Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
727s -
max time network
725s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
28/04/2024, 08:15
General
-
Target
https://sites.google.com/view/zensoft
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 64 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/view/zensoft1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff46be46f8,0x7fff46be4708,0x7fff46be47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5340 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6428 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5491143089836025359,17994758304170452688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\dnSpy-net-win64\" -ad -an -ai#7zMap14908:92:7zEvent91181⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Adobe Activator\" -ad -an -ai#7zMap23023:92:7zEvent190571⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Adobe Activator\" -ad -an -ai#7zMap15807:92:7zEvent199031⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"C:\Users\Admin\Downloads\Adobe Activator\Adobe Activator\Adobe_Activator.exe"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
4KB
MD51105c58abb86509c0e07fd4a57e04be0
SHA12a7be14b718c551c670f24475d6788e9b43742ca
SHA2562cfc211689558c2c466c1cc009ed269cebbf91db5fb1de6876cc48d846e4c6b7
SHA512e8b385b78d3db48258510b253e34ccfabb0a0a7c9e43b25a7433144d7cf70049043aea0acfea95061fa9df2e992659688884f50b5427a6f82a8771876ac644ab
-
Filesize
5KB
MD51fa53d7a7d2a4241753f1256fdbfe75b
SHA1d3f069ef6843cc51f531a2083ae5fd899044a004
SHA256a6a4a4b94d47510b56a4dadd5ae60ecfe811b1e17b96db761a937ac25949c13c
SHA512294aeaa1581ceba235dba3dc465a15a65aaf7bcc3d82919c505ac87c463e35cdf2d73d7e10a631dafef80d60b46c7b052431d6bff9290eb694bd04ed81bddbc4
-
Filesize
9KB
MD5ea6c2ce8a83fb38d793e5aa1bda2445f
SHA13221a596cfddd2d9f4b75f4ed3b498f00f49a843
SHA25622c46676934aec04b1673c96f849880068175c4c349023cf588b618061bf03e6
SHA512e4e35f9d75e039925edee6c745f9493dd052a4e7eb19373a778020bb0bccc0facc9007548c1e4a5d0f335c4d6bf9cb48fbe675c4e11f8b106a33a5ffaceb9bbc
-
Filesize
6KB
MD5e4f8785e97ffc0ce0dc79e24cc5d52ad
SHA1b0757849bfe098a15933d8be26c6da8acea3d77f
SHA256550047118b0b0c83f362f65f4985663e776df88030d6e17fb80756079b04bbe7
SHA5127a8686ef9348e2cc30d81f9938ef7b15bf8e76fad9bc515a10bf07a93fbaa68930a88ea3cdc9d0acd12a7eb29086e5546f91751dc427310865a01c63de6a75a3
-
Filesize
6KB
MD5aeeb30fd1f6fe1679c3e6f4b80b85ae0
SHA1ea822ceed97d3dcfb548398eabb1653ecd78f40c
SHA25605acb399b9495eb91bf9aac31b43e64be06c07163f71067fb330627d5b4ae293
SHA51213f5b489881eddaeeb069e5c25b2e97b91efe3f6ac24ff20dde6474a53790983ec70a8fe8fb6700d57ac78851f93976ffca2caaf7a43591977270e4e688068aa
