Analysis
-
max time kernel
142s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2023, 18:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file
Resource
win10v2004-20230621-en
General
-
Target
https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
pid Process 5356 Zephyr.exe 3848 Zephyr.exe 6132 Zephyr.exe 4336 Zephyr.exe 3904 Zephyr.exe -
Loads dropped DLL 2 IoCs
pid Process 5356 Zephyr.exe 3848 Zephyr.exe -
Obfuscated with Agile.Net obfuscator 32 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/5356-706-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-707-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-710-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-712-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-714-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-716-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-718-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-721-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-723-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-729-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-731-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-733-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-735-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-737-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-739-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-741-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-743-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-745-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-747-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-749-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-751-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-753-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-755-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-757-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-759-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-761-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-763-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-765-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-767-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-769-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-771-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net behavioral1/memory/5356-773-0x00000241EDF50000-0x00000241EE134000-memory.dmp agile_net -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2178924671-3779044592-2825503497-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\Fonts\Azonix.otf Zephyr.exe File opened for modification C:\Windows\Fonts\Azonix.otf Zephyr.exe File created C:\Windows\Fonts\OpenSansLight.ttf Zephyr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133322766668905676" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe Token: SeShutdownPrivilege 1652 chrome.exe Token: SeCreatePagefilePrivilege 1652 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe 1652 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1652 wrote to memory of 364 1652 chrome.exe 83 PID 1652 wrote to memory of 364 1652 chrome.exe 83 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 980 1652 chrome.exe 84 PID 1652 wrote to memory of 3784 1652 chrome.exe 85 PID 1652 wrote to memory of 3784 1652 chrome.exe 85 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86 PID 1652 wrote to memory of 4176 1652 