Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
315s -
max time network
317s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
21/07/2023, 08:22
General
-
Target
https://bazaar.abuse.ch/sample/2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98/
Malware Config
Extracted
gurcu
https://api.telegram.org/bot6237712604:AAESgAGfaQ0EUC8eWgMd7kpAW_FEGRDRfDs/sendMessage?chat_id=880824160
Signatures
-
Gurcu, WhiteSnake
Gurcu is a malware stealer written in C#.
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 6 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 6 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 41 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa679a9758,0x7ffa679a9768,0x7ffa679a97782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4748 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3304 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 --field-trial-handle=1860,i,12385385014013056322,14135842595464667468,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98\" -spe -an -ai#7zMap2255:190:7zEvent193101⤵
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe"C:\Users\Admin\Downloads\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\Admin\Downloads\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe" &&START "" "C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe"2⤵
-
C:\Windows\system32\chcp.comchcp 650013⤵
-
-
C:\Windows\system32\PING.EXEping 127.0.0.13⤵
- Runs ping.exe
-
-
C:\Windows\system32\schtasks.exeschtasks /create /tn "2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
-
-
C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe"C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\tar.exe"C:\Windows\System32\tar.exe" -xvzf "C:\Users\Admin\AppData\Local\Temp\tmp2D85.tmp" -C "C:\Users\Admin\AppData\Local\x22nso3f7r"4⤵
-
-
C:\Users\Admin\AppData\Local\x22nso3f7r\tor\tor.exe"C:\Users\Admin\AppData\Local\x22nso3f7r\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\x22nso3f7r\torrc.txt"4⤵
- Executes dropped EXE
-
-
-
-
C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exeC:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe1⤵
- Checks computer location settings
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
- outlook_office_path
- outlook_win_path
-
C:\Users\Admin\AppData\Local\x22nso3f7r\tor\tor.exe"C:\Users\Admin\AppData\Local\x22nso3f7r\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\x22nso3f7r\torrc.txt"2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2040 -s 23402⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 424 -p 2040 -ip 20401⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exeC:\Users\Admin\AppData\Local\EsetSecurity\2c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\x22nso3f7r\tor\tor.exe"C:\Users\Admin\AppData\Local\x22nso3f7r\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\x22nso3f7r\torrc.txt"2⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2064 -s 18402⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 512 -p 2064 -ip 20641⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
22KB
MD53b5537dce96f57098998e410b0202920
SHA17732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d
-
Filesize
