
MD59e02552124890dc7e040ce55841d75a4
SHA1f4179e9e3c00378fa4ad61c94527602c70aa0ad9
SHA2567b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77
SHA5123e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd
-
Filesize
4KB
MD5d9f84c8cf73422f2ca07d7e7462b9534
SHA1cff6e092bf5bf1f3f47b7074847e204042a881ae
SHA2565bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2
SHA5121ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38
-
Filesize
11KB
MD53f2aaa9cf37c0934cfc2ed3224664214
SHA10df2eb511b024e45dba82d5a313063642f82941d
SHA25621b8f7781b77a198d00126e3193270480a3d639c48445e693e7e904d746611db
SHA512cee7f43e51d4e133987d99b0781c12e3557c186f71045c653af10e1240578e5caf83f1c8f34bfc0e0b66b2bc4c053ba4099e32b0b7bba4f88de928b44641fdfd
-
Filesize
8KB
MD51091a278196194b22bf3f8c138857b40
SHA1cc00b2910415b88b9a4ea0d013ca89f16cb4fb74
SHA256f03a5cdd74fb278d803b8133ccb37b9c6c4f4057174add2c2d88d1306d714111
SHA512c8409408c05d61c448e1b2bec02b222a21ee208eba58d155d6786c08f32fccc1e6aeca3ddaa9b07f48abfc9cf24073ce3207abd027f600c8de53aafa177195fe
-
Filesize
11KB
MD51da4826d1fef4b68b3d6cc9343618612
SHA17fa71f0bd29d27e71f1d51a092ab7b9ca0086a16
SHA25688e49c0c0f4cff4fa307428a995963018afa816528c06e236dbb197e4374ab62
SHA5128ec95559ae9e2a2ee4b439a68a2ea43632afd6389fa18aead8f0521dd66fd260e33c12a57fa960c0a9294018e81fea61788f8dfca06b09d761ae7c30b917d4e1
-
Filesize
264KB
MD5d6b7828b4811267c9b142161a410e8fb
SHA132b30c02d3810a84e13b9cb2fc151b54568011ff
SHA25656ea80ba2278fcbc4e6abd4bef872707d525f9440bc6bde0f44fbdfeb7d5160b
SHA5124ad38668b884b901061a4025a1265c486121b11229b98246d7f854777f96f9f818d71611ee72d2ec339172ab9606474a0f8c44f94cdc86162d6a68b33c5c0f2a
-
Filesize
2KB
MD55cac389bad46595d55e1a8b40cda8103
SHA1dfd54c46293fb6533e727d427eed71507b4b963b
SHA256c8ec9e518f09c0d246965a9d513ff48de2100146b810f479195f053262d99260
SHA5128cfb7fcd08e1986150ba769ae46d30cac64045f72bfc13481a46cc380877b140db455d4429550f439b6dce19134d87daf09edf95497878a81669bee4705f5564
-
Filesize
3KB
MD50874d63298d91f56e1bf1839078d75b2
SHA16685d8d65e908a0f1b5f81f6946ab52e51f5872f
SHA2567e9ab8bd48f607f33602434a767930452c8562c6cbc89c6a6358ba21074a2d9b
SHA512335549d098ea2dbca4b10306dcc4574b53e60b1ef3074751e09915411852b6e2a5fce6e8f2ad1724f437f30e0422d11084a057e8cac11dcf019ad3f8c7a367db
-
Filesize
3KB
MD51b9487af205951ad3b2ea7cdc0fed780
SHA17be3d258d392cabac6b522c22391c5aa03ff1733
SHA2567531cd63884bca010bbc3e67bc439d33655b7c2c6eda8a2ec70383afe20eda8f
SHA5123f00db72d8a38009a40c6c58193633fabad357c53528697b4b0e08c5e4452c22b5e98ebc492ebaf9e07d0167f88d144d4bf8b2840309b372164d3a54303f25a7
-
Filesize
521KB
MD5c35f62b27cb50e2e991befbf6d92a7f7
SHA1793c19c57f8d47da1df7dae82d6e2a2bcfaa7982
SHA256f3435d05511980d2faf13d8e3ca3064a61c5802fd4f62875b1ee63f46de36eb1
SHA512f6df872402fec2b8e3d2ec0f649e365bf48672e2ab864182774486928b548efb8b35befeca5a46ab25bcfb28b628adc042ea10d2793ea17cbba27d3dcd31a293
-
Filesize
797B
MD5afa18cf4aa2660392111763fb93a8c3d
SHA1c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA5124161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b
-
Filesize
236KB
MD5cf1416074cd7791ab80a18f9e7e219d9
SHA1276d2ec82c518d887a8a3608e51c56fa28716ded
SHA25678e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA5120bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5
-
Filesize
590B
MD58860e8ef4fd45b6d9ac4d767b1cc4449
SHA12351f602303e67a58f3f22c84e1ace4335858591
SHA256568a65f882fabcd311704117edf7ec4165467e6745393b88292570a563c615e5
SHA5122085dafbbf216864099fceec9ec00e3ca79a7bc96e7cf4994c9abb2da4a8cb4328100825320ddb4e9c5491a47262f2814775217ffda46f8ecc576d5471ec1300