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/1d8kjmuxefrpopv/Zephyr.exe/file1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd1d19758,0x7fffd1d19768,0x7fffd1d197782⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:22⤵PID:980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:3784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:4176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:2228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5232 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5444 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5520 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5616 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5712 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:1068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6336 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:1496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6512 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6644 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6816 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5852 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:1216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6560 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7632 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7468 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7800 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:3380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7780 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8996 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5884 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9252 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:5680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:5764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:6056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:6048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3288 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:5188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7600 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:5180
-
-
C:\Users\Admin\Downloads\Zephyr.exe"C:\Users\Admin\Downloads\Zephyr.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:5356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2772 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7796 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7808 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5728 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7552 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:12⤵PID:5284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 --field-trial-handle=1836,i,1170759173546413737,16318501374968411309,131072 /prefetch:82⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4484
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:744
-
C:\Users\Admin\Downloads\Zephyr.exe"C:\Users\Admin\Downloads\Zephyr.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3848
-
C:\Users\Admin\Downloads\Zephyr.exe"C:\Users\Admin\Downloads\Zephyr.exe"1⤵
- Executes dropped EXE
PID:6132
-
C:\Users\Admin\Downloads\Zephyr.exe"C:\Users\Admin\Downloads\Zephyr.exe"1⤵
- Executes dropped EXE
PID:4336
-
C:\Users\Admin\Downloads\Zephyr.exe"C:\Users\Admin\Downloads\Zephyr.exe"1⤵
- Executes dropped EXE
PID:3904
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Ambrosial\assets\clients\1.19.3004.0\Zephyr Classic\launcherAssets\ProjectHalcyon.png
Filesize54KB
MD5cf4b10cab822fb4e563d5c1fc7757a30
SHA157328884b3e1ebf4eaeb4715a33bf93a52c95d53
SHA256abb9e95c2b6bf7f7fad5f483b9e3e746bbca54a82ff79009d0760dcd2ff013cc