-
Filesize
9KB
MD5d83217f28d8f2e36bddcd41f782d27eb
SHA15ff32c2525595defcddea825c487fe5885cf13d6
SHA256689ce668621da63463d97bd7b172ae6d51706a625c835760a6b63cfc6cf50950
SHA512c5aec4f31c22f1fc426eda56633f243aa11df41769b3e375437d3a10ad47d727b49d69ffa22c9c92bd3fc9eace939462ca1d8737281e224971dc9d6f58c79054
-
Filesize
9KB
MD55ab1d63582964554d42bde30c6d5ec0e
SHA1a4eb0090db509ee85cd6a557b215bdc76f36620e
SHA2569f649d1ffcdea6bf62a4107d7b7463dd2a550230dcf8a1e8730a9144c982cfab
SHA51282d124dfe1f242ec173c7034703d9eab256d71398632192c46a073d65202e51e228d1d93696a8b74e8e2ed837d8c4485df55208624065168c7f5c4a507e68fbd
-
Filesize
9KB
MD571f38dbdb8834c9dbca064482da3d7be
SHA1e9d57e6ffc049f2156901d41030e3e7835869d8d
SHA256031d9e2303c8ec7d576cc577d1a2080142b45231a19a918c8549d89dcde0c12a
SHA5121e16e8554ebc55d43cae5adbf05cb7f62da3f0f9ac044f14cd500c12942ac955cd146e83faecc2bc34d9a46949b50ea2ed56014dbb36f894a15ec11e0afdbeed
-
Filesize
2KB
MD50ef84215f321593aa153f452531bff35
SHA1dc99fa055e933ab3ab3b5c57f6cabac8a07347f2
SHA256c9cd07c0b587d994a5a83ed5014ca9d444e04350306a8884cf47f8cb85c9f2d1
SHA512e25c870c245229ae0b28ad3972d1d14b33b4ac3e09045c2825378eefb209e2eb1c92f93f3f16e29be881f02111e9ad8363e9f6d9a4287424593f38abf1877c69
-
Filesize
2KB
MD5889b3730e6925a3039f595e7d2cef68f
SHA1dcc3c70e830a73efb538379c99d9aa2f55d5d096
SHA256c5ab248bdd0056e57170047c8c1123605c75a6ecefb449e69d4386913ee053ed
SHA5126c8ebceec8f230a27e2ad0a20da57be57a0ea503a58fdedc1dc4200264c6d9c1d76e97d10b6a06a0ac0a4354114ed2d0644fcf3cdcf6c89daba3e32100b5982e
-
Filesize
3KB
MD5b511e5957ecc4933f32fb7ca7a267906
SHA1ad01365ffa69336a5ebbd9030fd24685444b6d85
SHA256151f0a4b2e585d2696d63549e8c9e53f09cbecce48e6a5704aec0d654eadce21
SHA5123aa229801e317a187388321b52d9c58678596cd30c1604ef0c971c2e269a1e172e5dda265e773a2262aba24006bcf41d8da87d501cd0062aa38d6f269272d7ef
-
Filesize
1KB
MD5e8aaf468a4520338c087cacc5a81f910
SHA1ecc84aee4851b1fac762a1ff015b627619f6c06c
SHA256811e2e47aca473ac631add18055e71931981e297ff2f4e54d0cbdad911f4154c
SHA5127a5798d38e0342ff3d97504f0584903456cdb04a37184d7cc6d8c38d18cbd54d9da388a66d2f99de00c9d26b93d705c837a6d3008d3ab0a4301f9dc230b84d9a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e975ccf473966bd5956d31e674eaa071
SHA1d210ab83ad38bbd886dc87363b8ee5f454e021a7
SHA25606f3545d8c9c1d6594eacd38836c9f5243cc07ac029b8d1018a51ccf577b122d
SHA51257b9cd7c90a6334b8957019b9577e9001fb1455b1b9b793023214fb6aed12ebcd9f41bdb452ae4ff20c7f188f16a2b9186c4010a456b4a9c3218de35331833ff
-
Filesize
11KB
MD521e16419278ead2fbae74cb6210b0ca6
SHA17d8389d5354e9ef27a3f6ff67a37f2ce7eb37d8c
