Analysis
-
max time kernel
22s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
-
submitted
30-01-2025 19:34
General
-
Target
https://cdn.discordapp.com/attachments/1202973001197555773/1334353377261260831/Wave.exe?ex=679ce1ac&is=679b902c&hm=81ed019be41f3a6abc74e420ab9fa47670343073845a76707a48ee9a05a16e6b&
Malware Config
Signatures
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Downloads MZ/PE file 1 IoCs
-
Modifies Windows Firewall 2 TTPs 2 IoCs
-
Clipboard Data 1 TTPs 2 IoCs
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 36 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery 1 TTPs 2 IoCs
Attempt to gather information on host's network.
-
Enumerates processes with tasklist 1 TTPs 4 IoCs
-
Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Detects Pyinstaller 1 IoCs
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
-
System Network Connections Discovery 1 TTPs 1 IoCs
Attempt to get a listing of network connections.
-
Collects information from the system 1 TTPs 1 IoCs
Uses WMIC.exe to find detailed system information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
-
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Kills process with taskkill 9 IoCs
-
NTFS ADS 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 11 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 37 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1202973001197555773/1334353377261260831/Wave.exe?ex=679ce1ac&is=679b902c&hm=81ed019be41f3a6abc74e420ab9fa47670343073845a76707a48ee9a05a16e6b&1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83e7946f8,0x7ff83e794708,0x7ff83e7947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5372 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5940 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,3796298180482955611,429765806697041599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Wave.exe"C:\Users\Admin\Downloads\Wave.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Wave.exe"C:\Users\Admin\Downloads\Wave.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist"4⤵
-
C:\Windows\system32\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""4⤵
- Hide Artifacts: Hidden Files and Directories
-
C:\Windows\system32\attrib.exeattrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"5⤵
- Views/modifies file attributes
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""4⤵
-
C:\Windows\system32\mshta.exemshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist"4⤵
-
C:\Windows\system32\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 1028"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 10285⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 2896"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 28965⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 2728"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 27285⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3440"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 34405⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 2764"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 27645⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3044"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 30445⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 3508"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 35085⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 2536"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 25365⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /PID 4380"4⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 43805⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"4⤵