SHA512f0607ac012b3e86a56f63b9778bde661424e56b3b048f24c8d82b693fe673e860bf0225863f4f71915a1c8c5c83f3caa0de796a0059860d62e378e0b98135eb0
-
Filesize
22KB
MD53247e6bc53d0be2619dde6e003a7a03e
SHA1d495da042dacdfc763992a32a8707616356d88b8
SHA256aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6
-
Filesize
22KB
MD53247e6bc53d0be2619dde6e003a7a03e
SHA1d495da042dacdfc763992a32a8707616356d88b8
SHA256aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6
-
Filesize
22KB
MD53247e6bc53d0be2619dde6e003a7a03e
SHA1d495da042dacdfc763992a32a8707616356d88b8
SHA256aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6
-
Filesize
22KB
MD53247e6bc53d0be2619dde6e003a7a03e
SHA1d495da042dacdfc763992a32a8707616356d88b8
SHA256aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6
-
Filesize
22KB
MD53247e6bc53d0be2619dde6e003a7a03e
SHA1d495da042dacdfc763992a32a8707616356d88b8
SHA256aa8790dd7c8736ccc8f27a41a981537f8a2319b042bac44cbfeffcaa1606f8f2
SHA512bf2b22d1b490a3806a518aa28f573066eaf66ce5cb186a090b58c1d9f3a2bea43ebee1ce85c58d89423e401656fa3e2ec75850fce956c749adcd7a9a92b33dc6
-
Filesize
2KB
MD5e986a8ed39c97c020f7ccebb9bf13b55
SHA133d3b7b13af6a736a444a460ef0fba2b247648e9
SHA256ac1419b61cd1e31b25756ea33c5af14f5d897e6c071a7b1bb11c5adbcd9995ae
SHA512503be690f615a04d78ea442dc20f4660b8932d4db307b9b1f613b01346a28aedfc41bdeb9d301a761d430a1cd3f79463a3e7fd45cba8dbd26f48a3a8f62be002
-
Filesize
7KB
MD5fc894506dd5e5551083afa9561b77d2e
SHA1000b3300f6bcd47333100e3712dc7947dd67a596
SHA256d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f
SHA5125d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2
-
Filesize
7KB
MD5fc894506dd5e5551083afa9561b77d2e
SHA1000b3300f6bcd47333100e3712dc7947dd67a596
SHA256d802265463d8ccdeded7b7ce027f2c6fedebfd7dd9db59e2fc63e89ebc08d54f
SHA5125d736535572df80ee5ec7112f76a4f4b36e48909554bc1c953b4e6a4207557a7b3a7cd5a2c206a0fe7a15f17eed433b8f883c8dee0fce8788e7aeb731c2cd6e2
-
Filesize
20KB
MD5e789b19841c377dbf06609fb6690f37f
SHA14de9791a1d51953ce88762980e617bcf36fbb269
SHA25661c9acbe33d087b4dee62712c62bebdc869fec29b06ea724a582a3e2bdf446e9
SHA512ebbbd6fd2cc663a2316abe541b0c65c8d664c6e91fda2e7ac9ccc0cfd0db0703ccb3530c57b9e38f26e447e8271b01f9c38184b0ee391418ac1f7ce533daacaa
-
Filesize
253B
MD5992863f4abe161a1320a4cfcd8efb3bc
SHA10d5f089a174543f564c28cd45d42c9def8e152de
SHA25606892a0ce79de3b7380a8f66566654f456d5dd4c9434f7061ae542d4919c35ff
SHA512725d986596c3e6014a8a39631315e386cb9f770d552070427d12e131c95528f12f98705b24f104f48b15485a7812078f7cde7f72bc1b103a83b2a7093771a36a
-
Filesize
513B
MD5c51a8c76c59b041835dc0bf1bcf9769f
SHA197b442ab5da63350279bae9fecdf50784120c164
SHA25649545eda5995edf1bef71576ffb58371c5e95e85c16e75c828c78b369e9fe617
SHA51229b2fa7b901c22d1b0af978b002f67e917c1d4c1aef7511764b2a06f51d696231ac5749d571d95b97a19f6d4c461a7828e9f4c02cd287ffd0fe35f23b86b0c0e
-
Filesize
16KB
MD514c29dd2f4a7bc27cb182ec49efc1227
SHA19285696cc33085ffefbf197a29e2989f875d00bc
SHA25617a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3
SHA5126fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669
-
Filesize
16KB
MD514c29dd2f4a7bc27cb182ec49efc1227
SHA19285696cc33085ffefbf197a29e2989f875d00bc
SHA25617a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3
SHA5126fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669
-
Filesize
16KB
MD514c29dd2f4a7bc27cb182ec49efc1227
SHA19285696cc33085ffefbf197a29e2989f875d00bc
SHA25617a6fa358e181db21e5d986f567d8866308de02688ef58ce678ba6c041e501a3
SHA5126fc181b1491645a3704626c5f382d74d49ca9a30dd15220d220cbe93786747ca28452843625bd18d40aec06cac613513c97f8274db4404cee2c8dd446c91a669
-
Filesize
16KB
MD5cca2fbf55652db066704177aebf13702
SHA1e83d3bd72c58e785b69537b6c9a7f87879b0e64f
SHA2569df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14
SHA512996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c
-
Filesize
16KB
MD5cca2fbf55652db066704177aebf13702
SHA1e83d3bd72c58e785b69537b6c9a7f87879b0e64f
SHA2569df860ecfc34d53037fa4324be520d179d1ab1ecf06fc227f60fbf859a61ee14
SHA512996af9a153873664b0aa5033026b7f6bc892bc5f2cb84dc99048c84f8a546e7bf072fb94b0b13a6a85e6d1da589ef7d3aa21d963110e7473960b041bf871da8c
-
Filesize
409B
MD5a7a11c2fc4783475ec08816283f79a10
SHA127e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4
SHA256f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019
SHA512f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f
-
Filesize
409B
MD5a7a11c2fc4783475ec08816283f79a10
SHA127e3e683f1d0fc8d24f5530f2607d8c2b3e3edb4
SHA256f86da4f3ebc4fe94f2215e97868f28f7933b6b4e8120f8989ba16072148da019
SHA512f162f246a471435d79a852f36c6d599e541a5dc5169012e919965d005eef5171de831cc3b2b07cb6ff00f84c3af4a4bcf69d815b11ea06f26bf5bdc3e89bab5f
-
Filesize
15KB
MD5ac0ca68287e669d5e03c5395dd3c0385
SHA187a7605f62befacfa84e4ab8b7f97de45b719f53
SHA256a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f
SHA5122cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd
-
Filesize
15KB
MD5ac0ca68287e669d5e03c5395dd3c0385
SHA187a7605f62befacfa84e4ab8b7f97de45b719f53
SHA256a59f4ebb55227879253a42c2dde54b1a4e45c0728417e8c6676a629d34bc258f
SHA5122cf311b146ce95909271ae1ecbb8c5009e43f3b71c5ea855311b1d93af574fc61d09edc7074ea5644bd144fa76aae0c6d9eb7e7abb9bdcb1a35e31d2b3a6edfd
-
Filesize
16KB
MD526f6278d6a5024d6d29466d322bce197
SHA1cc928d4375e790c53c4dc4b6e140333a4666212a
SHA256a9bcb455b40e2bf7c91480952168be1aa85377dee76b8d821aafb24c4b71d5a4
SHA51211437f83b19c374e803e2508f39252a80eff89138c8af4a5a86085289884f97520295838d2efea7b24443ee56611247c9edf806dd9387744f5aac27ae920642a
-
Filesize
40B
MD5efc6a463686adb4233bc6b344d7aa760
SHA1085f982372942f7fa77926cf585dd46935ffba3f
SHA256963bf915975122e993bc283243bd7aa68d1f89fdda2a609a8b5ad1adc2e64c30
SHA512fc23491520df400de344342a3fa23105c9a6a7278a446a1618fe594bdd51e3ced157595e411d68968d157405c059b37e209391ec6168b9c04416536a1adca006
-
Filesize
1KB
MD5c4fcc8fa78fc157bf0cf4308e17bb6ff
SHA13bbdde8b00423181f81ca715f6d22d4f7c001628
SHA25661a18416d4b9cb4e3d5133b317cdd6273f7224b757da3c90c504223b33b2d8d4
SHA51210dfef44489ec5056348baab5c8670a2015d962c9048df3e17654bc751a90c778234a157a68516c2291ea9e59e2365b13795a4db82fe6572a9ecfb9e9eb86a36
-
Filesize
264KB
MD5d6c20517032a51ca84d23d1e851d629c
SHA1872110867cdce8b8a7e5d6993c7f54931ef527b7
SHA256ab6ee7c0a420d1477a0af092af461abfdd9e6df504ca6796f01aedb8af841297
SHA51284ee423d035d49d3190e73e04abcd536983ed586a0c6818d80b7ed2ba91df88eb9d02bd8586345254c9ef0c252a8730fae98db0b805b15f68b180b8d91115ec4
-
Filesize
14KB
MD5b548a862228e0ccec48ae798eb6d72c5
SHA11e000f2229ce4ad3349f174a5ece3152f7b67b5a
SHA256eb0dc8b4602be07fcc3c59a689c2233771929d24bf6400e392fbcd8ae14ccfce
SHA5123a196493da6ead5151d018af6e24167110dba340d660e68ad6bbbbe177d02378c8f1fd59dac32c4b5821b3bb217ae8d83c38bc695737a54cae11b13997b04cc8
-
Filesize
3KB
MD5a4503d131fef5beed287790be687cf56
SHA189d5245a6714dc0dea0314c0dd030f06b77ebd0e
SHA256decf9ff7b235c8a7c1cd2c8c1c6c811edb7536c07f4d1aa9d9b326e6d9395e48
SHA512f84ccbd474403cdb3ca2bc4c495f34cbf29add0abf8c13e686605bf9482fda821fbfc34ecf9b068334777cd8d83522b9b7484fc0afa8eb39d92c597518668c9f
-
Filesize
5KB
