Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11-10-2024 02:59
General
-
Target
3302c0ea3da62f2eca1a8a13ddd22971_JaffaCakes118.exe
-
Size
7.4MB
-
MD5
3302c0ea3da62f2eca1a8a13ddd22971
-
SHA1
b4124d13ea819822246972a973402c3ce4d5be35
-
SHA256
551d738e35f8c014d31e4f89edddb73ea085b04ea63c10c8ff34a79ef6110b54
-
SHA512
5416dc46f1ac17668f03840b5e89a8b3631f5c05b02cfd5c18501a2182047cedc6f375e4409c386d1e7f7fb46724861893050c9745934115a05e3036f3e93d36
-
SSDEEP
196608:ClAsCR/ZphLadEn/12We1FFkpqvmOCQom7xOJl:ClAL1FRn/7e1ahDQo+c
Malware Config
Signatures
-
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 16 IoCs
-
Loads dropped DLL 8 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 64 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 20 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 33 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 45 IoCs
-
Runs .reg file with regedit 1 IoCs
-
Runs ping.exe 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious behavior: SetClipboardViewer 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3302c0ea3da62f2eca1a8a13ddd22971_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3302c0ea3da62f2eca1a8a13ddd22971_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\install.cmd" "3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exeMsiExec /x {61FFA475-24D5-44FB-A51F-39B699E3D82C} /qn REBOOT=ReallySuppress4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\msiexec.exeMsiExec /x {54067864-C0E7-47DB-A0C1-D6C874CE6BD8} /qn REBOOT=ReallySuppress4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\msiexec.exeMsiExec /I "rms.host5.6ru.msi" /qn4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\regedit.exeregedit /s 28.reg4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Runs .reg file with regedit
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s +r "C:\Program Files (x86)\Remote Manipulator System - Host"4⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s +r "C:\Program Files (x86)\Remote Manipulator System - Host"4⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s +r /d /s "C:\Program Files (x86)\Remote Manipulator System - Host\*.*"4⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s +r /d /s "C:\Program Files (x86)\Remote Manipulator System - Host\*.*"4⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 997E7E959A5C902AE9B1F8311877B1AE2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstall2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutservSrv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutservSrv.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3640 CREDAT:17410 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1102e47⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1102e48⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ff9dd3a46f8,0x7ff9dd3a4708,0x7ff9dd3a47189⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5871117502164422390,9575574516430060419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:29⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5871117502164422390,9575574516430060419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:39⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /firewall2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutservSrv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutservSrv.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3464 CREDAT:17410 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=6028a7⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=6028a8⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9dd3a46f8,0x7ff9dd3a4708,0x7ff9dd3a47189⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4025135056511871583,12582646657835194741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:29⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4025135056511871583,12582646657835194741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:39⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4025135056511871583,12582646657835194741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:89⤵
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /start2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutservSrv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutservSrv.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:17410 /prefetch:26⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202167⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202168⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9dd3a46f8,0x7ff9dd3a4708,0x7ff9dd3a47189⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13090083742707337627,7783565335312039743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 /prefetch:39⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclientSrv.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclientSrv.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:26⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=103407⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=103408⤵
- Drops file in System32 directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9dd3a46f8,0x7ff9dd3a4708,0x7ff9dd3a47189⤵
- Drops file in System32 directory
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:29⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:39⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:89⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:19⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7503623839955041801,8861472815668935284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:89⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings9⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff72e165460,0x7ff72e165470,0x7ff72e16548010⤵
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: SetClipboardViewer
-
-
-
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5f57a96fcefbf19463e402e124c5ca3a3
SHA12fc3497723e8f865d13532ca2911bcd69e1421d8
SHA256d2f44298ffaffb4fe811d003af4cb5983cdf982f9d5f8921384f217f319e6571
SHA5120734668b1cf348aae2904291d59c4e0ca1e272870a92faa0546b934183ce20b1b37d9d007d2ba2bb4c8900bfc4f92f36838cfc6e9ddfc3dafaa903bc79ed6453
-
Filesize
43KB
MD5fcccdb05b62796ad70eec5b21069114a