80KB
MD50ce7bf20be2d5afad791c7b87dd24f20
SHA1f0d6c6f1f5560281a3a42060037940130c4c6097
SHA256b3664954574167ffab238da481247a371ecaafa135a636af08e572795fd04325
SHA5120c24363846c6f19862b24399f93fe31e47f8eb18f1e3c486074ceac5360cfcdef8be439a29dc8a66d932bc6857663373dc91d490bedb21d9eb434822eda70260
-
Filesize
171KB
MD5442d0e9e8515f3517372c89d7d94fe9b
SHA1768598cde1ba553c3b208f842b06eb80b94f2939
SHA256205f37c78cda70f635fd72e1d99079d7c4d88e54e88b04a0d746455eefe3b979
SHA512cd396095eb7640706063c45d951e49ec380ddd5f61088a26df2471d4424b14579708842ff971a5abe41f03218364ee5f7246d26bf2a0d3e08998bd580abcf739
-
Filesize
192B
MD5e8382cf007903649d33f9fff6d656592
SHA1c90828f1babfc7df4e3badaa4d8ebfc2b02aab92
SHA25693e8992835d26d71085eac9356566e58d9a51ba8665f601d9c90e9e064104083
SHA512856a20b9dead319a5e705cfadbd0c2989576f555692578a9febdf9fe20148e2f6392997945437aecbff1da30431b40734222ea552210879c7302314974b1974e
-
Filesize
360B
MD5e560b0ecc6d881b578c33a564a2059d5
SHA1d53e4b4fbbd68af6f50d1a0a45196dcb4e727650
SHA256836e34dbda1a9d5fac14ac37e13c14d6a8cf9a0bf3f44c82a49302c0977f5d1b
SHA512ffd3605d73708930a18b8d29a27122bd7a0b86b3cb5e4250c355c0068e79ae2210a405765abbdf6c397d7f9ca2744f601cba6c10c0a846c9e3861ce927772a00
-
Filesize
2KB
MD5aab9d1fc132b9d461e424c41d0ab7e04
SHA14ee539c302178f2c5f8bcc8f103e24f3e6053497
SHA256b46d93cd3942631d74bce975f4a3e6cb62f10098eb4f5d17d7821672981b5d3e
SHA512d9252fa805e6d4f4ba4f21206e6c8ee0f69f15ab2a1a7f59054ca2f5cfceda90f17f458d03f21bc8a239fd2579a626d8069be9722380e1fc65a320d6ace581b3
-
Filesize
2KB
MD5868038e502e662c3d1607d157ec03e55
SHA182f51532a9a05b0c67610369e24ce5abdc4f5284
SHA256e4ae46b40e4123dc329cb06770654ebe19971f5fadf6303d327179f953282710
SHA5126250890615b77831ff44ec7fe7dce459d460006ae3ca3aec676601eaec7e4c03715439754b7e04ff12dad1f238a369f3f3721d633f963aa0ab249a7883b8e12f
-
Filesize
705B
MD5f6bc3ce3c1d93a7bb740ad87dc4daeda
SHA1b8726f0339895d6ab30a202f1e904b3b6871ef2c
SHA256e3fe016155d184d7f9e730e055e198ffe1052129afa9ae85d41ae6f6ae6b4592
SHA51284147cf55924d13c526043f59643c74260eb4c8af267bdc53801f63b034056a0d43e8d40abc6a15821aa0d45ce27bc5e969921cc14c4aee52611f6af71a0b039
-
Filesize
705B
MD5a0e5514472d2271eb1fe34dfe6e99c18
SHA10b1c21e4fd3da2e742dc047b75b02dca04cfcfe4
SHA2566e3686841a22efa2abbd0fa3eada6fdf31b6d5dac711225dc006d87c8afbd5a2
SHA512714a5d98e7b196038dbf848de3009de545551df362371495e96654b0e1837b3ef377870d1eed0eb19fc10455828388c4d83ffa6c3b59ed0dde34a7eb4671e819
-
Filesize
705B
MD52454219a2ce13c5983958f09a1d336c2
SHA1927ea4862f7c0c9c6e23392efeb405d0102e3941
SHA256620c2fa8581f2152e362ed92f4894eb0df9fe44830dccbaced09db01a3dd2a05
SHA512268300db5021d54aecba0833a1bdb9f0344599de03fb5221dd3359a5f226b7cd19b3d7e9e92072e0d6b3aeb6e3b73b5fbd3f51cd266f9ea330ba893d95ac6f54
-
Filesize
6KB
MD59a2f5e63a89671a42fdc8802391c0b3f
SHA1ff4e3a3270e0bfa13db33bcbff02f04360e9ade8
SHA2569a8dcd191a0f965393e9a4ec9033d5314fbb58b342fcd821a5a0db27596a505e
SHA51207c06e921e320456495bf3bc2700d2b484675ccc3736103a046bb8882dd7d66d9e7fe8f2125c6dd1368e2dde69428cae02f626f06f4db9900eb6b224e460c133
-
Filesize
6KB
MD5a0a9f842582f071ed69ef24d60533cbe
SHA16342fab3ceff4f70d8e881abb2823e767c315eac
SHA256ea3e9c4cd06d0b136bd0bc9ad04b621786117b8698956ee0e04c55014d879d13
