Analysis
-
max time kernel
754s -
max time network
564s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
18-11-2024 05:56
General
-
Target
XWorm.rar
-
Size
59.1MB
-
MD5
6ec728dd292a8e1f39cd6baea415ff66
-
SHA1
e1103f0af9d27f5c56667d98a36dd40ab5ec8392
-
SHA256
c03c2ec5ef0958a61a913e2bfb80a420a030f579858cc203b3d2bc3b938400cd
-
SHA512
ffc584bfb586e7c123f5e7c153fd9e9187e7010e7b4bce9ae590c05961bbbfa46b4c2f25ded830626e30aea919cec31f7026ccf699510f8cccb1921507829a40
-
SSDEEP
1572864:c3UGEBh79oS6ea3nG8zWxYKClanZV79oS6eaqAHRvr:QEBhxb6eaxixDnZVxb6eaFJ
Malware Config
Extracted
xworm
5.0
127.0.0.1:7777
h-asset.gl.at.ply.gg:7777
lEKFfsS3mf7zGun2
-
Install_directory
%LocalAppData%
-
install_file
RobloxBud.exe
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload 1 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 23 IoCs
-
Obfuscated with Agile.Net obfuscator 4 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 15 IoCs
-
Modifies registry class 39 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 18 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWorm V5.2.exe"C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWorm V5.2.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7092 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3742486644960646854,12172523026583952854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:13⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x124,0x128,0x120,0x12c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWormLoader 5.2 x32.exe"C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWormLoader 5.2 x32.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bzft3lkt\bzft3lkt.cmdline"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FE7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4F4EBEB7973A4F7CA20641EFA7E86C3.TMP"3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XClient.exe"C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XClient.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWorm V5.2.exe"C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWorm V5.2.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/XCoderTools2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe98dd3cb8,0x7ffe98dd3cc8,0x7ffe98dd3cd83⤵
-
-
-
C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe"C:\Users\Admin\Desktop\XWorm\XWorm V5.2\XWormLoader 5.2 x64.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD546e6ad711a84b5dc7b30b75297d64875
SHA18ca343bfab1e2c04e67b9b16b8e06ba463b4f485
SHA25677b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f
SHA5128472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e
-
Filesize
152B
MD5fdee96b970080ef7f5bfa5964075575e
SHA12c821998dc2674d291bfa83a4df46814f0c29ab4
SHA256a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0
SHA51220875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff
-
Filesize
1KB
MD53bf6c759f50db09872c02215c36c6a62
SHA159402f93f0e6001bea42bb4a7f865f48d8b8c166
SHA256d83a91047d124429c289fb7bd7390b23d8640021a95094d8a7ee33d58791fa46
SHA5121308a23228cec474b7380cb526b83eebcf3a8377b562f84944112e86cca8c317170628905a4f6e1490d1f36da709b099134547a6e2974c4f50b35cc9d4f23f86
-
Filesize