SHA1e9aeb1bb63ed3c23e15c033049a9a645f6e2f1fa
SHA256e4e1e61c81fe036cd05c2ed1a362e1f20565cf6df29fd714b7ad145e1b5176ce
SHA512a187ee14092dabe948944bd9c451364cb48a08bdff044756f1281d7fba3398a926bb5260b66422dad78d2557791d3187a8e9f76d11a8f5382886393adb987cc8
-
Filesize
144KB
MD5941d1b63a94549cbe5224a4e722dd4d5
SHA1bab121f4c3528af35456bac20fbd296112624260
SHA256ce1cd24a782932e1c28c030da741a21729a3c5930d8358079b0f91747dd0d832
SHA512b6bf11fa34ceab70e3f3ce48a8a6dcbe5cfa859db4a03ca18cc6309773a32aff9db111d2d2ab5bb1ce974322eaf71ea81cfaa3911d6b8085a82823a0aa1d30ee
-
Filesize
957KB
MD5897266223a905afdc1225ff4e621c868
SHA16a5130154430284997dc76af8b145ab90b562110
SHA256be991f825a2e6939f776ebc6d80d512a33cbbe60de2fcc32820c64f1d6b13c07
SHA5121ad1386e71e036e66f3b6fdece5a376e7309ceb0f6eb73c3a8203b0825c45aa1f74e1f722b508cf3f73456e7d808853d37bcef79bfe8476fc16a4e6af2e9202b
-
Filesize
48KB
MD550716fb95abf80ff78451e8a33f16d3c
SHA125552c03bf9ab4eb475ba9880a25acd09d44c4f5
SHA256c36482a3a77859c8c7856da7c1360cfb6b84112df08c50cb3ec176546fa3fa1c
SHA512071c131826e1d76b79e1dfbf5f1934d4ad5c49cbd904b13e7b11706fc3dd16db281d8ca32f49d08a3640ce59caec2a74597534607701606a7dc52ddf424742e2
-
Filesize
240KB
MD550bad879226bcbbf02d5cf2dcbcfbf61
SHA1be262f40212bd5a227d19fdbbd4580c200c31e4b
SHA25649295f414c5405a4f180b319cfed471871471776e4853baaf117a5185ec0d90d
SHA512476df817a9c9e23423080afcac899b83fc8f532e4fe62bea2feeb988cba538f1f710e2fb61d81d6c283c428d772922c7a6ecb1684ac68ca8f267415105a60116
-
Filesize
1.6MB
MD52721aa44e21659358e8a25c0f13ce02b
SHA191589226e6fd81675e013c5b7aad06e5f7903e61
SHA25674ca24097bc69145af11dc6a0580665d4766aa78c7633f4084d16d7b4fecc5fb
SHA512fb1f06e18b369e5df0dedf20bf5bcaae4f6d93bf8a4789db2d05b7c895fdeff2dc086089cca67fa7d352563b491606a547c37959db623b071e90a1c876d6cc2a
-
Filesize
1.6MB
MD57916c52814b561215c01795bb71bb884
SHA10b3341642559efc8233561f81ec80a3983b9fc2d
SHA2567d3c4c52684afff597dc4c132c464b651cb94aad039458b674d69cf76c240e64
SHA512fc0a1d717c636639be6835d93bdde8019799842e11a055bedeb468f57cfaabf5582a65e1770841486550e06b1b9ba020ff5fad14b7838fe70afefb37933f1a8f
-
Filesize
556KB
MD599c5cb416cb1f25f24a83623ed6a6a09
SHA10dbf63dea76be72390c0397cb047a83914e0f7c8
SHA2569f47416ca37a864a31d3dc997677f8739433f294e83d0621c48eb9093c2e4515
SHA5128bd1b14a690aa15c07ead90edacbcc4e8e3f68e0bfd6191d42519b9542786df35a66ed37e7af9cf9ff14d55a5622c29a88fee2a5bde889740a3ce6160d5256ac
-
Filesize
638KB
MD5bfeac23ced1f4ac8254b5cd1a2bf4dda
SHA1fd450e3bc758d984f68f0ae5963809d7d80645b6
SHA256420d298de132941eacec6718039a5f42eaec498399c482e2e0ff4dad76a09608
SHA5121f4afc2eb72f51b9e600fbbf0d4408728e29b0c6ca45801605801ead0a287873ebbfaaae10b027f1a287c82232d1e7a3a7e7435b7f6a39223c3f7b23d96ed272
-
Filesize
4.8MB
MD58ae7c08d0c3805092e59cd384da8b618
SHA1d1e443a5226621e7d2ca48660d68985933ff8659
SHA25603cccc0222706488a7da919bb6298067ba5e9ef854ecf8d1dc45ffadd392841c
SHA5121b96509721d9606d1c6c00c385ee5136218ea683c038a666fc903cf13d26874b3ccd1891f627f65e765a74a5987d40ea6725fbf87e954a812638edfb59b3f1f7
-
Filesize
5.8MB
MD5ae0f362b2afc356560b498e665289dc2
SHA1c4adc720f015715ea17fee1935ade4af2fb503ab
SHA25657ae1d78909fede3aa45037bfb5402204c13b162d85f553448f2767bb8ceb397
SHA5128c96b1fa69e4d5e6776bee99c1a66f66ab91a9c5c06008587000b3666df83c4cb54400f39908ff344b19159bd48d44c0078717d7e13eb825bd58587a23295699
-
Filesize
52KB
MD517efb7e40d4cadaf3a4369435a8772ec
SHA1eb9302063ac2ab599ae93aaa1e45b88bbeacbca2
SHA256f515564b67efd06fa42f57532feafc49d40b0fc36c5d4935300dd55416f0a386
SHA512522fba06304950860fa9aa8933b12b9323dea47dbda363db3f57535396c156c4cf6934a9db38fff8c77503fcb889d030fadb639094a1f34bbad54c79c8734450
-
Filesize
409KB
MD51525887bc6978c0b54fec544877319e6
SHA17820fcd66e6fbf717d78a2a4df5b0367923dc431
SHA256a47431090c357c00b27a3327d9d591088bc84b60060751ea6454cb3f1ae23e69
SHA51256cb35ef2d5a52ba5cf4769a6bad4a4bae292bceff1b8aff5125046d43aff7683282a14bc8b626d7dccc250e0ed57b1ae54dd105732573089359444f774d6153
-
Filesize
691KB
MD5c8fd8c4bc131d59606b08920b2fda91c
SHA1df777e7c6c1b3d84a8277e6a669e9a5f7c15896d
SHA2566f5ddf4113e92bf798e9ecf0fc0350ee7cae7c5479ca495e3045bdb313efd240
SHA5122fe25325a94cd0f8af30f96ef03c4e64b1a721f603f792d9da72dcd4a5c92081bb24d90da5394f47e54d9d23e9c7ee845cbf469ea8371c088bda787c54b9369d
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
6KB
MD5b35fd656643cb06b39a382a95b9ad537
SHA134d700a66d35f09e0ebc0adfd73b703bcfca4a89
SHA256b7567d3fe9087d9753e770b7fb5e113470a1a53c3ccbb7f3653f9290f93556d0
SHA512f37e67f443f42e3ccb92ba463875e9e7c63006db40b426868f0b96e6f951234a263ef8f6d7ef670c80fae7f3ed5bd21fe0f8731cfcfe42b65bda6c8b23d8bc76
-
Filesize
6KB
MD59d26ae01f8b67b30d7727c5c2ccb9668
SHA1386059b3ad0aaf6e6bfdf717e3f388b30e2c1491
SHA256478058599b4274cb6c57726f01311d3a90d9a0e440ecf46816e05ee3ffafd98e
SHA512854bd80d6ab9eddc56a84221c40ca5e4069c01917edf376075edf708606e6626f665a15b3107e3ac9bc9c0940fb3abbfeec878e5ad958b382f03e42dd6e28863
-
Filesize
6KB
MD59ebf7e4f85b5da8b6856ae388f214db7
SHA10c2ca8b03edd89677a1ef26a2756a8bffc3ed466
SHA25649bb3bca8036d4d492f186000b575c291a02a8cf25b1f8d8b18adb14bfda2752
SHA512c5f0f2a4bb3917eb62033f78a20f8b96a87aa1e62991f29d761854ea3533cc59a51123104f60990ec04e12f942dd2e1cec13146e2a26403c3c32cbb276773568
-
Filesize
10KB
MD5d50b0e8ca23c4d76a155f3cd0db418b8
SHA1202e576a430d74eb76da6e5a2ae923da2eaddfa2
SHA256e85d852ad113d4cff94720226163e9fe57bc29255a6a341281887787687046d5
SHA5122b3bd4d4cfe6cfc1580735390cd0f6f2f8047c59739268ed56129de407219f1ab6b89fb0ddfd9abf40ffd90acca6a0138a65d50350bccc14af17bdc7ba0c2308
-
Filesize
8KB
MD5f26aecf895b43741be35a1b1acee9c66
SHA1dbb3f37d4fc81b21b31a2879fbd9454fd0035fca
SHA25686a2f6ae41517015fb15ce3d2ebf7c9bf4c2be143a9d7d92ea01d8008ffa6ab5
SHA512135f5242875761a817830e42fa80fa25348fd67342b5f3e3442fcb8a171c81a3346c93de3d843e1227c646426e22106da86f8e8bbaba67616e95ddbc5420f3d8
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD58bebd9f02e741b09d2e6c357a16c3d04
SHA184fdffbabc8eed982838d1bf889b3a4d4b3dec07
SHA256e24cc63fbc06905f5366bbf42bbecbe93b900befb6c2d18239bbbfa0cf668106
SHA51226c7b7128086147091328681d57ba8d68d5614acf6b33a5d3f3addc0a7194ee0d58949d9419ca88a93fee160c6528e93ab2ef9e09cfb5fd3b5b0dfc160782699
-
Filesize
5KB
MD53a7437e577ed93870ebab274f6344369
SHA1cd9b4e09a26c9e50728fd0424a8d05d00aaafe28
SHA256a3e074144769da98df7bfc00318b81ea0be0c7761ca2b21ec771595a4a7abcdc
SHA51259f39a11ef8fd538e4a0fdbd4fee1a082371b3c36f584745caf0503f082bc9523d83b0f403cb61affb97a59bea12149b92439c669d26a33b7e22b9a478625376
-
Filesize
4KB
MD53ca4849f6d19ab41306b0dcab599010a
SHA1c86d02f1499bc5ba160b66b2613d10901d7a504e
SHA25675e15a462fc9d0238810c4aa8688c196215cdf3b5de056fbd8b8726cf8c720df
SHA5120ebae4eff1c0c500d83287183d7f9cd57a1da3d9b99f4dbd43f27af31e6d43692028faf0994a7d3a5085587f27568ba3c49c6250d99e967aaef65fac5ca3aa74
-
Filesize
88KB
MD5002d5646771d31d1e7c57990cc020150
SHA1a28ec731f9106c252f313cca349a68ef94ee3de9
SHA2561e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
7.3MB
MD52301cccede41eb07e3dc2500f1329396
SHA133b53834b33e4e58def78c5fa8cd11f48e6c5b3b
SHA256f17658128108875ba8a1b8ac7f6ba1696b3f7b466fcf00012a17bbcff03f77c1
SHA512dfddee8bdecbfab18cbeae959b98dc97092937b7bc2af2b50bdc3c534fe7935cd48051de74939639ea95bac6fc002a7c12fd77cc44448a05090593e5bf298574
-
Filesize
823B
MD584b1a5a529c1fcefce2b4ab1c84c90cb
SHA1a00ea7622732b573000909eabb3981a435e61588
SHA256c7e3f98061ce60f99799e94241b2b105dffcfdc08ff5bc02550167b049106578
SHA5128dc813d35abc96975338dab09b93c62d3c81bdaf8a626b858eac7e6cd779d02393e92dda11b7e9a52a3806742979e28399060673f855022739077cf73aeb92fd
-
Filesize
8.0MB
MD57d0cd52d0ffdcaaf0ee09edebd9f574f
SHA118521b66a01d2396c69ffc65c2848b1aab77b75f
SHA2569e19b9c55f1ff94019ea14f7ad228a8d591c6fc75f195cf7375cb61f53545915
SHA512605825e7b4e386e2f3dbfdee835e92eeafcb5e7ba6fb21fef16a0cdd9881b59603c3f4c71edf2a93305633f9e62b4c092bfacb9c0dcd0c9c8a2455fa127df310
-
Filesize
75KB
MD58015ab2cc394e54e4a36a0bad7027768
SHA11c15df81fdcace56f59bd45911f0bc9e37ed521f
SHA2568b82c3b3b26aee27b8cf5bdfb6e947a0cdcab7e6015f786f4df851d9c2eec42c
SHA5129fe2c5588e429d2887b7a16427110e32c579140906d68665c19cc8bc3738fa7ac596ac49974e8426877d1154101ed83e6685485a2531c3ffe5bc61c581be20e8
-
Filesize
125KB
MD5b0bcc622f1fff0eec99e487fa1a4ddd9
SHA149aa392454bd5869fa23794196aedc38e8eea6f5
SHA256b32687eaaad888410718875dcbff9f6a552e29c4d76af33e06e59859e1054081
SHA5121572c1d07df2e9262d05a915d69ec4ebeb92eab50b89ce27dd290fb5a8e1de2c97d9320a3bb006834c98b3f6afcd7d2c29f039d9ca9afaa09c714406dedbc3c7
-
Filesize
96KB
MD59e2c097647125ee25068784acb01d7d3
SHA11a90c40c7f89eec18f47f0dae3f1d5cd3a3d49b5
SHA256b4614281771ed482970fd0d091604b3a65c7e048f7d7fa8794abd0a0c638f5d2
SHA512e2f334f31361ea1ffc206184808cb51002486fe583dc23b4f617bead0e3940fdc97b72cda2a971e2cf00462940b31e065228f643835d156e7166e8803e3181f1
-
Filesize
4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
9KB
MD5ac82c8db217b5dd67b453d6b89b4900b
SHA1244aeb3bc417d12500246ed4b68be18d9fb1896e
SHA256102e18a8483d7d2cae1c44d02d3c6eab5cf636d88ad04d52467aa17b0365ad27
SHA512a11f8ca4bb04ad035bd071efbf55b0c086d2133e1759b56f080df3fca678fece64b59ee0e6cf0f2d32594dafb7dfb942a385f0313e5dda3d62cfe2e694a7e6db
-
Filesize
152B
MD58849d79898a3796f84c4f0ce4f509507
SHA1a43ec95e4f8b2e5069e719b67167ede5d90c87c5
SHA2562b8b4980428603ea41788067ab04604ff80149c383951044ca22c1ff82ab25fa
