Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
13-10-2024 01:13
General
-
Target
Nezur_Interface.exe
-
Size
7.3MB
-
MD5
c9af7e2001b94e2001a5570d3fad260d
-
SHA1
63b400a16358e589e6bb43757c84f0cdee597b7d
-
SHA256
b75d3cc9cdd39a2c4811f871efb47f528222fe49a7dc923a82d1ee10ceccdfcd
-
SHA512
b3c012666476cad91a0baddbc2f568633aeb0abc9331ff81473bb52e1c9aac1cfeb50bf90f843d290eda19bd3aac73a29f9ce6478d33e3acd2c353a8adad995a
-
SSDEEP
98304:P4QuiXvqdeO4pbZVj9JPgBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuY2:ARiSZO9S2fasv+BptT
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 15 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Checks system information in the registry 2 TTPs 8 IoCs
System information is often read in order to detect sandboxing environments.
-
Drops file in Program Files directory 64 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 36 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nezur_Interface.exe"C:\Users\Admin\AppData\Local\Temp\Nezur_Interface.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d5803cb8,0x7ff9d5803cc8,0x7ff9d5803cd83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6204 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4744 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6988 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7944 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:83⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Temp\EUE6D.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUE6D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"5⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTAzNUExMTItNzM0My00RTVELUI3ODYtMzk5QzQyNkY5Q0M1fSIgdXNlcmlkPSJ7MUVEM0RBQjAtRDYzRi00QjI1LTgyMDEtQjJEMjJGOUMzODNEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBM0EyNUQwMC04NEVELTQ0QTEtOTBBOS1DNEZFMzRCODZBN0V9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3MTI4NjU3NjgiIGluc3RhbGxfdGltZV9tcz0iNTgyIi8-PC9hcHA-PC9yZXF1ZXN0Pg6⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{5035A112-7343-4E5D-B786-399C426F9CC5}" /silent6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5652 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,12592127546291182692,9805389352007354038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:13⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nezur2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d5803cb8,0x7ff9d5803cc8,0x7ff9d5803cd83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,12498240199982779947,7521625013380217374,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,12498240199982779947,7521625013380217374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/category/69-nezur-executor/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x84,0xe4,0x108,0x80,0x10c,0x7ff9d5803cb8,0x7ff9d5803cc8,0x7ff9d5803cd83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,10959734001103656428,9455366338116462650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTAzNUExMTItNzM0My00RTVELUI3ODYtMzk5QzQyNkY5Q0M1fSIgdXNlcmlkPSJ7MUVEM0RBQjAtRDYzRi00QjI1LTgyMDEtQjJEMjJGOUMzODNEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRDBFOTRENC1FQTNBLTQ1MkItODdEOS02NTBBNjg0RTY1QTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3MTg0MTU3MzEiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
6.5MB
MD55b794d63ae37a70dafde076b14f13960
SHA1c61ff3b39739803048232dbfb8fcd18d4feedeb9
SHA256a9de88a9e0ef908e7683cbb26e3b9d203c3db4de03f16220a219b3f4d61ce402
SHA5125be5ca2fadc8e970cb13b3b99662d4ea65dd6766579ef9776b8a958675d04afd0199b136e55a73907f2bf43880a539e08b4815f3dc56b0d4e6a82339ec60c63e
-
Filesize
1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
14KB
MD52f0287bc158c3674be994929e600c95d
SHA1321baed0a4c4e3dad34163b7cfe928eb8aa3de98
SHA256d266b00cd24d9798308ea73c2b48640ff8028f063f8581c9bca3c5ec52db3048
SHA51239c0ee1e99083e68d327d484d646a0080c11963786b52395e4df281de007a1e829f6a4885cf9425f6ef63362587534a7d4dfd32342e5de4b679d607ab783e830
-
Filesize
152B
MD5aad1d98ca9748cc4c31aa3b5abfe0fed
SHA132e8d4d9447b13bc00ec3eb15a88c55c29489495
SHA2562a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e
SHA512150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72
-
Filesize
152B
MD5cb557349d7af9d6754aed39b4ace5bee
SHA104de2ac30defbb36508a41872ddb475effe2d793
SHA256cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee
SHA512f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a
-
Filesize
89KB
MD5dc35df04c04dd8527b8b91705d3cf787
SHA199886058270e5461e421d9137757c9e37a5b145b
SHA256a35e1c847e5f9d9800194b5b4803af2dd9c7a84e3f8af211f08b61576c310bfe
SHA512ddac01d7f30de8e3baf72d4f20065b05af70eda624d6eea410e30f92b37318eff6856e5bd8c7a0eb92c6bf2fd3342cde263bde0f39437f826409a0e173a6d456
-
Filesize
4KB
MD5b66aa3e253a998a84e790119067c6e31
SHA11248957120b9f47fc969b94f35695167e0cb1e5c
SHA256ddaca786a8e723d35ed3120eee6cb13f6ce2804505c46c028b39453b56ff0dc3
SHA51277d3ac48b654f1f62c9afd27b87e4f3dd6e06b755cf1fc3a752057aaf3b386b594fa20029536284baea1e647d56837fe15f294fbd199fce272080e4df4e43225
-
Filesize
748B
MD5ada03e2d1386986a3800f40cad725a4a
SHA19cc38286c8784b2c44de7c6daadb01b5340f82fd
SHA256dd0fc5f6d25e1efbea04717ea08d85229dea940e534e272a65eece7270dbb372
SHA5129c8a555475cfdc3da00ae281592b033af05bed3877c335abb948c57eeca17a568435be33e96ba9297f40f8b192aadccacf55122419cc6d7dbc270eb6b96b5539
-
Filesize
772B
MD5dd1d6996ec3f3a6cafcfe27e3933de3e
SHA148ba4ed93bc651136f087d2aaa405390f3050323
SHA2564a5468d65df251a82d6d283113dd5a8526af12d64f738976ff8c721d687f4f60
SHA5126c2c15beb6fd3139302b4312e2c495d4bf7d51321603082f675fa485e5e8f91a28d8e57cc1cdad91a5351ff2b84a1e6053b8ff016e4e7c78ce2c554e37a56faa
-
Filesize
4KB
MD58e3d36f23e60f55f6065102ed88d257e
SHA1605aefde8a76d8129ab755ab721f64bb823ed0ce
SHA25652f92a1ace256fb28e251c858add80ecbc7dc4ec60177f8bde1c72bf93f5a14f
SHA512ee6435e40872558c31f6eb1c64b391253734585cd6c2efb8c7c41f921d4633fb986fbc75260122e6f4cace347c897d45d423625c7c7e6984f6a18a6a495f03dc
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD59507ecb5cfff7d6b3a25ce8ed48e447a
SHA1f7deaaa69a6329d8d69d56fd2f4bfb72fbfdd497
SHA2565bcf39b1453380ba2244e313f7385927422ab18951a94beeae29c6e53f6b75a3
SHA512cb2eeec7c6c6ac6922af9b8ba0175333fddb39a97a2dad0290ee629ad4d65e4c4ad1fb7de8ba2c9faf8ae0c215ece6db3ef333d751a60c3ff209b9887ff494a2
-
Filesize
7KB
MD59ab86a208f4b0bee324038f79112fd0c
SHA1acd820cef20a6080920fdcce8e317d52b1a6fa6b
SHA256b030c0cf9d184efe486b99d600cbe16f5042bdf9c809ca4c38402369ceff9712
SHA51221a65a21a0917b2895f5eb541aef3b759cd8bf05e37a162e1903d7b0b114f9da5957495969d4fbb8a9f2a3f17d930a7f17c69f5c1921fdda2074010ac19e20e6
-
Filesize
7KB
MD5b16e75839cc30b852551dbe24a311498
SHA100de8c2a885a5d5b1a6e3bf668b6cb71ab40a4d9
SHA2569649f5d80ae0f7e8b48e832f25ab7ef5baedccf5362ffaa11da6e20e3db656f2
SHA5123218116ec7025c113cacb7fc2fa9ebef5dd94915589008e3106b939612f234fa1521008d1ad8d326307ce977d4ea324774e73cd65f9fa7d57bf2e19cfe719391
-
Filesize
7KB
MD5c84794d0bbea2c31455dace4ff9a4136
SHA1d02d6aca9089077389e490ec005965957f48259b
SHA256c09b7d74d473e83e6bbbe888080db35206bda8ec42238db628a1d065db0e4e8d
SHA512b5d73c34ae20ce11fc57f3b54bc792c876cf1907440177086ad5a32d0d650b85fb7fa5a6a39af18fced8fb967d009d5036ca71082eb6f702fb3ed503a50d61d8
-
Filesize
7KB
MD53e67d30124f44f2401caf5833d0dcb66
SHA1fcee987260ec8b417c4cf03516d4630af22a322d
SHA256d99804748eaef54aa166c90e9e77ad65764b67380ef3408a3783d42c1778df3f
SHA51204722f0570d0b3faeac356ca5ad6820add038644ce506c5fb51cf7a0f8059e83e6b181d4825b7810175a1ece8c4b65e2f88c0e2697a8f10552284834f6deb9ae
-
Filesize
7KB
MD56ce5658092d00d4fc82dca0847cd8f6e
SHA1015599205a9ecb7ace4c540372faeb95eaae8013
SHA256f4cfd414f344ec1d39a1bde67c04a396cba8a5c111b700406387bbc2bc4a3a6b
SHA512f29447102fb2819fe2286d281ea24867c1baac62c4e189fac7992577085c42db03b4d48ccf3b66b7f47b3bd6da0308946f806ad59462cbaad37fb81b95ee07e3
-
Filesize
7KB
MD52cd704f3a86525237aa0b9cdf7528a20
SHA10ae75f30b9b16bd4568596058a7eef0b0f999cd3
SHA256a9001c0ed7db29bfd3e91a0daff5fb40a79993a0db90acab36d55429329d0c64
SHA512d0a094f8d308453f259e19bf5c3f85c3f4a72e2880c12c6270699d32204abf74b38ca7e21f6b9e22dac41b6e650a17b8cf34c9098e8dac1b0189d5b7766d1249
-
Filesize
6KB
MD520a24994664d00362042f2ebf1be1311
SHA1b51c757b4a813bb10e397a3d2b4491003cbe3d71
SHA25667189c4f79baafa37dbe6d8d84fd2d5983615534924a43bcae0364ce883b1471
SHA51239dbe130f4fbc6e87b7888301d6371f163537cf8690b76acddd7b8352411a650ffb004b492ec2954884d9da51a0727ee1544193f630ea6c7b0c9939c7e6e275a
-
Filesize
72B
MD576f69ddc361ba9b4f4e001ee64cfa4dd
SHA1da3d15dac7cfcc978c706244001b65f042c46b97
SHA2564c4e4741fb678c41c10da9e3100ce5f00c15570096c37b5afe83737d68dae0b0
SHA512c855eb1c657f7525b07bdd87d2b86e0056484d4b342a8e83f9fd574c58c195708488fcc37749d9231c14c75f1a343f2dc9111b695331a6efd50659a8c3453d59
-
Filesize
48B
MD5b2c5a9ad9a8c32d769e5ef35d87e3308
SHA12e73f85b6d75517dd077f50a7da592cfb5eb6195
SHA2568af8a7a9d8bfefc3e58703e003b32c10b3a5969e2587928931c30400174f22d9
SHA51254805a208b2f356a1ebe7e9c5476151d25c19641372b66f9d04d5da6fd83ba8fd32462b55ddc374e59ba4d4f639abefbaffb6e67d9fb28653662b337dd4eba6a
-
Filesize
116B
MD5aab781ea82729ebb3ae3d4f2fe56b83e
SHA17a95a61ac718d496621afd5ce8de6904beb78c43
SHA256c49000b4bd05e06e1542d2e7c2b9b43affa96679cac101fc558abb47a7a7d790
SHA512cf797dfe135a4f0d398cdb2f23e6f82375983eae1039862aae553dac0984c9c1dc3bc2b53db4c4c030fb6e8a18f18d5fc50e0b3cc0245779a128596a30f7640d
-
Filesize
110B
MD5a9987fe99c1e3460dfc93c29cc69205c
SHA1fe50f59975a503f33757f6435bc88bc082bc4d63
SHA25690cbbfc02185955a75c8e0b97d496f2795e1d955fbe33a7a04152e78f62d51cf
SHA5122436601fc4324b4750bc3e5290092ab741afd632b63405cc67151691d92014d2b9350ae8e18110c5354fe78a88fd46bfcd344dfa8dcd1517ab3671ee8f8bab83
-
Filesize
72B
MD53ff16efb0dcae07a942506ca6f52a3d7
SHA1ea60a6ccdee9634ea7c3b192081f59c8cc158a75
SHA25667034114c74a36300cfaf0a6bc1c8afb451b790fc0018baadb6df5006c6f80b6
SHA5125eb2b895dd2ac3c9b533866ab25d16e8ff78e03ae12783d847ffac1bb84e148cc16f528b9df1e2f5fb170fde7e5a497eadc65b2235b8c3b2e8867ac10da35215
-
Filesize
48B
MD5953af40cf45a44adb0a3e4d551720161
SHA1e793b3304b7fa070bbf96c7348acd2de8d0a831d
SHA2565e42247891e8b454321481ba1d29ef582614c2fd0fd1bb3dbc3f1cfbdd88d255
SHA51275a6d047518e57bf04a4e577ddc62b70d61ccdcf0c998e2d1add151ed5dafaa30767fcca41d3b12915c92a01d025432a10d7b359733f24a1bf75ccc884fa8c62
-
Filesize
5KB
MD53b669af0126fc5d10342306400d4d38c
SHA161746d68250008a2d80a28593b81452b270f353c
SHA256f6b6b1164d63f5456a38b44e0eceae4ee4640dc29e7112eda18d3bf5ed0ecd4d
SHA5123a480e8aaab6fb3aa5e86974f35e5240e95083406bd7d33e4628505cbc977986ced7abc73f44e90996898fecfa7011a40eb1f59b955f4fcac741069b0983f028
-
Filesize
5KB
MD5d4fc2cae698bbc858e7755b652507142
SHA1c4501c45dc23e54d113b126c533c6132fb4d2e4a
SHA256ecb567284a19a27c090b45dc28fb25167971bc4bcc29a67a214f2f113bf88d9a
SHA5122ee1fb4407b27b0b59b3e47bb7da889e51528d8c5d687fab643d3825cc445be43a01fd406f0b3d8b89545427e4e5e29ef67ce1b8d07b842883edb85e96a7f7a0
-
Filesize
5KB
MD5610511bb3d5f4a6e8386d38805916de4
SHA1a8394b0ea3c278a320d64cf8a7ef18d415c939ac
SHA2560674fb09e49550e9b609703af04be23010123e48244e820794dec53f76b23fd4
SHA5126bfd325180d73c6a83fff8f3050774cc6b81ac24c9c97aa451030e1fec0e0e9f912f5760b18231511e89a458adbaebc0d672309fa3bcb73deaebcaa92e2cea52
-
Filesize
5KB
MD5995ee73aee926e6acc0b980dde62f894
SHA101b1fa818ce80af1c73c810ecb1d71fa9395a68a
SHA2569e4383ce2e020de4c2d6b3a4d590c4c41649d25cd4c0172636e78fd29854880a
SHA512058e96d0abb497875ddb1fe84eec30fd18496f6ae163dacf314935fff028902a1809c3d6c7640519c45be4441850d880db80ee9fb19137b03588befc4f2ac29e
-
Filesize
5KB
MD54195da41699ebd73c5095bff4b8a10d8
SHA1ec7e4724dace4be32e658de47c5dcf7b35ac31db
SHA2567a0719ac9b0ae31b3ab1b8564058e96b631c4ae3fa695cd64e1662e46987bd35
SHA512dece03003ff89aaedbaf875e04807da597b31f5533ad33467140c4bbeea23736e0946b6c8523e5463803c0e9bb61e6b063340eaff68fb97685dcfec0b1f20d22
-
Filesize
5KB
MD5705b620d65bae68393c7f0f56a7da7c0
SHA1719e5cbd6dd27762c2b2b4bbef1f2e4d6d3b1885
SHA256c5194894b057e020004225de4a9b3c34e6eae8c70f892de025d3a92723a6ab68
SHA512a12fde4b13aa89c55d010d6ee7b80999f6bb65e3ac71a13dc4d2952aa722b53bc370d9a7561fa7447fabed3e4f81bd20a3ecdf65e9b85607ea57d69e54115fcd
-
Filesize
5KB
MD58de754870839e943141e0ec0e39454c0
SHA171cbd9435341b4dafc0d25bba807bb2e1a73bd7d
SHA256e4a13bf8658636d2b6c427e8317afd36bb23b1d0e164aff117c4a1f656428cb9
SHA512beffb8b972cbe19a454e9984a6a20b2bed473fbbb2c8809d17f8ce95a9ef75bbb8b900f76b99ce4f3f2027377fa02412632cd43dbe41cbab8933de44ca85f4a6
-
Filesize
2KB
MD5eeaf25c3507293a7b05ba910b6b08d35
SHA10a3cb207e9140fb3af7a38c66b12a927128a5461
SHA2561ae0aa3d5757b7a8d95bcd11d1ca8a5ce4c3cf072f7e517e5194eed31c739b44
SHA512b110166d6d6915e040a63e678ebf25a1c812c323de356808445019612418c1bdc3e183e1ac223bf7021a37e906a31e62faff6edd8f091a168e7ffd2ff4a72380
-
Filesize
4KB
MD55b43a2ff5b66934b5ec27c483ca9029f
SHA18563da3612749e6957cb17638741ed030b027591
SHA256126c908668199a8b23f48dd51ad07c48adc8d72e4ee953a20f86cdfc09a92e89
SHA5123c4a5581692e5fb7d5df09b81f6bb56a2a998eee29feba8414972cce9738c0cf0d9e9bbb47a74af3ebc7d5ac88009d2e316f525a1152f264073ab68ef2473e52
-
Filesize
2KB
MD526aa0f24bb64f017890efc00035020a0
SHA1740e2b2eda0e8cfa156f3d208482aea52585b267
SHA2566ce104e99fbdd75357868f36696b8bd81d46e391da395669d2499aa3761508c6
SHA5126e08a3a282e36fd5802ea584165a40cfaf5f31b77f1c2f76e84f0059c74f32cf30ec7711ff0c7ea4159e2d8619d65f01630ad32249abe03df794e06bae6b72db
-
Filesize
5KB
MD50fd475dc8bd665dfcab53b7109e4c4eb
SHA14a8bf7a880b5972e95c6509a9ad4146a37a1bc36
SHA25696845831e9657f1bcefa51d42515d1040003f5ef8ad61e8d6a089d89fda9604e
SHA512aa2dcef116f490bbb4f6297a2bba093785b4806ce3a41ba6f53bb8b0ee8f63c7f27d3a1024f91664f8276c8e8c88c445275938db511c0ab1a0a6f218147a2915
-
Filesize
1KB
MD54186516f373011f5b45fcc4cf95b3cf4
SHA12ad2cbbe90866b0ce87bfe33b663a606dd3a2dd8
SHA2560bd83d6d23d2571b16a70404a3ba16b6e51f4698f3782739d4ec1b9ecf555ca2
SHA512bf1f4187f491cb70a13579888b7dff9324d4a4b19673197a239a49aef251931abb94667abdba35cffabf88afcf64a010c7304227f629528898a79035b54ff439
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD5512e125bc360a6147ac9a467fd57fcb7
SHA11d5fc5db159a01b62461188287ce034eaa70126b
SHA256a7c87e764fb5ca9ee0f3426523e337f03d3f36da5226411fb6f56a44528eee4c
SHA512f24ca736996f92893850c99e8086befa2b96c24c83fa6afc04af1709aeafc4dba63408b90d4a1d06b4f56283d39b03f8cb3830aecd28a5765993a2a0e9206517
-
Filesize
11KB
MD55c8816ef88a3737b140b6498bd426317
SHA1e1ab95ee7ef5e6fb760cb7c8234ab142747ee085
SHA256d2dd312758a3d42c5920f0437a850143223f30f52c611af55db72348f6dfcca7
SHA512febeb999431fd62fac413e31c67f9c6144cc23539b1d582f7a00c9c9800e0944f872da1d9b72521a51babb872b05da4432a67cc09de9dc003adc0852d57d0ca9
-
Filesize
11KB
MD5722f564c13a6a2a8546c9425ef171d99
SHA1bec998181b9573646f8e1edeccd5349dfbca9fa0
SHA25620b2c8be7beb357f9eb5a2043daeb5e562f3b647f09909cfd286cbc0ed430f29
SHA5120bd217337a1d58ccdcdb92181e4975b56f1d897237f9654bf8a8de2454b778670c5d1fbbcb1fb9ba414caeafef8e8caaa6020c6f912f17174906222976b1e800
-
Filesize
8KB
MD5a04e3bcc7db2290b082f8c6077832ec0
SHA1d72932a2f1df7c22fd7572a0eae6782bd3084706
SHA256d9e9eda4c9f1a215579280e6f6a5af479f0730bfe59c37312b68222471fb5da4
SHA512a4d7f9ed8fe8e1d7c8d78de40f262d5606a31286986e47b09b2475b56f618e8e5580fc2b12e10cc335856604d3c75901d37a7338fe88801b36e06eeb9eca9be2
-
Filesize
10KB
MD5bde83bf7d26a31f0ec508f725a850592
SHA1892a5c82018aee88298b61629c53ca131270774c
SHA256fb9632faf070f576680d6595920fca070e12931aaac46d92b705342d9e43af63
SHA512609c01d182e632e9b2b69a792fba4c825451fd29d5c352d545f5f844f4c356ca461a20f9aaa370c3136e22235be7ec96cf66bda7c36865726847f6e60b783eb8
-
Filesize
10KB
MD552cea76d14a38f4a2ca066c04308bc1a
SHA19814a84f7a5f11ebf5bbf90a888240cc95b2284c
SHA256ac9fec0493ef828f03a939478adbe9274fb5bb2a8e62a8aa8ed07dd5e996c96c
SHA5126cf5512db4f0b62545d0bfd8ff4d6b83f09a524b768c397bfbcd4c5c692435a3228e9bd345dc0890c466d6e9939be03e09025085aad4aef696d1b5952e560c93
-
Filesize
11KB
MD552544fe4f0531c62b5c2f883da355f6c
SHA1d280f48952d7cfb704a3d6075cccc6bea6c96fb8
SHA2562f27ac911aface491bd1e4199fed12af06ae195f6b2b480c03e941f605d71206
SHA512d7af386b494dcd99f0ae626b29aa7c7ac39375d2b54a50855cbd40cd2c58660bca25b04215d807cd60d82b93116b0aceed5f847947e9e0278c4e5c30cff76340
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
6.8MB
MD58263143ec91689bfdb1cc2ae6a7c0563
SHA1bdb03e3dea5bcc0cd66d1c7e93f8a2a5cf88bdf5
SHA256da74e2706cb9511b77459ea29949e5b9045f02e97ff4c230a7437d9495c696d1
SHA5129f8f5fc2ce193ad0d33c458b56bc899383568fc8a8ee1dd98279d09a00698f9885846fe826fadb03dd3737e52276157f61b5dd8da4a0d021b3ada875ee7b649a
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
6.6MB
MD574515548bb70650c0176df71d7e108f4
SHA11892ea497636c4c2641427bc2fd466c531d0cd95
SHA2566e0dea6726076158e4569745c0793202dfd6fbcc377117898c4c29f5be2a08fd
SHA5120272691263875c882265709300b40f4d1dc62e13699ace6fa547457389c8a9f8a7a6e4902914f2c813669db80d980d8fc8bfccfbd1aff4158444cd2d238ef99b
-
Filesize
2.1MB
-
Filesize
212KB
-
Filesize
2.1MB