SHA2565ab0d94b3e0396989b7aab732457c7a3790e7e7df107c1019d59d32b4d3df919
SHA512c811ca4ac7878ad566e55ee00bc9e04bc9c281954a1f263e3cfaf424a1999e6c7cecbe4a8483a33977bdb11a81d1012f656e93743dbbcf1ba526d39ff030b60d
-
Filesize
12KB
MD5d5fb41bd4f7df6d0b566a58be1524b69
SHA100e210705ef3a6a10a5387454cd94b3bca27be13
SHA25652ef98efdae90296c29b3e3554ca0ca3cb69ebc432c0edb87f0a41a21d8df702
SHA5127cea3ba7d315ec036d1442b0637d093e022956af9fd4359968f78b9dbe5d8ad2a9baf60d6407dd5ba60b9cddb8c32089ed6cbf0775506c12d8d2d28b5f7cfd63
-
Filesize
81.8MB
MD54800fd15179864edef2fb70788a042a2
SHA12cacdd05cd9f36054e9e9f91bab2e32d8c43bde5
SHA25678d855aef02d87195ddde4f4a89f16f03708e66ec8282cf8eb9ecc89dd469f6c
SHA5126807c4ffc339a531fc144ec46e4aa7d9994bfec1d59ed0fbd71f175c270aee95d011e352e71a1610b50ea6efa50ac8b47c5f285354947063b061c4382919d8de
-
Filesize
485KB
MD5fe18b6ed4c63d18156217dc30f1482e5
SHA11d1eccc4e03b086d49c453b4e5716e164892f006
SHA2561f1093930ebc3779f2d4659ed3a31fd05cfa1dbffc0f7575955cb28e7b990c64
SHA512c5c6e64eb2ab0ef93f6d823e002f895333983f4d151ac7296c7de65e9fb8096502f8db3035ded3612fb9c6c99a8a1c09c81c3ff84dca7e1b5c5b803d10e36052
-
Filesize
8.2MB
MD58248dae04024364aec8b53ce0a292ec7
SHA102d208a9641770565ba0b5cb670c02eb72cf4edd
SHA256d9108c34ce90cfe678a8151ff48ccb814f7865263b233176a27c4745344a1a3f
SHA512b65b492e9a110cb73135aa74e22626b53776784bad2966831125736706efb183e598f78175517150889cf42ddee1dfa4d79ce8d38474137df91dd185f1787fe3
-
Filesize
14KB
MD5409aa1e6671ff019c128c60ef64f6c82
SHA17219f187def9d15b69e87bfa470225c5414e0c71
SHA256ef95c63de453b85d493749502295ac69a79b9959b18b19346ce355f84e83fd1e
SHA5121fe89a97e39746088388f4e521de6c8d1e4a577db72290f9614e3ac705cb22872181d19b442b688d841fe06cf6732b86cb7d13997b3b5c0848b1b29f37e4916a
-
Filesize
14KB
MD504e44e8deaf68d6285623287e6494209
SHA1060a22f69e413b47e6b0c2a8e9bf2f9b200c4575
SHA256474dabc74f78e89a40de5be362ca399de630400b46e7cb81c224692ebdbeed25
SHA51202bf3a560e4f10c1d2f208f16f03efc1cc7dbbdd8fcf875ef6040012663a1c6008331920ec62ccc09378f6337c8470e5b456566c4dbdb21478d079269df56ea1
-
Filesize
214KB
MD5944c070c2ac2208867b57d15c319ccc6
SHA17ac800a94af0da43c78b3c3411aa21d45ccf911d
SHA256aa4db7afcb061c7b1029c414beef19ad5bb319b69f6eb7756113c9f207162e63
SHA5128d5693c6dfe07affc6d814db358aaf8c69c7d66d98d97bbb4b922d1bc192cc399c84642f16d6415dcd4189e49e96068fb9049306f05b8faa782bfc37f96403cf
-
Filesize
9.0MB
MD5bd42384077787fb221c9f703fbb8bb88
SHA10228f9a53ff3abd70c711b86b489718307eeba05
SHA2567a2279cd7d0507adcb206269bf0fe2e69f1059ebe5976f7413b76b769c75d531
SHA5125e9c4a4182756d835bf231d5c8657eb98b82244740d9af034d59d0628d91ef0a25c11028f88c878513538bdb6cbc9ef4e4ec5b7564354ca346ea50fefd3c9fa2