-
C:\Windows\system32\cmd.execmd.exe /c chcp5⤵
-
C:\Windows\system32\chcp.comchcp6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"4⤵
-
C:\Windows\system32\cmd.execmd.exe /c chcp5⤵
-
C:\Windows\system32\chcp.comchcp6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FO LIST"4⤵
-
C:\Windows\system32\tasklist.exetasklist /FO LIST5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"4⤵
- Clipboard Data
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Get-Clipboard5⤵
- Clipboard Data
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"4⤵
- Network Service Discovery
-
C:\Windows\system32\systeminfo.exesysteminfo5⤵
- Gathers system information
-
-
C:\Windows\system32\HOSTNAME.EXEhostname5⤵
-
-
C:\Windows\System32\Wbem\WMIC.exewmic logicaldisk get caption,description,providername5⤵
- Collects information from the system
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net.exenet user5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user6⤵
-
-
-
C:\Windows\system32\query.exequery user5⤵
-
C:\Windows\system32\quser.exe"C:\Windows\system32\quser.exe"6⤵
-
-
-
C:\Windows\system32\net.exenet localgroup5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup6⤵
-
-
-
C:\Windows\system32\net.exenet localgroup administrators5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators6⤵
-
-
-
C:\Windows\system32\net.exenet user guest5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user guest6⤵
-
-
-
C:\Windows\system32\net.exenet user administrator5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user administrator6⤵
-
-
-
C:\Windows\System32\Wbem\WMIC.exewmic startup get caption,command5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /svc5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\ipconfig.exeipconfig /all5⤵
- Gathers network information
-
-
C:\Windows\system32\ROUTE.EXEroute print5⤵
-
-
C:\Windows\system32\ARP.EXEarp -a5⤵
- Network Service Discovery
-
-
C:\Windows\system32\NETSTAT.EXEnetstat -ano5⤵
- System Network Connections Discovery
- Gathers network information
-
-
C:\Windows\system32\sc.exesc query type= service state= all5⤵
- Launches sc.exe
-
-
C:\Windows\system32\netsh.exenetsh firewall show state5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\system32\netsh.exenetsh firewall show config5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "netsh wlan show profiles"4⤵
- System Network Configuration Discovery: Wi-Fi Discovery
-
C:\Windows\system32\netsh.exenetsh wlan show profiles5⤵
- Event Triggered Execution: Netsh Helper DLL
- System Network Configuration Discovery: Wi-Fi Discovery
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"4⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid5⤵
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
1System Information Discovery
3System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56a53cceb7a396402c1eccd08dbe38a73
SHA196e06029b79791df1b1a0a7cef7508a5c44d13c4
SHA25631c8ba2ce8a088515e4feff78968e8916c759331b7428421a990cc349a208b51
SHA512bda381d092d0272a19350a66533ec0fac2efccfd26fc87695a8270eb3d4abec01483b31dfae75ba3f128623454d471c9e948c44df478edbdb6b5a15377637036
-
Filesize
152B
MD5a451e41e51facc395053e7b74c3490d0
SHA1c866ac24af529f0265e99bd88529da46c9ff6dcc
SHA256cc33bfdf9c856a2e9e9aa8eeddf9723a0396fad82b0dcae7a408bb4c84fdb584
SHA512553489450d55d7adb9c859e521d0e46961490e54c533c826adc8c546ca0b51ecda82c159801bd060a291e724355c6d4fd2ee603ff65d4a15603f34f1472664fb
-
Filesize
6KB
MD589ba43f8c8a8250301c5c0864585e407
SHA171f973a3c1d986516f7d1c37526e19e4ffcbfa1d
SHA25676722ff3a1c883f14f3c93f34b37329683cea0beabad5cd7a10ab8f2f522581b
SHA512adbda61040c32ea6e6c3e71c3f3cafc44aa786224a5988ff4c0987c04ed15ad8a1d52700cb29e2af3ee7661a45892350c9fc96f7f81cbc14cbd6b201ddde76fe
-
Filesize
6KB
MD5b889103d6ddd58391e45480469d8457b
SHA10aaa9d4be8959579f95a617d7900f51821409585
SHA256f7c6acae65ba950c6a9359f778b0a2cc35701ed3b5556929adf68a311c71f1fe
SHA512270685215700904caf7c9c86131299d785310b3d2cc4794fbbcb5ebb5a4cf6433a97e33388217ebadea1e1d2cd8c55072cb2debed1c12738bb763388f769efe9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5db4ad776ad75b147d75a24d24f0d2018
SHA107fe399edc3342ab9bea74560d2a2017862e7f73
SHA2561ab0946563dd5febc373a14586a2575bd469c42c7e57aac54ae98013f295a1ef
SHA5120c45252a6fa06fe8eeb87524d233079702d4f668336d20c1b53605561d708c4caf1245b8f09a661bd0810d1db10299ae7af029f0c661e3e0901d62a0921941a1
-
Filesize
552KB
MD5cd0c37f1875b704f8eb08e397381ac16
SHA1249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
SHA256d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
SHA512d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5
-
Filesize
106KB
MD5870fea4e961e2fbd00110d3783e529be
SHA1a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA25676fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA5120b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88
-
Filesize
48KB
MD5bba9680bc310d8d25e97b12463196c92
SHA19a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA5121575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739
-
Filesize
34KB
MD57d4f9a2b793e021f7e37b8448751ed4e
SHA10ea07b5024501aad5008655cfeae6d96b5da957a
SHA2562293c1b6b0b901832a57a1c4dcb1265c9e92d21177195712c30632a7b63227d4
SHA512af75452279c308c61c3e222a031a8201e47e8fe44c4e92cb7dab03d56c7e7e3e2a2c589f650c50e0b29e2df175d6f2ff50c8e5e589d17a124bf0a2e0d7886c26
-
Filesize
291KB
MD5277ad3ef0a1323a7e29d32f1fb4f0782
SHA13cbac1c280afb586fc79abcc24732b71700c4c16
SHA256e4b450838c9408ed80f8bb8d4e165e8de204c73108af50c20c8b2b0c797cf219
SHA51226a4446fccd2aa2b6c151ade640c154ac85be975dde0a1e5a6a857f1c505c7ac763e420fdce68892bcd70fb1bb5a24dff39f6751eefb7d01ba34de905e1db508
-
Filesize
46KB
MD56250a28b9d0bfefc1254bd78ece7ae9f
SHA14b07c8e18d23c8ae9d92d7b8d39ae20bc447aecd
SHA2567d43f7105aa4f856239235c67f61044493ee6f95ddf04533189bf5ea98073f0b
SHA5126d0aa5c3f8f5b268b94341dfdd5afbe48f91f9aac143bf59f7f5e8ba6f54205b85ec527c53498ed8860fdff6a8d08e48ec4e1652eeab2d3c89aaaf3a14fcaaa7
-
Filesize
72KB
MD5569d276da5bcb89d9e93b639d27d4c7c
SHA146ef90c9dbac45a89c384d26af1971fb780073bf
SHA256e016f14f54a7907f0afe9970b5bfe9fb0ad043109d4446dd5e2910600e0b5a82
SHA5121b883a41ecd35fe4a62d996f4a8c96e2ed9c7d16fd5a1515792f39524cacb9bdb314b5435644e52af0f1874b1a4ee1865492722649f59b51eb70085c0679d7b5
-
Filesize
56KB
MD54b90108fabdd64577a84313c765a2946
SHA1245f4628683a3e18bb6f0d1c88aa26fb959ed258
SHA256e1b634628839a45ab08913463e07b6b6b7fd502396d768f43b21da2875b506a1
SHA51291fa069d7cf61c57faad6355f6fd46d702576c4342460dadcedfdcbc07cd9d84486734f0561fa5e1e01668b384c3c07dd779b332f77d0bb6fbdbb8c0cb5091bc
-
Filesize
103KB
MD520985dc78dbd1992382354af5ca28988
SHA1385a3e7a7654e5e4c686399f3a72b235e941e311
SHA256f3620cac68595b8a8495ab044f19a1c89012f50d2fe571b7a1721485f7ff2e43
SHA51261b8ecd2d12b3f785773b98d4bf4af0eb6eb2c61fbea6effb77ec24b2127e888d0ea5fdd8cc298484e0f770d70c87907048fc382faace8e0ca6b49ab106c89f8
-
Filesize
33KB
MD53b5530f497ff7c127383d0029e680c35
SHA1fb5dc554bb9ff49622184cc16883a7567115c7ca
SHA2565971fcc9758b7f4a12cde2190a323f35a34ab7f97bd8c39cc8f3335223102573
SHA51212ced7ddb0352f8eca3c3cb7c7c2faaf08e617b2dd278d20008051fb6b564b17c3e9ecfa8b0ffe7674154ad533dfbbf1e802accd5e1aef12ece01368da06e85a
-
Filesize
84KB
MD58edbeeccb6f3dbb09389d99d45db5542
SHA1f7e7af2851a5bf22de79a24fe594b5c0435fca8a
SHA25690701973be6b23703e495f6a145bae251a7bb066d3c5f398ec42694fd06a069f
SHA5122a8bf60f2280b9a947578bd7fd49c3ace8e010a3d4b38e370edb511ea0e125df688bbac369d6a3cec9d285a1fa2ad2dac18a0ef30fda46e49a9440418581e501
-
Filesize
25KB
MD54fbc5fd5da9da74c04fe0374387b34d3
SHA11e9c98db0486f98fb7d8eb9fa57a949494b649b5
SHA256b2347790c87052623710382d3178887f68a79618d6da5174909f46b169236950
SHA512ce87d4512c2ab7c1ad7986e8e1fe790615ae39c7667d234dfc09026ee7e1518b3bfbf7974612811db0c3e5654b35b54e118e23e624bebe027a51d2c8f2a4652a
-
Filesize
30KB
MD55c1441f6ee11632183a83dac2d22853b
SHA1eef732ff4bab9ea5c8fffb6a93c47cfc8e64dae2
SHA256104e0b0e0e9fec9eb6438683296feeba298d5f23b02d2080577fc87ffec67acf
SHA512e41d3433754a8a3d2c572bb7f3902c0d37cba2e6f3307f0e6dfed316a22b11ef7e52a73c30085fa89fcff603e4b76858abe761217c320e38fa2eb95d1777b595
-
Filesize
24KB
MD55c4c43763fb1a796134aa5734905c891
SHA144a5e1ae4806406a239129d77888bd87d291a410
SHA2564edc80e7d331ba0e9338431d407157181190f995821d1cd24f7a7aa2422ece0c
SHA51207bec7e4a85e76cfab2c21776b50ee2bd0454835fcb43b573dee757eca24cbeb4530784bae07de3be90820cee6d72023d9ded395d4f1a4931971db247dc1a71e
-
Filesize
41KB
MD553e72716073038c1dd1db65bfdb1254c
SHA17bf220a02a3b51aa51300b3a9ea7fa48358ca161
SHA256e1fb6927ba2ed014d0ac750af0ee0bb3d49487dd6920848937259606e1e92e1d
SHA512c10d91b6ec82402b0eb05dc31a4703c999f4988e88204b695e009fae5fdcc61e8a6dc4d2879ecf2babc030224048afd2f256b9e7f5c5b6f28762047813be0941
-
Filesize
48KB
MD5e7d68df8f65fbb0298a45519e2336f32
SHA1ad3c84ad7eb75a61f287b1ba9fd2801567e39b6d
SHA2562473ebaf52723c3751a12117ebbe974e50ecdaeb40b282a12ba4e6aa98492e79
SHA512626204685e9b95310aba51be4a8abaf3b6e152fa35902f64f837303fc4011a4518ee393047ceb45bf377e9d965d169c92bfbb6673475150e159c59b7857ba03e
-
Filesize
60KB
MD57e9d95ac47a2284706318656b4f711d3
SHA1f085104709201c6e64635aeacf1da51599054e55
SHA25638dcb3d0f217785b39c03d4c949dd1e04b70e9eade8a4ad83f026390684059c9
SHA512294a5148d8fcddabd177b776617da7720d9876ac2a1cdf8dd7b9489f0f719600a634346cdfa07da66588de885b0a64d8cccde4d47edbf6305bd2af44ee209118
-
Filesize
21KB
MD559cfd9669367517b384922b2485cb6a7
SHA11bd44298543204d61d4efd2cd3980ad01071360d
SHA256e02bfad84786560b624efd56df55c88a4ffbd6c7cfc728bf68b6401aa10f849f
SHA512d0dd041d8493c7c19db01ea8477981148726796ce2ab58d3193064123319bd5b68fd57871d1db0aaa08d07f78ab96a3d343051c33ffd406e96b921248ea32665
-
Filesize
859KB
MD54253e18e2f977da6beaf3587db5b605c
SHA160eeed22b25bae022bdc5784352a49e441c6b301
SHA256281e6f042e93f9de1c44c9917c8a54c0efbbe5fd97d9f46a65c8d702e144f4dd
SHA5122f474078f48739660cf4a770544c52dcd00d2951c3ad03549f80951f57c425cda5979d56e9482dd05541de851c33a27658da8b4bccde19276ab43108d0a30163
-
Filesize
1.1MB
MD586cfc84f8407ab1be6cc64a9702882ef
SHA186f3c502ed64df2a5e10b085103c2ffc9e3a4130
SHA25611b89cc5531b2a6b89fbbb406ebe8fb01f0bf789e672131b0354e10f9e091307
SHA512b33f59497127cb1b4c1781693380576187c562563a9e367ce8abc14c97c51053a28af559cdd8bd66181012083e562c8a8771e3d46adeba269a848153a8e9173c
-
Filesize
23KB
MD5d50ebf567149ead9d88933561cb87d09
SHA1171df40e4187ebbfdf9aa1d76a33f769fb8a35ed
SHA2566aa8e12ce7c8ad52dd2e3fabeb38a726447849669c084ea63d8e322a193033af
SHA5127bcc9d6d3a097333e1e4b2b23c81ea1b5db7dbdc5d9d62ebaffb0fdfb6cfe86161520ac14dc835d1939be22b9f342531f48da70f765a60b8e2c3d7b9983021de
-
Filesize
203KB
MD56cd33578bc5629930329ca3303f0fae1
SHA1f2f8e3248a72f98d27f0cfa0010e32175a18487f
SHA2564150ee603ad2da7a6cb6a895cb5bd928e3a99af7e73c604de1fc224e0809fdb0
SHA512c236a6ccc8577c85509d378c1ef014621cab6f6f4aa26796ff32d8eec8e98ded2e55d358a7d236594f7a48646dc2a6bf25b42a37aed549440d52873ebca4713e
-
Filesize
20KB
MD5dba01ddfe41784191780e50534b7b86b
SHA164e834d0e457252f6deba67843626804d6343a41
SHA2561fc13691e104e56fb0b742288d4aa943b907db3da6848e1b92904a1aa9b89187
SHA51213046e44a6e0df896789d17427f9c05c229cbabfb0414e3c6b78637701a316953efa507e40519c760ea762e2e2c90714fd72e14e7bd949094c08d70bf515c2ff
-
Filesize
86KB
MD546331749084f98bcfe8631d74c5e038f
SHA15e5510f7a4d03f10d979e0d6a0d2a6f0e53ca347
SHA25621cc4b9ccd69d08d7c1068b1f004ae9454f7ea0a322801860faf0e6f4a24a3df
SHA512edd39ce2d927fb6700a86db07f4f56cab897ef91a320f3e5ecb542ea1be6888dd27a08008e5fa1df3765b0c82d1046a23c8d59e76d11f4e6449d4d6826879589
-
Filesize
63KB
MD5c17b7a4b853827f538576f4c3521c653
SHA16115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA5128e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7
-
Filesize
1.4MB
MD5fc7bd515b12e537a39dc93a09b3eaad6
SHA196f5d4b0967372553cb106539c5566bc184f6167
SHA256461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164
SHA512a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122
-
Filesize
24KB
MD53797a47a60b606e25348c67043874fe8
SHA163a33fedffd52190236a6acd0fc5d9d491e3ac45
SHA256312e9b01d1632840983e8533d1685a64fb87e4538f724a7a59a71b1ba148bbac
SHA5123eb7599825b7b21aaab05e420dd16d4a8eaa21652d232f6e4ede213a232b701401556e44df73cfa20ae855d1adc28304b52d42367b74ebd8e96c2e3d9a9b93e2
-
Filesize
608KB
MD56a3a34c9c67efd6c17d44292e8db8fad
SHA1339b1e514d60d8370eaec1e2f2b71cead999f970
SHA2567b0e840165d65f0f5285476467e4c154c4d936613966b84948110a4614b9cad9
SHA5126f2a1b670d28762745f0d3b961a331cbbb0dec244f8798734b911b3a3bc9519c73a3b26f1e1117725f6f1e880e57cadb562a1450659bca1aae353f6b9575d7f5
-
Filesize
287KB
MD5fed35db31377d515d198e5e446498be2
SHA162e388d17e17208ea0e881ccd96c75b7b1fbc5f7
SHA256af3cdc9a2a1d923be67244429867a3c5c70835249e3573a03b98d08d148fe24b
SHA5120985528cb0289086ec895e21a8947e04f732d5660460f2e7fa8668bd441c891438781c808bcea9294f348720e3752c10ea65363371f7e75ea48600d016bab72a
-
Filesize
31KB
MD5e38fde2d8395e72458dd08956598279e
SHA11fc9f0562d9012d3cfcf8ac8cff6854d7f35e333
SHA256248cd49446e0e0939a03ffe6cc8b83885bfc9b285dbaff90bc10ac6334d10f54
SHA512bd8428f4f67de23d65c86b8901a9351fd5fbd81bd980ad3277a1520eb21723287f2364dd13fbcf5454bad41947d37b614a245fc204d9a69c0dbfca1ad78329f2
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
9.8MB
MD5708932216a4a65b3e560893a115673f2
SHA1e9aeef34258854948f50f1c6bbd8eb69772d0e59
SHA256a3d7cd217684a58df277f072e1b7e1a4e00448f1b7530fdae13af3903d1327a5
SHA51278ce6826fa7d3d561ce69d395b62e5178ab7333a510652b614fa7864ac61bf3901a07d49b39bd43968f5f54ef6f04fd9c6aa7af7a435d05c1a3833bf61272992
-
Filesize
136KB
-
Filesize
736KB
-
Filesize
1.6MB
-
Filesize
56KB
-
Filesize
124KB
-
Filesize
1.4MB
-
Filesize
4.4MB
-
Filesize
124KB
-
Filesize
40KB
-
Filesize
228KB
-
Filesize
3.8MB
-
Filesize
332KB
-
Filesize
184KB
-
Filesize
1.1MB
-
Filesize
108KB
-
Filesize
180KB
-
Filesize
84KB
-
Filesize
100KB
-
Filesize
100KB
-
Filesize
892KB
-
Filesize
52KB
-
Filesize
84KB
-
Filesize
76KB
-
Filesize
60KB
-
Filesize
3.5MB
-
Filesize
1.4MB
-
Filesize
3.5MB
-
Filesize
88KB
-
Filesize
100KB
-
Filesize
60KB
-
Filesize
4.4MB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
64KB
-
Filesize
184KB
-
Filesize
736KB
-
Filesize
3.5MB
-
Filesize
3.5MB
-
Filesize
64KB
-
Filesize
52KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
84KB
-
Filesize
76KB
-
Filesize
84KB
-
Filesize
4.4MB
-
Filesize
252KB
-
Filesize
892KB
-
Filesize
108KB
-
Filesize
84KB
-
Filesize
252KB
-
Filesize
124KB
-
Filesize
144KB