MD57c2e5fc9dfdd0714b935698b0e0de219
SHA1a1af63bd7355c1f968a8023f44ec622b7acb51f8
SHA256efbc04fc4519dc6fdc79f301b6e6bc78ad13a41672e5b597fc536a66441c79fc
SHA51211b40fea2d22870f9d0e3157573403b7a7e7324bde9a0c3be136ced632a1802df0b0322781b522b9d43ad4f8f1df43c3a3f9be7c8dede468d00516582f1dd549
-
Filesize
5KB
MD52f8cfdeaf9dd24b3a717282b2e800ab8
SHA1169c76a439cd43a1f11d0215f0b6d55a90393cba
SHA25695f8cf6aa440972f8729574098b7a970dc049b8d10413db3de5956e0f0e6a6db
SHA5126f364c31c35897b2dc8768d08adde122fbe6b7506bd707fdccdd29383066484906f3c2310406a713dc22bb0184555fe8aad893abdb35d6daa454a1e8ede4634d
-
Filesize
5KB
MD52e61c4fbd979402471d19ef978ac1f62
SHA1b94feaace17aedc3c32c96840817fcfc5b80df11
SHA256caa5bb39473073469f73cda1485a030c47e5b2ab9396df09ba5a8d625ce34358
SHA512fc54e311097d005ac43936bd0c04b87686fefab1ffb992e302424021245bff1b829ae94ef01d8b44126050089e4b75f4c2acdad71a695d2f9131fb1aac9f1297
-
Filesize
6KB
MD568f986c93411cdaa63b218585a7c1cb5
SHA10f6d198f160392dff97be19414ab11632de08a70
SHA25692bf3a04fd7bc61c2e001da96f59331d68882cc4ecbae2081fe497ad86cb2be9
SHA512d3649470f6b5cb2a5928778254f8b877c5bf6fd3750ad25a90f3daee6f304fc5189e5628c7c3839de6baa7750e97bbe0172994ad798d11958dda1c208e71f2f2
-
Filesize
6KB
MD53e6aabf83748d57015aba15ae80a5c8b
SHA1ae1ed356187487dc05aed2f092c9ed5fb453db3e
SHA2567b6a9cbc5627fd94ed85c1d774c3b676c1fb6aadf3322c7dc3916e6755b616c9
SHA512519039e79a49466094a33d17ef666d5f2412ebfefe05e94050aff96e00f2201eb5137a556f7116a1d42cb115a00713d9c742e04780338a51173f8a2bfe723a57
-
Filesize
6KB
MD58db45014a6e8ef3a4c92df35cde28072
SHA128e0311c84e53095c1f16080597714d6ed4f184a
SHA256cd67b3c6d781f6c0eaa2e36f8486b23f47f2105b2c74860596dc5c0f863df86c
SHA5125a02eb06863103c08eb102dd1d7a1bbf3ba415c3e5d86e6eee277e0b22a31758b78c388c260d39c1c78fef2db50594a8cc68f81191e23f4278bc795e8f42ad67
-
Filesize
5KB
MD5d5f88fe034717ab16ab6d20b2328780b
SHA1de0b41fd6a1f91d7a7cccab09ffd77b43b50bfcb
SHA256550ae954c3ca334848052d1f3a7d86756207a6a275125c6bd7514d0aad8b7a6e
SHA512b719c5d4587ddf347e5ccda25ac4c6f8469ba10322943811137d629f90dd93558a4f3c89cc234de847798ab75b0b2dbb479b085bb8923126a38d24f358409b74
-
Filesize
6KB
MD53ddcd466d25f784503626cb551b26c9d
SHA11f23a35008d30972cbf731230f9b61fcc9dcf307
SHA256f8db4fc901b4df85041ee7ff839a66b2748d3f7cab4efcfe0967a69226c23a71
SHA5123c29fe9db9d6161eb2e5a3cd3f2b9c2c2d2876103d244236ff14c9332a927b71c532761d75a59aa86f86e999ef5a44214e21da1b818278c1e465715ff986a308
-
Filesize
175KB
MD5201cf9a396abc4a9153cf62939776b0f
SHA101fc222d3b615e8dbc12eda325a8b9c4c007fc5c
SHA256d67bf397ba31c32e53fb08bcb13e6fa07dc801ddff1ade3a02e0f4481eb4a2d9
SHA51254745cc09f6d441565461fe3547c3e042a3d3afa80f8d870521c719b331938de17404f93f30ef4a30399a274dc6e21b81729566665f16c9c6f766baa17848a5e
-
Filesize
89KB
MD586d6876b99a4152001ce7228020c3e87
SHA14081536aa6b7f680ca665f4facd438f28af5986b
SHA256acad0537cb8687e0e3d8c3987fd4b78286541a91fce011a6dece022c6cb538a9
SHA51267af1c211340014fcdd87897ea1e35d8dcd9a6adf7659ba38d820b3f6a600b7f8718b7296d1c1aac57853b220cd77dd35068c61e9c6347debf0ea8037542394a
-
Filesize
174KB
MD5a60477433ba5ffe257a49b352a0d99df
SHA1be0c24252d69ca8af8f9fdc7a05d2ba6e04797f6
SHA2564e0ad62c635fad7a638839767a5460138f37304452ee7d9bc6d7deefc184d221
SHA512d34c396d12df8e1555709257dbb51f2774c042b0a9e95846c3b50a7288ed05d39dca2465ffd408cedc9b85c00426d25c1d9fa331aff6654bcf71e6fdb28ce106
-
Filesize
175KB
MD553940c3a638b70b6937aafd746f20109
SHA152c0a5ffbaf4374c17ba835f9f1f1cb90a2130f7
SHA256d8ebd0bc29150157c3caa04b93118152a0a5a82713626fcb72543516cdabd466