-
Filesize
18KB
MD50d3b1fd3984d4b42539920b973ba359b
SHA170c8e7970ea3dd4b5c3c28ab0fd251dd4cac4160
SHA2563d93fba495ca0b08f5f4300eef51428e29586223356df3a774473ef3ba02cb92
SHA512dc3be7dee13e7eb86764da10dc15de7b29095ed944488fd7699c9121a986f5cf06823c2a44a97459e4b62067fbb76ad2aea712277658f6642300ad776c9f7641
-
Filesize
16KB
MD5621f8acc3152f04a3fd9a901b08985e2
SHA119e89c3f51c3d8048e1d2fe1de269f8906f291a4
SHA256ddd7f16cf52c23b5953f67057bcddcc8fc7f11b32dfd93a1e3079fb0e81a56fb
SHA5123b31121685825b9cab3e0def9b9549f9fc5580d240e3abe8058d65326d2cdd37b6cf9ceaabe2d56b66d91b283203c8fad518eb0de3a6b8c02afef23915bfb1f8
-
Filesize
47KB
MD548fb2d5f200c68a00ce0388770341478
SHA17279cd97c3f7f4753629e21cb8234e4082b1f890
SHA25631286dd429d6588632adb78b514a0d9f8b8fc9ac2e88976d10f83d46cabdccb5
SHA512e120bf83ca0bb6f91108d34839d88c23204e83b9805bac9bac3d08336132dbbd0c2b2012807d4ae1ebb1c5247d33cba4e2ba859ea45ed3f7517a0adbb1d3cdda
-
Filesize
41KB
MD5715f4dc52da61002d5bb4e1a64108e82
SHA1a48ea9b3a88780ff489858bc02ca42ce969fa593
SHA2567445aa86efeb0045d10ad97ec6a3b5bc72556e06501f471d754ae033df87d5d0
SHA512b0dd8a363eaf975aa517fd7f109e7100da24f1d0f5fea52780c47dec7679609d0029c82cc79f5ee6d1bd296d3875f42ef9c9cd9033392a1269de4596ec27bd91
-
Filesize
2.1MB
MD5e8674dbfceac4bc362c1f15cdc8fd2ef
SHA1d2c693cc121df0a69e5c1d1ab67a43123601f8e3
SHA25685812bc0cbe06a06ccdd20473155a5cfef31b1760767e29ea688457f2830ccc1
SHA512c01d639a188e745a0c4e789598b60e99bf0ea0544ca9ebd6b12f3e158c0bbc1e164dd0aa274cadf4b1ea3c99254656d057dc36d9ee29904de0e021485e652fc1
-
Filesize
1.3MB
MD5ae031b7fafb431d7e30b08d5e9a0b831
SHA128a59dd780e0329ef19248e953e8cf703a9f97b3
SHA25697c766dbd9786e66e967263371b9f06a9f21aa2950795d4254a11edcd20e430e
SHA512036e35fa9751c9c54006077da4ec5d248e9572d9b5e30f1af83992700d11210981df10141316b6afeb7ebe82d6e3517575bc9ba77cc7a9d2383b08ceceaf50fc
-
Filesize
4.9MB
MD527d49de876adc48752954f64f5db9da4
SHA12137a2a832fbb479bb2ae15297ca6d11a36cf68c
SHA256f31d2089328db88ffd561f56db944cae79647478e2b72be201d95607b8ae1666
SHA512d2bec99263f36fefe1760f22b656e8cdd27ba5c66d5df9e8509165a8f119f0ba63c6a766e25ed4895a927a089c816c59fdd0c2fc0b2b9f2a22db65abbb1d9fd0
-
Filesize
945KB
MD55897a5f8bb3fdbaea1f5d37f1a0137e5
SHA1ad75c9397106112ae52dd1cb93899d81ea0c2d6b
SHA256a06639a52050f3d0f4644ccd55c7ba1572a7f63b5cf51067f8e9088f7cae2449
SHA5127f6567700efa2b8b01193e58992dbba714c21ba9e67896a39247335886c0f4e6a210d0023b6b7559c509131f83d99e2f16acbd08b0c4ad672b15582bfc234add
-
Filesize
172KB
MD5c5ebae728e2f6d81ebb2811311491990
SHA141b37ba7693bb8c9f9852a80d1752e39203ee878
SHA256c30990252f79f8a94c56ce5af663acf1333c34a4dd2c8abd199c82c684a45408