-
Filesize
136B
MD56fb79aca58eb5fb21fe127ad9015dd72
SHA1b3d7ed68b0656f318d0ae28adfbc4a8757339254
SHA2562afd6ab9295f40f8206dd20031737ebc96b352aec37efadc7fc4d2f9bea4e2d9
SHA512bfa8be276661c139233e0fa5ee8b29cdd61e73d5b0b671118ad70d36ac21dbda5e564b44d8ac6594905e253a30a0295826396dc6e4aef25f303bdbb79e700836
-
Filesize
136B
MD569d48395e509ce817b82e1c3f72a6962
SHA1b32b1e9d0209a19d2b850691f94b9876d369a09e
SHA256974d988f13e81fe471b0b04266f40c0d8b0b455157fe59e9d36bef542d36dbe4
SHA5124c68ff42f354562492ba7879df01f2f26c51eebf550990f4190dfba1b43ed33f8cb774af4d43c947996dcffdb317fcce262ba3ac6e6b50a82dee8770dfd9b78f
-
Filesize
136B
MD54bbbc062d98d677f053e31af6784d12d
SHA17e1b5327c16f3687acfe238ea8dcd4927c9e9ecd
SHA256e76eceb3c0fae3df88c48cd834974ce0f02458e0ef025bd8a29b1e5728446d91
SHA512e1c8b56b06bf6d19190a7fb004ed5abf9bf2174b30930499accd4ab46a6428aecfe8a422dca103feabaaf6b57c795c28832697e3262de852318c614b9b689ee4
-
Filesize
136B
MD59b72557a271e35df5ce3ed739e96d04c
SHA1fe2c859fc9ad0be54be12385b7a0e5103c40fafa
SHA256682befc7738d56204b27a9ec8b8293f71101cb7289308d6b198f6fa0ca887739
SHA5126f5143c4f44d8c4d20d59a9dc4b7662ab823a1cf3d3bc167d279458305fd520c9ea7944f88434674077549583d11cd0a773441a02f7fec9651e62a6304919d6d
-
Filesize
318B
MD5a261428b490a45438c0d55781a9c6e75
SHA1e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e
SHA2564288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44
SHA512304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40
-
Filesize
224KB
MD55c7fb0927db37372da25f270708103a2
SHA1120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206
-
Filesize
201B
MD502b937ceef5da308c5689fcdb3fb12e9
SHA1fa5490ea513c1b0ee01038c18cb641a51f459507
SHA2565d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1
SHA512843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653
-
Filesize
628B
MD564c3e01cfa081bfc0def36800c3f9f85
SHA1a896e2218cd6ff8ad74abeaabc6fbcf2ebde125a
SHA256d98ea83ed7d7dc78ec3057314f8f1b9ffaf847520ba9253b3f19ccd2482533aa
SHA512736cd5cc4ff91877a0cf0682b7fcc2faf1e1276a9918b86231a0a68bb707100a15a2e1eaa998b95d7b30753fbfaee63223f6bdd652a0a7c473969d8d69cb1eb2
-
Filesize
344B
MD5f2512772460dd227a10f8883ce84bbfa
SHA121ac4df5f147f39cb6faf16c8fce58fbe968d742
SHA256562e9905be53ce72d302e66c7dbbef0ac5b6c5d6c689d44eac76760f15700512
SHA5120733b6985448a69344b851cc3c6bfdabbc8035125df5e17a6376b957b538dbfd1e0165415329488474ba45b247ac5aa0786441aceb544b591d1ff8bb5f4a5338
-
Filesize
42KB
MD5980b08bac152aff3f9b0136b616affa5
SHA12a9c9601ea038f790cc29379c79407356a3d25a3
SHA256402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496
-
Filesize
729B
MD5880e6a619106b3def7e1255f67cb8099
SHA18b3a90b2103a92d9facbfb1f64cb0841d97b4de7
SHA256c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35
SHA512c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243
-
Filesize
68KB
MD55557ee73699322602d9ae8294e64ce10
SHA11759643cf8bfd0fb8447fd31c5b616397c27be96
SHA256a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825
SHA51277740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e
-
Filesize
296B
MD59f63540689f8b1b9e52ca2493d41c4c8
SHA117f4ac0aa61614d0ceea2f763622b84909541acd
SHA256da52da43fa55969260716a689a55f6f40f462cc45284b16e22455a49fc9039b7
SHA51200c5eb044f449d31e8600d9abaab5a0338cd498190fbd12578769ba51226713c236955d43a5cc738536545eaaefd6fd93cf0c4e245599c45a7c3421935511437
-
Filesize
72KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.4MB
-
Filesize
4KB
-
Filesize
2.4MB