28KB
MD50ce7ba1811d82ca152c78c38d4242e79
SHA1e327749885a1d77eb55c46ba8c80eebafcd780f7
SHA2563cf0019982747c8c72fb10281accbc112536484fb0aa39e26c7f464f63628502
SHA51257dc527dc6cdfa28b69cebb6634e6fb2cafeb507687770d15b68160f860c865282855eff4638709c8177ee8534bae4233ee2b2ccc47d26f45fdcf6ac4f2b5073
-
Filesize
80KB
MD514e39be019da848a73da7658165674cb
SHA1e016473c4189a8cc3dbff754a48b3e42d68af25a
SHA25639595a1806156cfcadf3cc4e20c5c3f3eec721386a0551790a15f025ba9402bd
SHA512828a383de549871aa80ec960a7e371ef47da96d01ebb9628d1484ceed9eb698aec5109b3de0b24ff8000610a2c2d633616c9fd28d380656fecbaa930cffed029
-
Filesize
2KB
MD5df4bdc3e9b50e9fe4121cc81ec66895f
SHA113b13758049a5c189deb8d94a267b388e0046d83
SHA256c3ded6e8abec67d59384674cd4306350c97f78036967bebce4f06a0af570827d
SHA5126bfb8df54094c439ef826b349633d8b025f999665db92e01d7d0b039cffdd19380979c78e20e37f5f664595dfda8f6a0b413f325fce21e1a8a722c1dc0c90df4
-
Filesize
768B
MD508a09fcde9de0d4e354c1b2e28abf07c
SHA11e6c1f494fb8828b6918afd6b1398e1e252b9f22
SHA256daaba182c0a6d2664915c1ac04ba94e7a8c8712af0557da3c9b82da578bb5717
SHA512b6a3606faaddcc1f8f01dba9daec50c96eff9c17313635543782f6860aae4d5839118c2340ff09967d915fe787afe1d36b04aaa22618bdce2b28fe8e633399af
-
Filesize
72B
MD5d73e503ebc65f396ee191843ee777f43
SHA1fd54c01ddee1f19f02464efeb6d288dda0d27d58
SHA25659f6027543be381c71bae555f6b9dd8a01fbbb79bd33acaf52f95ba350fc45b3
SHA512e954cb1da867f36c1c31759232f9c5e247f2f240290c58d8f12c6cbb21ac1ee37437f519a8a8779bb07b88e6aee78dd504d68fd76f2a1390e1a79e26d8247a35
-
Filesize
72B
MD5c42cfa10b8011265782b1a26deca9e4f
SHA1b6e4069f4f2db211b65c6f58767607111360a39e
SHA2561e765e0da89290d7e669f4b75761642be0593858324d6f2a9e961eb8e800256e
SHA512043b85f8f94327edb2a89006933af8dd084732e100c1d3f514d52def726af4d58c59affb78b9073086e0d9b1c329e301daaa652826686bb69e3638c4bd0930cb
-
Filesize
442B
MD57af9ec65649e17b54150c9fae16fd871
SHA1b600c4db469e24abfaba074355ebc07458943934
SHA25650c16032f3f99147b48e22325e35dabb98d37f56eb570897eb5f82c662961a83
SHA512c458f172d169050930220e35079ed6c0aa36d0340497e163f9a0fe45736fc570b8f2bef1858953d983f68a13971979ae34204e8a67c45015522235c7d4ce0988
-
Filesize
1KB
MD59bded8f5895190afddf6e1516f45dae2
SHA19dd431d16a4da435cb3e8108116923f08ff0b7ae
SHA256cce0308b7efe741df412a6731273892e074993002089c8ffa81a1717684b2137
SHA512f6279ac8ff1f617366f79de881fdb2f6956a375ad13fd0c890700f855f74d0e52df606e2758ef225c649e564b5ef52ead6a8b2d42e2f0a07018f6507747c33ad
-
Filesize
1KB
MD5a93a23ca1a9f249ee4b4810db7f13ba5
SHA13d51744f43cc8aeba036d53b5bb3b01537d7b358
SHA25671e2292da58f9c9ea8dd1f2eb036eb44b05a9c8bc7ea0e2c0a8002ea6890a6df
SHA5129230cc1f1f922c5eebf42d96475c9edc4a42b9499f610d36efd23f54557021f3689542f3e7796f1e6ec020716f684e36a530a70abea356b0b3fdcf422701c326
-
Filesize
6KB
MD5dbcfd9f214b9beba0a63bfddee24d44b
SHA18e8fe4a1b401b1dab0981e61b02b4eabe542a59b
SHA256d492fe389b4c795497fbc51f7f563b15bf136ab168beae3fdbca6a364e046b78
SHA512092998b076e5be3d1a8f12bff1a9b526abe5cfc00f92214e95e93956b226abfe5a0d66624b3686738f4ade82700b14782e176170edb73cd1c7368628d1ca18ae
-
Filesize
7KB
MD5c05d2327023c5d3d2adb6dccc83abb19
SHA1a7558763b348889f786945c3f61b8015a2802021
SHA256e6b652a014be55e1830a0e798d1effa815e54fa7a9784bebf73a666353729477
SHA5122a6eedadab52ff03d495d948e561a1eb22656f2572ae6ecbf8739e9d7513f7aa8a1c35ab67acec38e493ebe17785eba2d941dd3b3f5b6c3ce78db0c323a54b55
-
Filesize
6KB
MD5acd4a055d9a2a67fabbaeba8a06572a0
SHA13d5d4ea3704db8817bbda2f9eeab9a1d6e13da37
SHA25635f5427cc0ba20c2c1e8bb9130ced3e6b45526d2a5f929368a11f326c1d68f91
SHA512cb3852b7cd397944a06ec06bb9604b9036044a0a67fe266ad53c1f419c2a5c0646069a82b84b6bf0eaefa4ede7118942a05b60a7216c88394ab9ba8e4938470f
-
Filesize
6KB
MD558a950fefbf3468b145ea5eead5af2ba
SHA183cc5b080a7e4a203a3b8f556da4d72fa6ec0c02
SHA25678a7a21d01e4b0bec3cc879c673a029b59f3004947d0f59d6ddfe17d91313e6e
SHA512dc1219a60385b43fdf5c5c9a89c775fce0a6285560584efa66c4938a5f33af895121f3ba6aaa7bb04d97f64df863a7f5ac3895882d0849d9f64e3823f7847608
-
Filesize
6KB
MD59925d26380656b4b7a5e9be623fa09d0
SHA18099ec79c5929ae05a2169b69cee9e2656c54869
SHA256919f3f1485f72b9f0ce9eaec5a15d2a5bcadbbdf659b51688c3ec9d81562e921
SHA51226b6643d59f2a273c02fa47f234bcde27748ab3d4e9dca2876102aa818e36546ca9f4d211c7f81ecd0c63f583fcf7ead25de363c59be727c44e3dab1acdd0aa0
-
Filesize
7KB
MD5eeebe6cf0b50e4261fdb3fd10ca3d1f5
SHA1e8a189eab3c7849319efe8363d2447ded963f830
SHA256ffb7564037ccd80c2e7d2cc3594771bcfadf588e9f3df1892e7bb20e76d9b50b
SHA5124455f4f9323e871d39fa0d763f42bf1249108bb96b9e3f81a2606400b34cd98f3206d54ca9dd1dadb74fb25352c654b0daa52a1fb59a233195053b037b75cfe3
-
Filesize
5KB
MD585a644c11afcc2876d2f78521b842ee7
SHA19791d73fa80be90cc87ea3a4b485a321632c4b4a
SHA25656446db024c065a2dcdd326727955c8a6ef7c1edd38075d0cac95ce6bfb960e1
SHA5124c730abecfb5798e3acfd3c08fc56f21a72063584fa05d16b8a3a0b1967f5f2da2557ad8c6667e1d0c499cc19cfebf4450434d82cc958053086813d94a323998
-
Filesize
6KB
MD5dbd0b737f6549410526923dcb3bd49ed
SHA1cfbe89f2b71a909a56be54252f8b6b4c9d9efe56
SHA256742f06595f7649cf3f990a7aafa178558895224d529844ed1f7924aadabb924d
SHA5122634b3595320f26c919a470a50cbbec0adfcc7beff5fa67df081b4b1bad5b20e941543fa1b3274cf3f145ed8bc78bc532574803beb0966da522b0ab698ec02ef
-
Filesize
6KB
MD5b2fc02f475504ccfedc53cedaea774b0
SHA1bf293bfaa9f0b792771fc7c21b810de421f14b69
SHA2565500594236ae8e35f4c8a7315205482e18304ecd19cdeaca159812f5321f15a4
SHA512648377406f6ee03a54c01abcfc6b188f238e3baa72dc0e4cf3c175e2de8be9f2a089c1e62a6bc3e4e185a278128b27d5d05b827694aefae501c1fd3c68310348
-
Filesize
6KB
MD55be59aec6a41d26adf9854ed5d8fb5a2
SHA139e0bacd4054ad592e77a4f976c40e31d0058c99
SHA256a4483443e858e53f9fd43ac6f3b522714c94ca13793a205c44934451765c40f6
SHA512f5654579d8898082752511d453bacef8cc26bdc9e21e3c0623a78d0dcceab2ac87ca2026ae268298724a4195dfc29cdd4407904c6764ce27d3b8f358e08a6d7d
-
Filesize
1KB
MD561b239ae819dd4bf2da1f4c6c2c11660
SHA1ba834e7c26d95fcda5b353e2a2099f452c7c6eba
SHA2565f3fd80913227b8dd0d3557298f692f61ad35aa9b45b260ed278d6a9d3835530
SHA5125a7130f004b80d11a451b4dd5071e958085e6c612c3c4f8542ddd197b6a5377119e83837b577f09a24356612128422c7e4b7b5947ab6102c53e6fb092fc88494
-
Filesize
1KB
MD53de3e5f716f42f42080c59d05e48dcf9
SHA108c6bd5952581b3895fa6aa740c1823d36a626b9
SHA2563bd9f22719fbd90c50a50e31490e19f890c510ed80198d8bac54754c300ccc16
SHA512b179feab4c4cd2d1e4041e8332b099764a76cc0b0a3da43d3476e1db8edcc718d3cb81f17bd27c96316a6dc044affb4a13185bc28951f1ea13b7306c2294e108
-
Filesize
1KB
MD598b85d1868540a604d561525e683ee05
SHA17a9ea3fa9f8b31ce4761019b2ee908bfd7e56c1b
SHA256165f8a8e27bc467dfbe2cf5c102069d3172543045f39499e442bddbbee5b5dbb
SHA51297840d4dbe9402903c828a72109449694da5e3f3f339c587b91f7395383250783a07fd3f4b633e118d48e2443b8b2e7485809b779fff05b903dff96365d012e8
-
Filesize
1KB
MD5af87507567f6e3dc7a72df3d97fb12a1
SHA124a2a2553769866a7a32f4295dedfdf23de95bd8
SHA256a598ec2da51d89d7d8fd18c9c095a8b20f533b010a0e71342d9240d0f7f9e11c
SHA512682fcc0dd42a86c10396ec20a65f70678e380b479afcb0f846157c1afc28705a28698a0f8a5858f8f8bef0070fcd8a0b3fdd84dface27c7acb209faa8d9e967d
-
Filesize
1KB
MD5c089582d7a9acf4cfa7a33ce32eb2a40
SHA1605534bb7d99cb376f817f73a802a5b55c42df6c
SHA2560fa7bf35d6e93470c541cb2d440b067afa1a31025d6057ea5ca7ea9a66cdf6d6
SHA512d0a74baa0a9bbd000bba675ea5a0b46244eebfac05543110db045f8cbf4ce7496957b4bca5bafef84e64a355c840abe76dcef2cff2d9a0c00d119797647b1da9
-
Filesize
538B
MD5cd7032b36a45e2a24fa5ef1cb6fb3987
SHA11a9c3d5c04007659361e282ac903b182d9063950
SHA256fa780ff1f08e9566997eeeb68b7d2649b6a6c3ccbb4465a5ea8b4c094b3f130a
SHA51239053910390ae2c270051f6d68899bf3e38c3447c5bafb9f63c6a9bb3b4554beb3040f139ef55d398d93cc3dda25134b2dd6f2b077f17b44f1ee3ada65deb4b2
-
Filesize
538B
MD5c5378ee8dc5c0d859bb2f7e07f9a2437
SHA19f7a0779935e33c0bae2792d926f465b510b2dea
SHA2568f37b27b1c1aa7b0ee998b2d973339654c06ba2c653e3e576fa26280793357e3
SHA512862379f9394667aaa6ebb4fa767b33058f8da1057e57b76c2886324b2c3b695916bc2aa78d1a721df65cb23a0ba8df4a446fb6c9be88e49f4684c17f61643c31
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50e6922bff0f11427c830792d8847ef06
SHA1c7f29f9f8aac7439accae344ea8225d417ff2b28
SHA2561173e64b4386dcae2d538c4ee1b006b7ded60253b7c4749ad688b9259a0d6d32
SHA512eae2df9ef3055f75dac41dc73c22d26a1b35188e7d8b94eee03da4f46ea3bf4b2bda3616cc3931bd7db0e242f7cd64c74168ba888b1d94577781b6852c431eb7
-
Filesize
11KB
MD5bd79dc7df887ddd85d63f6b5508914fc
SHA15702c4d3c2ed04862a1fef6b7ef007e9f414e654
SHA2564afca3e0aed3b1175e8cdf76da051dcabd6812b75620f02019775e9967e79068
SHA5123a9ff26db13469196360ad12afceb411d94ff8f3c064c210f71590d45b663b60880877e62d758d34e0a44032d8d8ea00c4846893f3c62c5410caccee0441c371
-
Filesize
11KB
MD5fd4878be3f3f6390ebad1006434bfaf5
SHA1836fd2071d43f454e71fa06b96a90b1cf40df643
SHA256f1f6366fadf90c693331598bf6160db0f9e877d693ff6735a459952dad587056
SHA5124f283f4e08a245118c7b79b9aaa59db7a488b2b35aecc8bea35c4c0ff1ece9c906af23639a14713854012dc74be2b286ccc2f8b1aed1c63af44f818e11137ecb
-
Filesize
11KB
MD5d9fba890ce12a7e0da71e3241a4b197d
SHA1699c98eae6fadcb39db756164ca729522722b566
SHA25648dd6736d613c0aa05b13f8feb106bb2946c155352d377c018708068f8242d09
SHA5127ccca7fb0e48f5e6e3542b34f983bfe892ac4cd4b36e8c4eb3a633f59a42ec74d3e132ee9f0cf70d285282e5260bf82a94ea5b6737d7ff63509985c86011922e
-
Filesize
11KB
MD5910cc431cfbcd4462e6ccf0c9a1c7c73
SHA1a18f329e281f41cae7b74e66305bbec09fa7f3ff
SHA256124e8174d0aaefbd2bf253b0e6e0df3de1f26d04e6cce497f1267c29f5720ddc
SHA5128c228a50894bd61aa6760079fabff0297ace7159e41832743f5b730731b3cb8a590d537f49bff12c5268b7ea189667fce6081bf9873f06687cfe1d62681160c9
-
Filesize
11KB
MD590fbbf99beef484c3e60c66fcd6533e0
SHA10dcb5d6b4581bf8fbeb6a6b0cde42fe5b86f3a53
SHA25639848e55af3e8c86a055b17c9f678d667c85cf04047e30827c31e7b09119638f
SHA51223b165dace6359e7f7d8b1f20db4bdf31510e38c9746cf399d1c9bfc8e4025d6b950d83695c74a0a3fa1fd9a0ec7241491bc9cf6fd8aa3fee290daafeed1b50c
-
Filesize
11KB
MD5575f6caf38bee593f253a327c0b23a21
SHA1f2674f299caa642ee904376650a1b023111a7da1
SHA256c07e4a95a6e6103384f6a9115b9787fb4dc360a83d534eef10b784476587354b
SHA512a1b048ba8e9a0c4f7148e2b03efb745e09a08db729eae4fb61affb49487ed2623b312d0ac4095a7fdf54d8aef6fc8b506c7638ec5bc90b48b2347dcc881dab8e
-
Filesize
11KB
MD5b544d1a794e8919171b7d738e5a089ad
SHA1b1b07616e5f14a7427b728fec27ad508ffd79579
SHA25640b88e66943fc4c4b9522e5b847a181efc7be341c255491348fa1075b064e4a4
SHA512bcf6e9abe7ef73b5414b41b5dc03bd463705147ed5a28de431dfe775ec746942e3b75f41b151d5690cbd4350a20336b21ae3419dbb922ff0402c27d2d21da0ee
-
Filesize
10KB
MD5828dca93564804a048538ef12d9f190b
SHA1c41302fb6fc2463ced6888cef20e7bece67df8a7
SHA2564dda5f6d1630e8a41ecf7863e5b0bb61d0f8552a2f2e490c7aab6d8de36a45b5
SHA512f001656926a9af388acae083c6c6448377c5974b832348b6f4d91bf8cdb854f4e448b4fb1a99a93465064daee5e77163e54169274c9a07049645b9ce2cb9845c
-
Filesize
10KB
MD5900bc1b37a90ce430a44a37ff2ae0d0c
SHA18998cd5b8634bf37ab6af47c347e22f2e06cee96
SHA2567820fa50c013344df4496cc0c204ae1956b4271b3896cadbc0fcb6e7bd57d748
SHA512c736663180fa57eab4e641facb7e600c10d02d28a63007fac4302700b487589ee3abffd70cdf50611b1c11d156017ac76fcb079d890c2650dd29227ff40f8616
-
Filesize
361KB
MD5e3143e8c70427a56dac73a808cba0c79
SHA163556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA51274e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc
-
Filesize
187B
MD515c8c4ba1aa574c0c00fd45bb9cce1ab
SHA10dad65a3d4e9080fa29c42aa485c6102d2fa8bc8
SHA256f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15
SHA51252baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4
-
Filesize
112KB
MD52f1a50031dcf5c87d92e8b2491fdcea6
SHA171e2aaa2d1bb7dbe32a00e1d01d744830ecce08f
SHA25647578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed
SHA5121c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8
-
Filesize
84KB
MD50b0e63957367e620b8697c5341af35b9
SHA169361c2762b2d1cada80667cd55bc5082e60af86
SHA256bd9cdcfaa0edecdb89a204965d20f4a896c6650d4840e28736d9bd832390e1c5
SHA51207d0e52c863f52ecb3d12fab9e71c7a18d54cbedb47250bee7e4297ff72ed793c23a2735c48090c261fe4633d53d03e305c1338dfc881bb86874d1633ff6ecee
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
12KB
MD533c043e6487e82329755f36c02419f38
SHA117498140153019448c0427045216af1a5857f1e1
SHA2568fad1ba4fa388bdb3f64a0d2979f36eee64ec86a9085df683cf09802636e40d6
SHA512654231f7419dbbaec26a58eb933b6980d3b7f8a5c1ad3d3d79ccbfed8dda69b16346ee437bc2e70f7af865e9f64af18bfd1fc62b9b82eb304faa187879b01f7a
-
Filesize
14KB
MD5561aae9148715520975f8387e1866e61
SHA1fa1fa8343cd9e27ab015248a7401c80d121a2c36
SHA25613e9b000a16c7daa141286e603bb8ded24c1fd45fb690a7d78460cff736da8a3
SHA51240345b6a9a6031c89bfdb53d1c05a89c6a923c721a65172d315da1a2b1708f6b6fa791797aad1b9fa78d1be57bafcf316e1a4bc0fdefbeb4dcf4fb3fe2664de7
-
Filesize
1.2MB
MD58ef41798df108ce9bd41382c9721b1c9
SHA11e6227635a12039f4d380531b032bf773f0e6de0
SHA256bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740
SHA5124c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b
-
Filesize
1.9MB
MD5bcc0fe2b28edd2da651388f84599059b
SHA144d7756708aafa08730ca9dbdc01091790940a4f
SHA256c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef
SHA5123bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8
-
Filesize
350KB
MD5de69bb29d6a9dfb615a90df3580d63b1
SHA174446b4dcc146ce61e5216bf7efac186adf7849b
SHA256f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
SHA5126e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015
-
Filesize
138KB
MD5dd43356f07fc0ce082db4e2f102747a2
SHA1aa0782732e2d60fa668b0aadbf3447ef70b6a619
SHA256e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6
SHA512284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e
-
Filesize
216KB
MD5b808181453b17f3fc1ab153bf11be197
SHA1bce86080b7eb76783940d1ff277e2b46f231efe9
SHA256da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd
SHA512a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3
-
Filesize
6KB
MD56512e89e0cb92514ef24be43f0bf4500
SHA1a039c51f89656d9d5c584f063b2b675a9ff44b8e
SHA2561411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0
SHA5129ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b
-
Filesize
319KB
MD579f1c4c312fdbb9258c2cdde3772271f
SHA1a143434883e4ef2c0190407602b030f5c4fdf96f
SHA256f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a
SHA512b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9
-
Filesize
241KB
MD5d34c13128c6c7c93af2000a45196df81
SHA1664c821c9d2ed234aea31d8b4f17d987e4b386f1
SHA256aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7
SHA51291f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689
-
Filesize
12.2MB
MD58b7b015c1ea809f5c6ade7269bdc5610
SHA1c67d5d83ca18731d17f79529cfdb3d3dcad36b96
SHA2567fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
SHA512e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
-
Filesize
183B
MD566f09a3993dcae94acfe39d45b553f58
SHA19d09f8e22d464f7021d7f713269b8169aed98682
SHA2567ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7
SHA512c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed
-
Filesize
109KB
MD5f3b2ec58b71ba6793adcc2729e2140b1
SHA1d9e93a33ac617afe326421df4f05882a61e0a4f2
SHA2562d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
SHA512473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
-
Filesize
264KB
-
Filesize
128KB
-
Filesize
712KB
-
Filesize
520KB
-
Filesize
2.9MB
-
Filesize
176KB
-
Filesize
12.2MB
-
Filesize
104KB
-
Filesize
240KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
376KB
-
Filesize
344KB
-
Filesize
24KB
-
Filesize
160KB
-
Filesize
64KB
-
Filesize
48KB
-
Filesize
56KB
-
Filesize
232KB
-
Filesize
408KB
-
Filesize
376KB
-
Filesize
344KB
-
Filesize
160KB
-
Filesize
12.2MB
-
Filesize
24KB
-
Filesize
5.6MB
-
Filesize
624KB
-
Filesize
264KB
-
Filesize
128KB
-
Filesize
584KB
-
Filesize
104KB
-
Filesize
40KB
-
Filesize
1.4MB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
240KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
344KB
-
Filesize
2.0MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
12.2MB
-
Filesize
11.9MB
-
Filesize
10.8MB