SHA512e217d0744a89dce0d0e44d81d330ee99a5f72c9991fc62b8f48fdaddd1f276ed5f931ee1841f7dedb56d9fe15e98048ef8d7d84326451136e9280a4cb39a0efa
-
Filesize
5KB
MD5b368549c229d9442bf15f7cbf8529f25
SHA17ed94db870dcfac2248f5dd9d53d3aa7b6f8ab99
SHA25614424930e149f522d93b2430e1a4aaccd623b219340da11ece5587d2e4e58135
SHA512b73542b049745956b5ab82d3f9b6fd639ba0f0ca4e3157e2f80d4fad0a3ab846ab172bde1f43dc96106b996f29682259952481dcfc2bbf03e336ce707cbaaa68
-
Filesize
6KB
MD5bd71200d8098dbeb63c6f875284d2b14
SHA1b63d506a922b476e0f5e4ebe2310050deb9752af
SHA256cbf4d78f199836c714fe51b2896692979834415e56ca5bb296d9debd64165158
SHA512ba63f9d3e43d4d60e7773b6f0c282abb9d0fbc8568e25ce9c9a8b004dd908ca89439593ecb4f8ec8be5cb19508529c3c74ca167be6742a20c6f653548f0c64c0
-
Filesize
5KB
MD55974252d0eb5a4271fc7e6f175d70006
SHA1f661939a355e75c53a9350171595cfaa29396da3
SHA2566200bf61c8469bcd90c749d3d58cb1f261746933bbc5a12ae9de10869348a446
SHA51255ba182cc75dc4f26deb6c7dddd85a2d607522866e3d85d5b9ed3903249d9422040f01a0cff6502233da9023b3afd21fe292b1d97d819f5434358b47660d85e4
-
Filesize
87KB
MD57bb1ca65e82a0e4e3ef03a81281f798a
SHA1e48e771c2c32081058bb7ce536ef94e8bf6f09e9
SHA25649a1de24fe9c834059ff82f694daaa14cc1a3572939390e14960d344a8c5e3d1
SHA51270268f09240cb3347c8b1306d6cd00414ea13950f5a879ac70e58e11f52a393f2a1a1b428a3679cccc01a88ef45c6793ab67922b5f5a66d1fdf5d09f0583ce98
-
Filesize
87KB
MD57bb1ca65e82a0e4e3ef03a81281f798a
SHA1e48e771c2c32081058bb7ce536ef94e8bf6f09e9
SHA25649a1de24fe9c834059ff82f694daaa14cc1a3572939390e14960d344a8c5e3d1
SHA51270268f09240cb3347c8b1306d6cd00414ea13950f5a879ac70e58e11f52a393f2a1a1b428a3679cccc01a88ef45c6793ab67922b5f5a66d1fdf5d09f0583ce98
-
Filesize
111KB
MD5da182ea645f8eebc60d803be0ae22299
SHA12ff602e71541c71ce3e109c8edcbd1792fef28f8
SHA256d9d8c44923bd679a81f578482f1f87881a099d6ef76f1fdff25a9d11ad67d4ac
SHA5123843f00d10f44f99eab01de528320fd6e20326069105c84a6b24ade57394a619deaed4e6d317d45882de0812e59146d746c705c357f22db391208d798cfcf39b
-
Filesize
101KB
MD5cd8c2ee388a870dda4420164547e1c1b
SHA1de0ab96e9505fa602acaf007ec49358f296f3cf0
SHA2567e8afb93ae2b9ddf619b2e80d751c8253de954103976c5b81aca75db7fa65b0f
SHA512bf34adcc51fbcaacaa58bdf1cc0ecf4580da53bc63ca57682ebf4098c0dd641bca7115ca826985074a0aeb02140742967c5723154bcfffdce06896655db4b841
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD5fc1be6f3f52d5c841af91f8fc3f790cb
SHA1ac79b4229e0a0ce378ae22fc6104748c5f234511
SHA2566da862f7c7feffca99cd58712ece93928c6ca6aed617f5d8c10a4718eaa2a910
SHA5122f46165017309ee1a0c1b23e30a71e52e86ad8933e2649bf58c3f4628c5aa75659f5b8f6be32c2882f220b2f3ff2fd50d8766bf0a3708c94c2c634c051a05ea6
-
Filesize
13.3MB
MD589d2d5811c1aff539bb355f15f3ddad0
SHA15bb3577c25b6d323d927200c48cd184a3e27c873
SHA256b630008f6d3887793d48b87091e56691e292894dd4fa100dc4a418a2f29dcc12
SHA51239e576124c54143520c5435a2ef9b24506131e13403489c0692f09b89135015d611c4988d4772f8a1e6557fa68b4667d467334461009cee8c2227dfc3e295289
-
Filesize
2.4MB
MD5d5a455e55c380c0d6851ce1f0f2b2866
SHA1bb9ca92d3ee60963326368b298e8c0b9d84c4624
SHA256b8b8c31f3906ff13a489f0ec8b32c13ea79cf412d51acf595e93b0bc54fa9b49
SHA512322dedfee1c64eca986bb43dd41cf63c670756e24bce8d4516332e679e4c89f959ce5b8749601b802b88ec2d7173a6945c935faafdeaf9ef04e9582bf677128e
