Analysis
-
max time kernel
454s -
max time network
458s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
29-12-2024 13:49
Errors
General
-
Target
https://www.microsoft.com/software-download/windows11
Malware Config
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Dharma family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (602) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Drops startup file 5 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Drops desktop.ini file(s) 64 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 6 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 36 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.microsoft.com/software-download/windows111⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a8e43cb8,0x7ff9a8e43cc8,0x7ff9a8e43cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,13159639346934650269,13822815682556013541,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,13159639346934650269,13822815682556013541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,13159639346934650269,13822815682556013541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,13159639346934650269,13822815682556013541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,13159639346934650269,13822815682556013541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,13159639346934650269,13822815682556013541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a8e43cb8,0x7ff9a8e43cc8,0x7ff9a8e43cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,459130412112789943,14563079414651344543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\ComputerDefaults.exe"C:\Windows\System32\ComputerDefaults.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a8e43cb8,0x7ff9a8e43cc8,0x7ff9a8e43cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6325560643286955719,10812290400003346450,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6976 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 3002⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3340 -ip 33401⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
C:\Windows\system32\mode.commode con cp select=12513⤵
-
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
C:\Windows\system32\mode.commode con cp select=12513⤵
-
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"2⤵
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"2⤵
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\0025ee51b6704abe8e8db8978449ab57 /t 34272 /p 342681⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39db855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD535e699e1fa4755b615bc531f052b71da
SHA19af0b637c71586e9e6adb4c03544921fa70c125f
SHA256c8250fc21de4c7789ac40779c90d304851b4991830c7eb360fad1e4af14ef2bf
SHA512d6cf98dee069e88c18023a3d2f81cbcb46333f377df9ff47490332507ce89f4c3c634288926a26f776a55761970b55e062e1503db9f3b6856d6a7c83f5ad29d7
-
Filesize
328B
MD5a524f501ff79f368896a99858d76ee60
SHA1959e29334d96a91a174b23f1f93c0a9866b66e1e
SHA2560cd4e994d7753770f28d93e615cdf270f2d8a490214b0e5f67127a8b46c7bad3
SHA51293edddc37c0748e82a6beb2ee170f8b597a86eec9aa389af80cac5bee3c7423de38fe18f204961e67cb9564d8f1bfe7c7393fc79576c08caf3b31afef559dba5
-
Filesize
328B
MD59550a35a9fb559e3372dd3538f784ae2
SHA1e40c41f9a0b0404e6563213679c03f4b99c602f2
SHA256cd840844b6fda11f3b9611b0e91bae63a485fc968042bcce3164adf62b6d6967
SHA5121c32937391d6f09608bfed8939c1e8511f89afe63628ee9de3efea090856fbda1b3c0c0bff105b61e6b81c0fa0991d1a9e95b541530212cdc6ffa0b4f39d19f7
-
Filesize
152B
MD5003b92b33b2eb97e6c1a0929121829b8
SHA16f18e96c7a2e07fb5a80acb3c9916748fd48827a
SHA2568001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54
SHA51218005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77
-
Filesize
152B
MD53210e6749d2f40dcdb0c7314d8937e0f
SHA18f1fc59603c5d8cfa2674c9ba9765ab67873b0b1
SHA2567e58c2a4a9d34d87c46408c0720cf985a1fece3ac3ca09e67eea28d6706182ee
SHA512917a5225701fae725e67195efe705aa7955aba6e9f17f00b007f3fa240225b975081d03a7f1ddf9b2a1f750cc555a6bfd49f1aab7f64cf0c7e82ad9a5568411c
-
Filesize
152B
MD542f71a739ec6ecc7f48b00ca9737f5e7
SHA19163a6cd23f67d239e79a3435a51995b61e88e3a
SHA2564eeaae20f47cbd6ea57f6c0edc5956ad272d71ad8544f10353719c6d8b5d6de0
SHA5122d1838eefe62aaabd9ae1fb081da02e9fbf80389e434e474598dfa43b1c0b9fe8925191ace4c2433dd5e1b445fa0fe9adf700c6ec903f3ea1bdeafad9cbc8084
-
Filesize
152B
MD5051a939f60dced99602add88b5b71f58
SHA1a71acd61be911ff6ff7e5a9e5965597c8c7c0765
SHA2562cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10
SHA512a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f
-
Filesize
152B
MD5c23f801cb492a1f67e9eac81f3cd7199
SHA1bbd2d0d3a1e6885c9736d670dabc11c27afc6315
SHA25650ad5a936ecce8d8f6d65f3bac8ff4e35a9b7073277a5a555a1344a17961e257
SHA51261c9923204d411690cdbdb98b500bcc894059e43ffe7c2b570b50171fed43b81b48e4c35738b75d9f5c06daaddd5b4765370d85d04715301c8e09c9f60fec8c1
-
Filesize
44KB
MD5bf15750410f1a971540930f84baa4b97
SHA1eaa57c05bd766494317008d74c989916b88a3678
SHA256ee62529db55d5f44f2da6b2a1808dd899c912ca0018962423f785b88f5c3c7a3
SHA512ecf3893480245fbe3f8dd657cc9786876a052c1dbed84dedd862ed6cc4227841db5ad8e602861670d6b628ec262431788274c5147a943e5070623ff2f9e29705
-
Filesize
264KB
MD54d89fa61af8adb023c65a93d3869536c
SHA16022126e0114186245383d4c64fdbf563e286495
SHA256a27e6a47fc4dfece83bdbec198950aac2e59c309c09d1818d93c1eb0d6fefe05
SHA5128d6d4a15c5f595db249db966f44133b257637b17e0a34e37ec6c26fb81724efa3ed831c8f183903460a547d84b9c5b032dd5efcb8d6661553e4560c00f3fd513
-
Filesize
1.0MB
MD5f09adb88ff6d347315f561eaf33a2205
SHA1b6d798e5ce5a0ba9184865b742a9327c10895519
SHA2560d258d739403dce1d9be05b645ed9fd64c5ab476bb7fd947dd161d519b9f4f37
SHA51214620a6b64306ee80b037b1865737bdbd032ea4f478ceda5e64e65b7981804b6852b4a22c5613d82bee748cf648b2e15acde8010456fc47691586ea549734e47
-
Filesize
4.0MB
MD504e9cf1ec36f61856280fd3c3c99f08b
SHA1adcfc9b2d34d54d96014f386eff2c13c16dd753f
SHA2565bcfe17d8cedc4950fe1c6598d6e45ff87a4d7a77f6398e028df4d61c67f7819
SHA51227bc7489bf2947cc46deb9bf4edc8f06bf1e0c711e7a2feebc638bfa51fdb2f6f525ad8389c3afb570cfa07ec6530f3cc9a558c460a53c019479ebaf76fb0913
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
1KB
MD519b448bb3e5ace471f9a210f857eb4fc
SHA1ee9ddf7f4b1fe27767c3808e39f95f2bc8a07132
SHA256d8fa956e403cbb9b8b895eecc99b8468175f16e1ea5990cbab3ca3f4ae496484
SHA51281e6dbdf2dacf7bf82f6037b749663fa9f52dc8dd138ed273f4c98feff99453967e02e71c91a5545b490564150cb9db89ccc19935317d64a30c70af86edd88ec
-
Filesize
3KB
MD56f577775858c2636dfc9b9eb9c7225f2
SHA1956f02c6bf536aa6f8ca8d6abc00a785a9d044db
SHA25626cd5b724f392f8e9dcb19d94d6ce2381691ba4547862f2385988e52c9526777
SHA5125908f5639f2e2b2eff0058fcd6ff08ba410a3de3fa36f68b09490d45a950df74b555d0f279652f03a6a17af7c6dd62ebd45e0c5ba7915cceea451ded7d157aa8
-
Filesize
504B
MD5697ac618689434a12a3eb7c8b1d1c9b4
SHA11cb11728bbf99b815363163b80207ec969bce423
SHA256bd4c770e6e745170d9cd28272c760dd686742c0f41f4b7ac5465c33e1b935122
SHA512b47cb625aeea907a06ae2a72a3e0021ec1c36acfd36e4eaf18cd0440e5b0bef53fedea37bb132b439eba767e137a2b5110ddff28539316f893877367aac2ee1f
-
Filesize
1KB
MD580d6f2c2537efc1e3dab6102b86b5ce7
SHA104808dc28f02a417f6d217f174c4e77a4dbaf6ce
SHA2563dfa54469cfd081a5d5de6fb10c48eb9bb841343d7792cf4eac5af518f184bc3
SHA512d9879c1be87873056e8ec6f0d7e5577ee5a0cae1b9ae74c9b57c38e19210ad2e8de23a07d1ac60aa2b7f90878420b436bdd26fb723b0fd20cc60721707bdf5bd
-
Filesize
20KB
MD5b4fed73c64ee14659b649d94a2c3de31
SHA1de60bc1f92159309132a9c447f3f1dcecd5f65b9
SHA25655d96847f9ab4faa4be4e7fb3ebdbf10c8cc43ec66974f5651c69ad60258cd7f
SHA512ce9d0eae294dd962def6bfa0209393e3d8c79e5ed29ef8b0a316c291178c87f5c0369c9c47a7e8267a10b90f204c907b7b3eb00e0ded0fb564580ab052de88f0
-
Filesize
12KB
MD5ac5cc4a521333314600e126ae29c9898
SHA183a5287c7a3966c96a18073b386ffb9ac0cc0f44
SHA2569926bc65ea7d5e30005e065a6bb4e6a544868688954beec7a6df5fd1951168d4
SHA5126c8797d3493f2f021dea02558a671cfc46b89fd6b7f44a015a4289255760b4a4795580b17d0b85c6c784e3164ed7466c102425058d184c421b19abf2ffe1906b
-
Filesize
264KB
MD5b63dbb0aa6bfdc48b52bc89781e2b753
SHA1cda0dd607295f399546cbdd706142a466bffdf26
SHA256bd3675ec0fafc643ce0611a7e16672c3541e7814191031e1835a1b17f6c3e28d
SHA512212f25f9d10ab54b26dde201c76973cc31ca1c9696be3aa7885d58d9df303fd727b87fe4e0646b5c76a52d4b6ccbbebafcbe491f7832279d8be098b33ed5f3ce
-
Filesize
116KB
MD5d033d9b068d94f6bcb3d5222103703ce
SHA1b8ece0f7e6965ce649d422c804e2d2e12c1ff497
SHA2569ddc3a6c9d71537b81df58a87711272ffa6aaf8efc190f35f8d08ab1f4de5778
SHA512370c4c391d81efffc8a65e0c9689f8a5fd0b88744431ea80fbc0677419efe7dbed79f729220384070bba8131fab431277c58d6a4c41bf895fc6fb7e0aca6e3e2
-
Filesize
805B
MD5da7d2b33774dd34bb6c9f8f1f326578f
SHA149ec15a67ef0773719a8a8e3467b7d4582ee8abb
SHA2562fa56a98b8b82dc92b06655f0a7ec0d109e4323800dcd5486ca9de39846fe638
SHA512e8c421c462ed721ff226fdd503e3408282aa010283c5e1e7d448925179750715f5a9ad9bdb74681446e4a30cd39d31d8a8aca29463572de3b5030105eb78127f
-
Filesize
44KB
MD5de7e531ddc91467c9e3c1ffb63d00112
SHA14cdbbf5c9cc9e6f5d0aae95a1b78e0fbf71bbf3c
SHA2566f135ab6239841d7939c1b9e44d38a17ceaa9e0445bac2b257d9da6aa2434430
SHA512671a5743484a58a99ac8e2d6f8d118502bda375ff3359683e2d9c252ef74a2f876d79526180ad1bf0e5c8a183741c639939a442abf30b856ff258ee987d67b5e
-
Filesize
425B
MD5a14507343bb013163a7ccb9410f7236d
SHA153b95c25c768ec2a7978ec5819af0dde09998630
SHA2564b596f5732713a7338b5a3effe7b04dfd36b2b2e7ea23588f360c060d092e6f5
SHA5121ada8b67c2a5099687ee2fccde64eefadf937ac288734ebf0d69311cc5fbf7c8d1fc0808f015e2ca47173fac60456fe8e12f110cf8118f93ce1bc171a9c80199
-
Filesize
334B
MD575dc17477253c92ba19dcf3143341c84
SHA11d21c541b7520758ae260967631aeabdaf86886f
SHA2560d5931ae84d182276786b40d4d9e3ca9d945b583df7358339c5b57ee50e2ce78
SHA512f3152875a44afd82cf65600b6e3a1c4a0628c62eec799504d3a66920cfdfeab7c812fd5b16c777d27208ac777f952f29ee744c6f91ba036719a561dfab7ab0ca
-
Filesize
1KB
MD5990622b3800065ef5ec10e28ce81f2ad
SHA1a190cb5d267b1d01287f49fcbd362a8980b7e4f4
SHA2560e72c8c471dbe12e6f4126c711246803138217ae4f2812a6c742637d5b093937
SHA51246a0229a3ad2ca76da5018ddf8ad6dfa1949659bd702343075ddd56ce31d0c8713385c1d3916877e359b7155a19f4a06fb98cecf81238e962b60b61104119ea3
-
Filesize
1KB
MD5fec716b84fed8df48027dd78ff3916a8
SHA1d19e4cf77aad2ef4e337cb2f1e416ecef29378c4
SHA2561f627ca9df834e460a25426708e86615e230fb57912ca9310fbc88ca7233c3b5
SHA512476a4cf97d4255bf1b6286dddb5f5fe0e0f271ebc80c5ec246b3b22ed4f8ee45af7ef77d5851c4f4003746e5247e1d4c4f95f7f8939789e4d125f4d85198a05b
-
Filesize
1KB
MD51a716ae8c9d7925e7d00074a30ebcd15
SHA1278b256c4e58d370bccdde4160b48f0cc1c46ff6
SHA25681775b7f9b101c5ad8dc79089a278a12aea6b2078d4248f4225ff760657ac490
SHA512e898719dac6ef8a11ae050475fff9ab751a6a1ff103920abcda20840a7f8314f7c03b22de6724f4126b83c0f947ad5cc83bf0187d92cf593f65749438c1428ef
-
Filesize
881B
MD5bc464a21170148ee13549d4622a47ab3
SHA1485824af9cbf6a6a0038f384201dc0d9565a130a
SHA2562f289444650f11c3bc69658414945a6da292ef47311e47ca3999fc4314573b51
SHA512c9a463dfd971e2a6616182fd842ebd6bad4c3c4e520af1b589dc47eea273054b2817a65578d8b002574c83dbfa058fc52521728522e2684d55e6db3b21ec6435
-
Filesize
7KB
MD537481f056d773227d10915556d300cfb
SHA16e909f93d285e4c56990438e54caddd96e3dc3e8
SHA256de4ac1cbeccc54519cd0797021f7b6cfab352b7617ac83b1b63befbb97771d28
SHA512ca35f599e3ad05db4968197cc87d13fb00f4e2a066d57bb3c7af53e6a8c020cf3a8955eb3e77ba7f269b2647ce2eca19d44ac3bc195fc856cff611465e9bca4d
-
Filesize
7KB
MD56bfeddb867a547fc7846b2d04c003342
SHA13fbf8ed626b41a198da07bffd960d81643619996
SHA2568a843450657bc24029ed24d890c1d7cf42fdfec91141e9e9c658619d8ab1c0de
SHA512c9ee65b00a9b63672d41c59acd7ed51ea57f1c17e3052e98b49e36208063f8ce3db895d762f75325d80feba60e658ed0af657aab8fa00578bbe0e1b36a10f022
-
Filesize
7KB
MD5a06795a3003a0800519ebedff08248aa
SHA1ee7ce414df5c0b77b79031b8d5138dcee5356cb5
SHA25624fa540d64134fe5b37c91b98f0ca378f530dd82d44bbb4127082efcc115fccc
SHA51265d14b939f8975420819e34a8c9ab2feaa01e4a7e5d91d49362fad3209953fe4750f6dd6793f8bddeeea331428c74412ab1952993476d9a9d939c3d18f1aeaae
-
Filesize
7KB
MD5212500c000de7792d8b38ae9e65543a0
SHA1719486863fce194f47fe8eddcaa93cfe08e0cd59
SHA256e04bd5aa82671aa5da67147c2107eb6be8f9f59a4055e294ead2a5fa26fa7c0e
SHA512b3bd4e54b72b7ad64672f076879f3b189950ea14d142327bdb0e97a456c433cdbc2ca65d46c17c72bcbdd33bef9dbf12ba737624624f45efbf86af268df95f74
-
Filesize
7KB
MD50572d2913c2a011edbf482bfeeb35709
SHA19f8e9efbfe7141049463550a61af2c4de5e99e90
SHA25638574aae54e153df0f754404008024ff2fc155688ba286aaa1e0ecf898f7c3c7
SHA5121d93836244e366cf04d48f8ec2f93a16c19bb6b351163c48590c2262a0ce2c1a1ef05d43d56c55750bc7ab7ffe77ce25feff27fe2a8d17b0ee030945e22e0cf1
-
Filesize
5KB
MD5d653ddd48696c96968646f58c7a82dd8
SHA192e52fd9db291d89bf131d5f9c67f5c5e989ebbc
SHA2564b161eca0d45f88ed582235bcb0c0992d51186af6f2326ed5efe3c9cc25eb5c0
SHA512902130a575b4ad6157df76039a8976e971a45d4b263997eae46c2f262589b6b8ebd83695b422b4b2b81d76ece632a1455ea9f320c22bb56ef6dccc3003d1e148
-
Filesize
6KB
MD5a3b425c0cf88be02b4629e9a0ae0494b
SHA18f6732f44f26fc7455c61226caaac39ad070c52c
SHA2568d14d77e5a8b937f9977fe2c1fe6a13735d1223c14707e324b4d8575580dcead
SHA5126f3184a74b024b096d56cc08d81c8b20b6b3e1ee19af3b6f293eb5f1946e82c9e4d247a6399d762356257a10a6b1a41b5a3f8bfc9ebd781869a9ef02e1a2bc1a
-
Filesize
6KB
MD5c507c8c88cd904bf8244925f706df25a
SHA1d5f501a45cf229b8425235bf0c90bb31c46c0aef
SHA256d3294490e39fb1fda9562383ddd0acfcd7509cecdc6964ed52bd47ea4e26bf1d
SHA51222b64c29516e2d0c3175d7091827eb0790ca3911afc8738ddc6961ace3af782ebc5c081e86177110442c09c77f103a37d81384c7dd57643e3d6c3a17cd6fbe37
-
Filesize
6KB
MD577fec948ba46a82aa9cbb44b5b76ccfe
SHA164196bad76f1112e62e50d026787e6c7618adb13
SHA25691eac7feeb0488553f72f992e866be54875cc93d708654c303f3cdf1f0d9abb6
SHA512c3f8085c0615f7bb0887ed44b01da34a5e8aed3f064f542ed079437429a37519549b05bb2365c3de48178047c991d66b6eca0f7125ffec26ca296c0630cff9c5
-
Filesize
6KB
MD5471946ddaf6fd99de31f936f5977c757
SHA10669a8fe0e9cc67360312e5920419bdae2126a86
SHA256973eb8b253eb1394216cdc8b0193ee71f00a5ebe739de564e5f79f5235515f56
SHA512b5120332d39a172ec625ef5d7a4cd63369f0f4bddbca64d9f8a71f22dd195b3ca3b72e9d8cb10e99154092a3c161501536b09cea49dc28e1214a5bc4caa5f031
-
Filesize
7KB
MD572868bbf5719c9cbe81476221c9ca4ab
SHA1375c5eb564e453bd941fb9d2f5dcbdea8522cfdb
SHA256acd864870ce023d2b2e321bb1d8d005915c9df009a9597df8153d372e1d1bb32
SHA512d0dd11acb69984c5c439884afe554216dc626ba4e924babe1570e588e96743f201c6b104f70c0c933239ecef5b431953a2b057d1d826d59f84d3876d4227e453
-
Filesize
657B
MD54f1d851de6ad40742592e2dbd1091405
SHA180c96a1bfca039dcb1fc1f351b8413b2eff60399
SHA2568c75c73d008b971f10ed2ab080888ffd583a43420b52da48cd732a60c45054cc
SHA512c59aa5d26ccd3f72435cbb10c073d794ecc7730550db9aa32d95db53cade7795221ddbc0123248af26ae53d08b1ef2e5aa664c04f1a7c40610317fc215091585
-
Filesize
322B
MD5556be3393e276a48eddca13aeeed9130
SHA16ffd38ad00e68a432d23d61d18e9cf70e9c1df89
SHA256c91f999a41ab0b4c23e53829c5f47f7e1d63773860af3b976dc8781a29fa30ab
SHA512a1fb02dc080acf857f7c424d74548957252ab63db8197771045912086b1ce0031093d9fe1180ecf9de8c52a4cf39f4756eff5f9b598e4c5291bbbbc977147e29
-
Filesize
6KB
MD5ab5e3b36e26cec074a56074971613450
SHA15804c37fa6d402902e320298d25f76b808037831
SHA256f897ffa87564735f0f201106093a371f2e6aa5d30547fb185347be89801b60f0
SHA51271e4cb9191f66e9495d0454e6fb3710d321028ae5cedd00e45b2b87397dd342c4549d650db73f2d753c44c7feaf49e007e0092c78ef145d566c54e0467bd9aa1
-
Filesize
5KB
MD5129c0ce4f82fec45b4ad948620bd0328
SHA1c9db88c3ad4507561e465a13292d3873ab443d2c
SHA25601f45bd7f3351828a4adc0de2e41d614075a4d34f0960e8a4b1e9a05b6e0b360
SHA512750f7a876711b05d677bf1aaad1c7e79273881d98c71e65a85f722815683ede1127f7d9e748498a8463270ea17c2145c19fcbdc3b7ff771bcf305a9ca252bbe7
-
Filesize
347B
MD5f82cf4064206fdf811190db2203e02c6
SHA1b8946fd14972626e2b819f980792b22238dea333
SHA25695469713516d08b4417d266cbb21bf0c55e2fce0d1ceb1fc6be0f94dea599e59
SHA512da60bb5b7cf396daeeb730f93027310c3550f9c1a0ba9192fa4045105b8037129a844b4cae35786a86c1a2be5dfee199ef59e9a236fcead0fba6d7f3ab0ea18a
-
Filesize
323B
MD55592a788329ea15221e7539abda26486
SHA1621d645e73c118f47c0ed87ea29c345529996865
SHA2567852eb8d50be0f47239630097b1104cc9ab737c6aa960b75577403b78bcc4621
SHA5121961af5b521727b27a35e8ca673df2bcf971085bcfe15bad3e5d15f9c8e750ee04d2adb603e648c74eb1d4bf98ddd4ecd704ac88df905ada60a423f513a7d570
-
Filesize
1KB
MD5b2d0b1376ad210776e51942ea176033d
SHA181372cd01549bd11193d4fd8192970f704da7e5d
SHA256bea66e01a00b740a2c75537fb5ff0a1f379e23f3368c84937b04fd6c1161ee67
SHA512671402e035f778fc340313fb7f68ec8d52056fcb187a184200645ef47fd889412ad0a05ddb48ac0d7161ed02df74fc759ed85791e8ffc726135a7a1001001ca7
-
Filesize
2KB
MD5a4d88b42ec74ed9555c023216da37719
SHA1ad4ca6e6bf047b416f17e69aab2b7204155482e8
SHA2561708796ebd76c6d62105e74accf46efb808fd59c229632e658eb18b263817cce
SHA5126fedb0c8c83873ae234db4d02994898875f8f0a459da37aa0350720380765b722b89780e4eb07d64e39a818169f08390759a725eee4d6b9dedd5f260d21095ae
-
Filesize
1KB
MD5ab3a41c1c1d0e33331d5761b8ecbf942
SHA1a64769089bd9913cbca04c641f97ff9c3ecc4266
SHA256f6bad523491639384ef812e2bfb064e5cbd3ca292c293599c4a0acd436b6711a
SHA512fa726f6168742455a4ba4e8b9d564b8597e2223a08f51b859344d2d59ceb11f3c4e4ecdcbc79164c6efebaaa2604c728ee570ab9887f0a189b4e573a85ac13bd
-
Filesize
2KB
MD5baa3aaeb69fcb60637b3620d739b8edc
SHA14352f2e09f480014e8104fb0b464fdbb90c313f3
SHA25606231c27ad4bd70d041c90866d373ae1707d10a8ebd72b4d782b814b987cab09
SHA51289ae856b61e4e768f6d865aab58b5bf6818ba37e438d83c85b9d3b17097b4ca8dc7695d0d40b8bf8f4339c005d0d5b6bf44f752116b801b411386a9a4bee288b
-
Filesize
1KB
MD5d5e9141c41d7976c23cb778f30b72d78
SHA1793262ec2d9e19973098d8d4695b31bab0724fd7
SHA25654473204b301c58c14e5785d655259848b499bf1403fae0c61c079a0ed9ca3a6
SHA5120a4d7640d17bb0ccd0838bc728d7b5f6b0cb46e67debdd21161b3272b0a77d84a6bf4d9429b91d1ca62bb115521841e1b27f1e71665d8245252b44a4005993e8
-
Filesize
2KB
MD5b43e77855b9a9a99895691951be76f87
SHA15a31fb6ddac0eaef9cfb20c4ba71dedc9d6d8c1a
SHA256fecc074aeab6fa1f12611a397694fda1a932b1a1f10a2bf5f56bb74a66d16c97
SHA512b8516744f1b213298212b02264b7e366ebe54db6f2a5f522adb67534d170111f2c748cb0b747a58c0203b209a434f72890d2aecd462dc82bc467b1859618dbd3
-
Filesize
874B
MD57041c1bd8a718121318005beea56cb7d
SHA14725f964bc4834286b2df9856689da707fc86e32
SHA25635322a2c3e446c5bd63d11863b3f380a9f02bcc627f14f8fde6e754e48213c68
SHA51265e068fcac6bc0a2c02003ac26014da7de978e65d7b3895639025666442a689e80a86185d204a143380f18a42f09bcf583b8c533e05d163587bccc478be59bdd
-
Filesize
128KB
MD57e9c6f8789173742a2986d9a6d952306
SHA1be3ada1819d6e156907d7f181869b973ba8991cf
SHA256d0c5d34af800441dfc8931586ef6cf1465b2748c02118cf4c43265eb31d6edee
SHA512e5d6b2b2681164ad4bc4c8387921a2ac8106f85e63b6e917233ed436f3bdd41dfea03a7ced5d88b1d47207a0c42ef8b6d2e95f0267bf0f75927f0a2bd0f73bf0
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD5facac300b0f17d93fecfdc17af863863
SHA1c12617d126d12c8a407c3c4a2b7927d3b3722392
SHA2565c96f2a56217447c20d459af9c5e18688ce010bd2ab393f15fe2b8af1c6943e3
SHA512376adedcdfce95849792a1175267664aaf68dc10b789ce5a062f2783fdfe5d52f38ec2f4a3f3ec6b977ff8dfc51a448ed2807cd0d92ac5bbf7ca237bf1eb3236
-
Filesize
319B
MD5815522c61c20204396dc657fd33d4b02
SHA1179e02ff0799d0a19f5d6a9fb7e99560c2a1c584
SHA2564e62199f2341364c7f7cb7b6316a8a4e562e5f6f0e5a953c991d64144cf5e23d
SHA512e93ea2fa75257c2c9016e191b44d08b93c05d977bd5e4898eb7c95f68bc73fa428d387db776e80741637e22e477f4683ffac3952027601f6c538fa2761285393