SHA5129acc4497bdcdb472cb7b59d257be5275803abfc358f56803b73cc11bd691cc4320135d534a47d00605610a7426db2115fe227adbc98b60aebb78d366f312e737
-
Filesize
3.5MB
MD51495a61498fafbc13a37b91bf32fe191
SHA1770e93957a7fd7a3172a51a48c56e7159c1aee09
SHA25613313b9a80d6fe4e86e289475a57c96451e6e98133e136a74619ba3443306d12
SHA5121750161ce2cd2ed6c4c21d904d249459ad91ac4c9a96c00645848852a0c42c85b0ce8c790c41322e148b43988b8bf78ef89df49dd3a1825c343178c33762a48c
-
Filesize
274B
MD5c0bbae9a92c0004f0e48a1303834a4f1
SHA16254cc2e4595c272c88200a569ced499f82fb531
SHA256d73d166ed2c36560e74ccd1067673bc17c881d570e09394ddd5ef0ffd3d9e8a4
SHA51229a0025944bc65b708909a18e8d42723de52b5bf9fb191ab7936090f51edc4430791f341229f204e875d0673b046bc71e73842babc72312e19eb9c9019549272
-
Filesize
1.1MB
MD54d0b771879de85137ee7e5f0d4bb4b16
SHA1fc32cccd0cd5c3ebd968bcdf48e32a7ea25e9bd7
SHA256962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd
SHA512bae39862ea07ebc5c9aa07a7333a880471baf4bf52eebedc03536e45584887eecc1075e0c0171229a54900ab93a66db9f666aa631c160912f538666da8c9e980
-
Filesize
487KB
MD5fa1ba429770bc8b64ce65511f29ff88f
SHA1c9af6e053edc6f4ce1fcd165f1635cd15db98a9f
SHA25648d9968db0001585b27c46c96d47952e86a42540b236a7d6877e8c67b7fa79a1
SHA512c6dd92c56739e0b11dfeb496bbc14b24374e1910cb1a4c83edbb07d2565b2279fae0a9325d363ea7b2c548aea429ab6dcb875328ad48dcf2ef3256eb6c2778a3
-
Filesize
494KB
MD5af83b14c9628f161c980f69f7ae7b2be
SHA18b38008a74370379548a3accd259f43833b529ff
SHA256fb249fed957ee658bfc20dbe18d1810aed29cd0b626374d147da5891a24b1b52
SHA512a70d3f787b63345e7c2d6fcc50f66858d3c4bfccc952c637900067c1b59312d6c72febd04749fa36e027d65eaf07c5d7f6e90c1ed4b28767f6f5d36dded15712
-
Filesize
55KB
MD5a029bd0904a2966373c1302b0e0324a9
SHA1b01c81668917eb6b8566c1fe210fb300648d97ba
SHA2562b3ead4f40779324d728c8970721b3af78f8085877e73e1ae163085515ed285a
SHA51233e9deb58c0f1220b097a6be47f8b00696261e61d0a3910cbe871cb03240aaf4acfde2af9a9dbf38c1b9061246fffc9eefe6b036d0cba87f351182c367c9acf1
-
Filesize
111KB
MD5349c39c3ff7dd2fb44d5fa3c5baf64c6
SHA1b60d38ed5bcb35f66468a43dc4349dfa970b1c02
SHA256737d504f6fa742b23cf4149cd0384fdbdc929bc4231bdd0d7bd772ea9dd1805f
SHA512e63dd8f5e1392740a0e2228fcd88bba0392c5834ae2a3caa311e894b177623d636d12a5c0107f81f9b92e01fcdc75cbca287731eee4d136f73d1e9b6fca9bc0b
-
Filesize
207KB
MD55cf180fec9628c4df4267de3ed7a98a7
SHA1edeaac9111d8f499378b67c983f7b7defbddb268
SHA256bc1c4e0fc49c138bbfc223d3e94231cd4884439c663646d91e48fa005df6704a
SHA51297149bb70657393965382a152f8dcdcd9bdca5a6914b788dcba6b92be1547a83fd2720afbd6b2deb9d20da524ee2bb85375d9ffd4b019157f0eef51d46539133
-
Filesize
4.9MB
-
Filesize
624KB