-
Filesize
7.4MB
MD5c540caf61c520a70944ee8688f179722
SHA1169c5fd1a808dd77c65c34818362f5426441e870
SHA25627cfe07b913107472c84c37992bdc5b118c31c914d087a1018ce7dc24b282112
SHA5124a1e45c04c5eff90646c732e21f533fb7930731f54e64b7e56314070abe85139585add1065ba121beaee9861cba71e171c0f70d64ac5053ed3979e1157240b07
-
Filesize
64B
MD598b819776090956cd50ac7e513f57d2a
SHA1d02e988a8fa7740addb42bc040786d6d378ec6f9
SHA256cb90b70aeb594dadc52239bcc799824b293b22d021b9798a6cb81fe46b61c787
SHA5124ea7609d8d5e68df35b887b4b0fb047adb602117e6df6c4f89e2fba5ee524f719a3cf10bf58438f2bcb8d7a0120101893cde6c757cb041582d6a8dc0e5073957
-
Filesize
4B
MD503fa2f7502f5f6b9169e67d17cbf51bb
SHA1f17d5a057363c3e13f6d4fc68291c5d94c6cfa9d
SHA2565dc3c3700c46499d89e7e810366d9d873e4da6b54c072f8ce515d47d7926878c
SHA512cc56b5ec25d5a7634a4acb52156c26971e4423397531cb4078df85aadc7ea77538afbf5b843ac7fe489bfc433592eaabaa1c74e5bc36b3c071532832bb5dc11c
-
Filesize
7.4MB
MD588590909765350c0d70c6c34b1f31dd2
SHA1129b27c3926e53e5df6d44cc6adf39c3a8d9ebf7
SHA25646fe244b548265c78ab961e8f787bc8bf21edbcaaf175fa3b8be3137c6845a82
SHA512a8af08d9169a31a1c3419d4e6e8fbe608c800d323840563b5a560d3e09e78a492201f07cc0d3864efbff8ad81e59885fc43a6b749e0a3377aa8555df258af192
-
Filesize
7.4MB
MD588590909765350c0d70c6c34b1f31dd2
SHA1129b27c3926e53e5df6d44cc6adf39c3a8d9ebf7
SHA25646fe244b548265c78ab961e8f787bc8bf21edbcaaf175fa3b8be3137c6845a82
SHA512a8af08d9169a31a1c3419d4e6e8fbe608c800d323840563b5a560d3e09e78a492201f07cc0d3864efbff8ad81e59885fc43a6b749e0a3377aa8555df258af192
-
Filesize
7.4MB
MD588590909765350c0d70c6c34b1f31dd2
SHA1129b27c3926e53e5df6d44cc6adf39c3a8d9ebf7
SHA25646fe244b548265c78ab961e8f787bc8bf21edbcaaf175fa3b8be3137c6845a82
SHA512a8af08d9169a31a1c3419d4e6e8fbe608c800d323840563b5a560d3e09e78a492201f07cc0d3864efbff8ad81e59885fc43a6b749e0a3377aa8555df258af192
-
Filesize
7.4MB
MD588590909765350c0d70c6c34b1f31dd2
SHA1129b27c3926e53e5df6d44cc6adf39c3a8d9ebf7
SHA25646fe244b548265c78ab961e8f787bc8bf21edbcaaf175fa3b8be3137c6845a82
SHA512a8af08d9169a31a1c3419d4e6e8fbe608c800d323840563b5a560d3e09e78a492201f07cc0d3864efbff8ad81e59885fc43a6b749e0a3377aa8555df258af192
-
Filesize
218B
MD593338c40030ba128ae286e6e054423e7
SHA14e47b4d315130f166a6515487d5402ac92d0f9b5
SHA25644eca962cac9a295e9d56ffa04cc59f8c93746b0e03774e3167acd3be927f0a6
SHA512c932239e0620350a2fd28e6d4c4db89432db78b166d4dfde7596e1ce5cb3e258030f85dccad497a3116b8fb5235d86265936ed907bde725a9e174e68c510a622
-
Filesize
363KB
MD5df98441b78e01e15e81e292a088c36a5
SHA12d7484611819da4d796fa41f75c702809f2a4157
SHA2569920f28c789c1af1e011df0508075ecc6a8bc609a73dcf23282971e6cc6fa66d
SHA5125c731b0132ebc19918451dd8971141b34f5f27e5febd8bb7e8f7e6cf823c3f250e02df587676d4e985a8316a55234c0c3c75e0d30f839a523e24325010cc9dff
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
599KB
MD5fdb8081ac26d8de3f7582b2616bcf3e8
SHA1c46856c1394a0b36f7826285db0d72ae494f15f0
SHA2562c2d57d1ea08595db9a8a6c1bf8dbe40fac57a9b784eff00c4095c72fce80e98
SHA5120fdaa8f7c6ce93026fa1ad2e18b0ad31cd0e77afc17763042e841b039a2a1130b4138f34a2d32d8e74bee347f26b40f36d224be8b7f4cd7c2f6917617ff60c98
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
616KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB