Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
434s -
max time network
446s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/08/2024, 17:49
Errors
General
-
Target
https://github.com/kokoska23/xwormsample/raw/main/winload.exe
Malware Config
Extracted
xworm
dead-he.gl.at.ply.gg:57200
-
Install_directory
%Public%
-
install_file
svchost.exe
Signatures
-
Detect Xworm Payload 2 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 5 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 17 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 20 IoCs
-
Opens file in notepad (likely ransom note) 3 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: AddClipboardFormatListener 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of SetWindowsHookEx 35 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/kokoska23/xwormsample/raw/main/winload.exe1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4732,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=5012,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5412,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5452,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5568,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6216,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5680,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=5868,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5796,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6796,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:81⤵
-
C:\Users\Admin\Downloads\winload.exe"C:\Users\Admin\Downloads\winload.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Public\svchost.exe"3⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html3⤵
-
-
C:\Windows\SYSTEM32\CMD.EXE"CMD.EXE"3⤵
-
-
C:\Windows\SYSTEM32\CMD.EXE"CMD.EXE"3⤵
-
C:\Windows\system32\notepad.exenotepad file.txt4⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im notepad.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im svchost.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7180,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5736,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5812,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x2d81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x23c,0x240,0x244,0x238,0x214,0x7ffbed39d198,0x7ffbed39d1a4,0x7ffbed39d1b02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2268,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1704,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2296,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4436,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4436,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=564,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=2468,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2736,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=2956 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4728,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4964,i,14155076928861154169,13083304120289729924,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"1⤵
-
C:\Users\Public\svchost.exeC:\Users\Public\svchost.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SendClose.docx.ENC2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ConvertFromEnable.vsdm.ENC2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Users\Public\svchost.exeC:\Users\Public\svchost.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SendClose.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Users\Public\svchost.exeC:\Users\Public\svchost.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\file.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Users\Public\svchost.exeC:\Users\Public\svchost.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
654B
MD52ff39f6c7249774be85fd60a8f9a245e
SHA1684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA5121d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1
-
Filesize
280B
MD567ac13680c6369369996c8ff3f34ae27
SHA14d391f142c0488be8e7e412c6937716e61b4eae2
SHA2561f50443818174f594f3fd50cc57f30d3d11b9e090c79aee045ca9901bbaf6569
SHA5125de92830541fdacda5a557bfbf56510a91858d8bbdb953f4b60fd3647a8839f6705d14c11bd8f5d8d624cee608754990e2da8b1bc8ecbb6d14ce492c49582a95
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD58d786748b9822239d203266c4c46bfda
SHA155c18b761f55c3ab1b211c5406fead64e0b468ab
SHA256728da7b4b71fa2c7f9cc7a496fb5df27d25fd46086cb21989fc873239b345806
SHA512cc5ddc9c6ed5346d879a1c889fa830ffa1fc8f7819e7f5f36e56bff950bdb12c3c373216874f08ec6a5c100116618c3ab6dfec5978c00e45340cfe466d010987
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
12KB
MD50352779642633f4babfc952e0e5b3726
SHA10af79ef0df027a60691d33aa467d01f84e7dae8d
SHA25677364baaa304711b9611b8d9c544e9a2cb0e34cc51c21a6ec4e2c245975eadde
SHA512a6afa36a05d88e919ffcf564a850a17b2e35d0917816df6e33458d9855e2c542102575c8c3bf3674ebcce12bef1cbf94de6dcdb00872463b8f4c48223c30463d
-
Filesize
30KB
MD51b180e245d06201cf1fbecab4e6d9f88
SHA1c0a5b04e9a17d031ac337bf60e028e28e47b84d0
SHA256ae5df7c1e8ecf323a8f0f6afd03bd40f087f605e84e959170c417e8b73c0c462
SHA512dd64d89fd2cb2116985610cfbb468799c80cf901497e24682f0b16a31304f6d0414fc7dd8a6b57c0b9ec65a1cb3df9a58d82f62d5516e7d3865cc189be6f8c2a
-
Filesize
80KB
MD5711712727cdf9a2ceb7f5461f195a32e
SHA1912f003953a8ea1d5e99d8927c5118318944685e
SHA256791e436bcfeb5e51eaef43cfe60364a814bfbf36df3e7a20ecd91ff994780462
SHA512515988c106277ffacbdf089f4f1cb8bf297d42f2f0e74d17a6da97411935b51996dba5f905bb7e999ccc7601bb53b12a0bbe15da997edb678f81cacef4f1d12d
-
Filesize
76KB
MD5c98de48abf232e3601202dca8e6560c6
SHA1b27db93b547f480e905c8148059c9db6e0f728da
SHA25610a23052edb4c5251f2955d0cb35a279bc54da326e2c6f3b0d8398dbee2f1c0a
SHA512fa5a5895399472f1d8d96e6cb47e0b825fb28661f15cf834938af3d5c25124b9dd8a05b6f2a6cbb1a17df3e9da007f32bcbdf04f1f46df394936146a4d929bd0
-
Filesize
4KB
MD577b4e80c9460d472688d02d30ef41905
SHA11aed4922d34e6a3886ecef8874a6fb7bd9a715bc
SHA256fcbb15e576a152063124fc49701b484ae54eaf392aa39ac7e4eaf867c7d1ce0e
SHA5129daeac9887e0dad20115e65d0e067624f1b6941a4503739a622068cb789671c13a5e8141a39cd2b997f4199e094397cf7d521580d60c01f08eb04ab3d2bd09c0
-
Filesize
372B
MD5d451ef5d19ccd4295e97e39c09c05d9b
SHA19b8828cefcca1a054fd912ea397ce4fb62867814
SHA256c3108e0a9e354205016a0e68f9192a1cbed4f475422cecd6a8c9299a9396cead
SHA51288bd63eb323bdcb9fa93b736c7802b16660046181802af81c6e79f7332f4bd12ac0a013a29b13d79f65b57eedb5c7e84f7538b9abb7efd8426b6d71ba4bb5abd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
93KB
MD58d04dd1724cebcf83c6444a89f3cc284
SHA1f3c70909956bbfb7807bfc816d198e8aa2d4928c
SHA256c693a093fac8ddbfe9e2ba991df7fd70e685bad91ade6e9193802dabe8b64162
SHA512f4582b3f8d98516cdbf77efb9acfd27b9cf687cdf75291b3f3bcb474a91f04947fbe6845c699e6abe9935c5a6089fde2ef256ee98fa512f8a3ce6c81d5f57e1c
-
Filesize
188KB
MD5747c8f1200957c2421ca28f460cfc879
SHA10134e36c382c37ea473cfd435aee7f1389b1722d
SHA256e61c703f3bf4bc68d966df264295e184b477cf12448d0ef5331f27dd7c7e021a
SHA5125c3f6f68b4af14424d0d17680985cdc41b45eeba3f278c3190645f865e55d06eb4f8d4111805a2ae6b3bb8cf9ffd6b71ad816794e1d624b8fb899c634fe78138
-
Filesize
16KB
MD5254fd2fff2606cadcb8711fa314894f6
SHA130c86a3f60ccd6216a86edae85a7bd7aa3d1ae7e
SHA25674407a6ee5ae7e49690f3345c95a1e37cdb8c88fb509f70b07b4b9b2e37e7243
SHA512e0ca155a0fa09eb32bdf3d9758c519ec31231b66972465ae77e5d2616e1677b0fd3045a5132d122b4ce23f0bf58c44e6164147954c89030fe1de02e9e20fdff7
-
Filesize
16KB
MD5a625577ad9c96d605cd7ff623528be0b
SHA110451610eac3cc85f09a40435aa06e68f32b0275
SHA25640486ed3de937cffbb1d1d191f370333fefe6c918fef46061cbbd10b323a4546
SHA51210836f7d1f257bbeb50cfeebfe46262a71dc62a48a9eb3c05aaffea42e34cecfb746077a42daa01f0f559e68d1708ec5f74459d6e36cd8e82e613ef939409ebc
-
Filesize
282B
MD59e36cc3537ee9ee1e3b10fa4e761045b
SHA17726f55012e1e26cc762c9982e7c6c54ca7bb303
SHA2564b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
SHA5125f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790
-
Filesize
17B
MD5907fef7464e3fcfce2ced1889d9be4b7
SHA14c9b22dfda932fe87cde75e8e59e79fcb1ab7dc1
SHA2567d49895635f237fe77138875d3341e439ac9cfa34baa90516f5c121425c63cb2
SHA5122cb41536eae439668727e054fc24749c35532e91ee041f614bd379a99f4e3dd0a842ab37fc209cba8915ab03dfa8c3a0c1f7e2d404388f622c8990682a27a626
-
Filesize
402B
MD5ecf88f261853fe08d58e2e903220da14
SHA1f72807a9e081906654ae196605e681d5938a2e6c
SHA256cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844
SHA51282c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b
-
Filesize
282B
MD53a37312509712d4e12d27240137ff377
SHA130ced927e23b584725cf16351394175a6d2a9577
SHA256b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
SHA512dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05
-
Filesize
504B
MD506e8f7e6ddd666dbd323f7d9210f91ae
SHA1883ae527ee83ed9346cd82c33dfc0eb97298dc14
SHA2568301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68
SHA512f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98
-
Filesize
16B
MD5bf6d0738465482149b8dfbd9bf24087c
SHA18d3bd919a171f7aec7890d646ef1cad29874a1af
SHA2568b11c9be8e88d97334ec24f20f31b5e3d8da25d86133aaf2bd31c10303489477
SHA5128fce523ca6722ff385c83544ec1441fa317acbf462bc7ebe3c3bdc9f5e712a7ec6e2840bdc7788661177c2833f52b70f9dfd3b3dc39ee4db46cffef9e3022183
-
Filesize
96B
MD5c193d420fc5bbd3739b40dbe111cd882
SHA1a60f6985aa750931d9988c3229242f868dd1ca35
SHA256e5bfc54e8f2409eba7d560ebe1c9bb5c3d73b18c02913657ed9b20ae14925adc
SHA512d983334b7dbe1e284dbc79cf971465663ca29cec45573b49f9ecdb851cdb6e5f9a6b49d710a1553bdae58c764887c65ba13fd75dfdd380c5c9ef9c0024aa3ef0
-
Filesize
504B
MD529eae335b77f438e05594d86a6ca22ff
SHA1d62ccc830c249de6b6532381b4c16a5f17f95d89
SHA25688856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4
SHA5125d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17
-
Filesize
504B
MD550a956778107a4272aae83c86ece77cb
SHA110bce7ea45077c0baab055e0602eef787dba735e
SHA256b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978
SHA512d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a
-
Filesize
136KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
120KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
40KB
-
Filesize
48KB