SHA512eabf93c16ab497568e5cc307665b17997fe3cdc85efe88ad200d390aca9cb40fe5854cb20d158e9ad7fe5162cfe25f47319fdce28d5d685953874b62d96aa010
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD59704b7c970849959e12d12a911c3f55a
SHA1c28b18243491f51f50dcf695d2676e840ae2535f
SHA25624aae0c66f562624d58be856ef692ab99d5cf23ad10e72091009275a8228a966
SHA512f15cc9a3ca3667943b145038436a70bd99cf6187d43809a6f86b439f48dd7fcc5f04d5c055ffe7a7f67fbd384d971c14352c11ea415a83feae0c3b629390dbd6
-
Filesize
4KB
MD5fc29fe5fd38de6e57a81ff271eb65e4c
SHA1f902c7416dd96aca1cac24ef92835650037df13c
SHA256d225da66e1a584802b82b9a75a7331b129257af09f1cb007dc3fba74f68e3234
SHA5122676fc2f2894aa8b4548ee413ff8a6fcf47746c697cfe2eff8e38b516cfbbb22d17ae3429ca891c15e69e4e4a25b441f50c82fdda7a4d45d29ec87aca1422131
-
Filesize
3KB
MD58754068d2b43240a287bd438486a0a41
SHA1821653dc70af1964281f461ef621ab6d73f65e94
SHA25617674f208d4dc34920c2f202be944af67964a7718255a2237e942aa34673e205
SHA5122bb3c6ce12f49931127204a6ed6ea6b91a241babd404affc84c98468467e4ab0ecad481a7cfd732c5fabf0ef27480fc993f5f0f653d26f047894777b1ee58c38
-
Filesize
5KB
MD54f39243c4d0adf55b27eeeb6158817e6
SHA11a29b23b75eef95fdf71bd710c6fe56f847d1d34
SHA2562b855cc2471b1877451a04e3684e71d01bf015e1219d381fc77dd2459b32fb3c
SHA5120ed45ccfd8b10abe7f895997070db878b251b1555a96054d96fc58eb5d135cedba59adf26369d14c9376cba80ff35afdbe1f7b4c4a39d569b824c44c9d80fa29
-
Filesize
3KB
MD57e9605f41f7580fb42b81dbc9b38f603
SHA15ac96185fb60465a1d4758d76aa42913dcca1cf4
SHA256edc3a96b4694f3faff3115ab6d3efed2c16c9b409e4fd1d7e332a53e962a728f
SHA512a8465a4c3033170e9946b79b1ed8cd694d0227ffae10e6d1b6aaa398cfc23f90474333194df6e3541be5dbaaed0ecca54e8f118428757d340ec4e05458726bc8
-
Filesize
24KB
MD5c91776a93e1b4be95ce3811c4d6cf8b2
SHA10bbfd48cd4ab3854d9df28827eda12076dea4dbe
SHA256cc51014a45befa6a37a1c46ce1c8839ce88b79d5d08aefe6276224a9a9519f91
SHA5124778dfd939bc11461eb71c13e218e1322547ff137afac8a367fb353078641ef1e5dd6b6f89699fc0751a57b19d9cef662c05321bc3841f6b995658ec3831abfd
-
Filesize
24KB
MD5cbcd5b2d4c136ff59b052e626b3b430d
SHA1807709c0d00b2a8407acbfa2b7ce2722f0e8cb01
SHA256bdc727c1872e7f31abc9032cedf8c325f72601239fcd73b4b6cff559dbe38e32
SHA5120ebfc68748d2af70c8bfe909baef6a0ac9d5fdae7bda9e0d931b175e27741918454289fed46a0b01c8583567dd5e14eb84ed416dd4e1af448fd7b9ea01d9dba6
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
152B
MD5d0ccc1ca369787b7f9e2582d6bd978a7
SHA1d75479e2cde8e42c38369c71eb296dce0d0452a0
SHA256ca191db892d130ce7f1a1788793d440b795d25393ddbd6ce12745b177a57265a
SHA51251dc2e8a54cedc8991dd973474aa3029109893a16c6f66d9aab66eea8271b2770d3f9f8e666d18285474d6b27c9d9d7a7f8d44cd526245bc4df1c65e231b15d7
-
Filesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
76KB
-
Filesize
5.4MB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
6.4MB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
6.4MB
-
Filesize
84KB
-
Filesize
5.4MB
-
Filesize
5.4MB
-
Filesize
5.4MB
-
Filesize
5.4MB
-
Filesize
84KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
6.4MB
-
Filesize
6.4MB
-
Filesize
6.4MB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
6.4MB
-
Filesize
84KB
-
Filesize
5.4MB
-
Filesize
84KB
-
Filesize
84KB