SHA5120098fc1f1b00d483ee50c675896027f67a64adc329f8f0b858e781107e3b8b7ed16029911e593b2c783209c6b2453fe7078ea6804a93b7c6c3c2562e0a085f93
-
Filesize
175KB
MD515971893cc915e883cc1ce6a6d9ea9d8
SHA1007ac1fcb2297e435624e675ba93b16eb987a6c8
SHA25689a178116b250779a5972a1f0d7c67f01b4000e3ad6cb05ba438349b3a8c0556
SHA51225e2eb0659027f55147ecabecc253e63ffa2a93ec64bb663e405c0569cd111f0f151cc35d388d21ef231ebe8cdf5bd31f6dff4d4a95c9b7ac949b24c3366d6dc
-
Filesize
175KB
MD5bfcbe2d28d8c54d313e596e2db5e3207
SHA1899b092123b98751a06118ccf7b3e3b6b4b2dd45
SHA2568e76c07b2675d3da437bd9b0a881ba3869b4f8e654c25b1ca65bc6e470a09624
SHA5127eed88ecb32246cdaf710aaedda701325beb54676e9540a48d4dbd779009cad9a6339746050bc59ceee4a774a179439e91e30b5ef59d79bc042fbca51d7cb1f6
-
Filesize
175KB
MD59f1ba0cbb53b11275b963d58b7d7dbe4
SHA1b086073e715e2650242c8e59d8e3b706ca893540
SHA256bebb48962b894b4c2178fcb377d4fa7c9b9e59d7e6303aa909cc3e8cbee98e64
SHA51272ac844c037d887780c125d362db7efa92461c640aedaa6ed6afb0d9f280c97eb408ccd6def760d245ea20cfb150e3c236305ee8fc3ae05d22ffead008b3b7aa
-
Filesize
175KB
MD552f5a3935958d9066874492bf6103293
SHA1818c27cad5f2f2fab5afdcf5249591d79aeab4f8
SHA256dcafc7ba296d3cd9fca7bd246aba1b1a3367d98eae8d32859df7ae09af32ca2d
SHA5125f85aa44a70cbdc2e8795b05e85cd08714ddc63eb3d7b1e65ffa4f34c9987b87f0d1a6dadc0e988727467cf4ad3b1d8ee008440b7a0b3838dcb82b0065154cda
-
Filesize
198KB
MD5adf1a1f80d85bcc620fb695bba35b212
SHA1c5eff53f7d301a6bacb829178eec5b83fe61078e
SHA25602177fda3bb90cc0aff9b8cbc96004bae7c176ea2324457bc2c9b5397b7513e8
SHA512de692779bacc67dda207bd57badef99214ba823dda7d95cbac05feb843c9112543cbf053655cf6848aa3065bae9dfb28410e721954d775120381d99ed8fac4d4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
142KB
MD59c43f77cb7cff27cb47ed67babe3eda5
SHA1b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7
-
Filesize
142KB
MD59c43f77cb7cff27cb47ed67babe3eda5
SHA1b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7
-
Filesize
142KB
MD59c43f77cb7cff27cb47ed67babe3eda5
SHA1b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7
-
Filesize
142KB
MD59c43f77cb7cff27cb47ed67babe3eda5
SHA1b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7
-
Filesize
142KB
MD59c43f77cb7cff27cb47ed67babe3eda5
SHA1b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7
-
Filesize
142KB
MD59c43f77cb7cff27cb47ed67babe3eda5
SHA1b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7
-
Filesize
11KB
MD5cdfe47b31e9184a55cf02eef1baf7240
SHA1b8825c605434d572f5277be0283d5a9b2cde59e4
SHA25651a65e5c09bf27980adf640cb54cb2a5bbb217fdaab79b377e158f92533362a9
SHA512a2e5141c0f7ca72bcf5b1a303fce1734953d83ad363d4c3c7d8786e1bfd872a6b96eeabce3740b547a5447e255415cdf688a0d2074cecfaa0c54c49d0f2882c5
-
Filesize
13.2MB
MD50fd31d088de3a9062313bbe326e2b0f8
SHA19691c2a7714878a75fe2171bb482c032ba55d2f4
SHA256536a19fa3e895ec798da3adbbeb6ea5a061230ac6a3b1b89bf4424f71d844303
SHA512be700ee2122fc6e535743ae719c9a726cd6082dbf771ae56ae0ba21fbd078f1741334bf0762208cb96e434124e7e7562fb1ab7c78c2f47b3628a5c0c20150236
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
15.9MB
MD5596b0f4684d45de83c204967c06e48a3
SHA1933dc2dc29a17a9447c944289fed4f98e0eb5e5f
SHA2566ff53b8187d0d3e287ad9ce3da20eca4f9dd105a2e3421ca1ad73b533ec4b91a
SHA5128f50098d120d32a84347a8337dee27061a6914d66b951f930d491a81a9804317318f25f80467684fd4fecea6bccc6de38b2df3ee2742a54805f2cdb4413d3830
-
Filesize
217KB
MD51bf71be111189e76987a4bb9b3115cb7
SHA140442c189568184b6e6c27a25d69f14d91b65039
SHA256cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
SHA512cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061