-
Filesize
337B
MD507e635f340e27eb50a2249c4590dc103
SHA11b5713dfae065e60542bd7f6af62d3b4a7bb7052
SHA256afcde676827aa3569a41a7d5b72e3c8cef320bcdd65a93bb6355ff21c8e2995f
SHA5128b4d23c98c5ed3ea3088ea559fe276fb3aa349c3f7e5234540a14824381506b1d52488f5cd589af321d9338c2ce99f928207dc44f1306cf11d90d81ffe6a5f58
-
Filesize
44KB
MD577174a2bb040d6ead6a93f08af1f698b
SHA1f0913900c911cbdb7bd96877f4ea06944df12dff
SHA256d2c7506bad6a32c03345cefe70d628cd5a331fb1ff8b8cd7d1daf7b114ce52f0
SHA51294949919f177b6c0c4c0418fa70fdfbd1de9c3fde0fafcfd4763eb0a2ee752d77a5f1f5cbada6ab225050e48acb31c3ee011a8ea3a9c3b268d6b97f5083ad6d2
-
Filesize
264KB
MD544040406c21a5a437a4cd0cbb56ae3f7
SHA1ff270ceb03b042aa6dfbe8400489c3df0908baf6
SHA2566b4f01cadf81b0e5e9aaa1cf3227027c4bc1744e9c2c35cceef65327f017c287
SHA51246f16573bcb9545764558e295226a2dbf81faacf841bbb6285b2b628fd43ae923eee8d58b33577b8a3872d1c408f5b54ab08a1acb2e000b07333ad07e418dab0
-
Filesize
4.0MB
MD51948a19ac066f4402ad4292fbef4a287
SHA13ec421f409b12249affe9cdb8360ebe261647517
SHA256d37fbdb23654d4136ecfbb757b572423463ca050230be358188591dae79277ff
SHA5123641cc5b9ec2a629543060119fb32da086ccfe0c66023a40c10b6488fbb2d9b0134c7ccfeb9ad7e16e31ec6bd652e1b31975a63ee65f997fbc13ee6bce37f83d
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
11KB
MD5ed1ba67b2b490380746d85362bd62628
SHA13da30748189a95ae87e5ab8d61bcbd5fddade49d
SHA2569dd27be2d390c23939622d1ef36a1c0932fa2b182bcbae93c0084a7f86cd8972
SHA51233ea2f1118d98037bd10f460024133659015a121df6cfbb255583c1c72f055bfb0b5c93f8e5671e603c7af12e4c2809574db57c853d71170ccd282319830ea69
-
Filesize
11KB
MD50578c91430fc95bdc108ff936f94564e
SHA1a03f060c414093b4d42621d0bfa84ea11157b199
SHA256acc15d480d47849a9b1b6125aebd898f33bf6043ec391b019d3966d789f60afa
SHA51263cd14c1442593953148ce8ac4694a208ef95aaa416cf78bb238160adfc65e530736abd6acad4399feb279e5cde2b6c1b1a7a07b0c37bdb67e004c82c63cf835
-
Filesize
11KB
MD54f6addfd1cb14f4464eeb5305f832945
SHA1361a0e0a6d9491f42a68d7263cb3cb822cfe1260
SHA25629e81ad3d4649849a481f6314a5130b45ed6caf142eb5b06fd3964e25e8111b1
SHA512927780754c559c40706c31bc50a27843b3e77d49f2bd4fdbaf99ecb05608fdea572c56f54da8161735ac604f7ae5de147069625ad1b6d5af726a322b5092108a
-
Filesize
11KB
MD5b4c32b84013409643110bd1ff683dab5
SHA1b229b7cefd9692f52c53401e11ef09c39c505589
SHA256f75f4e3522e8da442bed47c713df025ae94de66a92ac53c58a43513994425e50
SHA51285dbd7a080100e3272a90cfbcf054262d73c755a69689053eace7117184c42fe54724d84673f5dc8a95bd50ec932c045c631282972d604cdd5a08d59d97a12b4
-
Filesize
11KB
MD59d57083bf4da77e6d84534754853cc0a
SHA11cadca5a5486266d5ca6e5c24bc7130f6a35e3f2
SHA256de1f49e12d0fc9c9f6072dec250a75ed13f53f32ff1622ec331473685b5794cd
SHA512a44683a22a17f18657192e5e76eb1ce97b1a3be5eea35539ba2e49bcb1b5bd669cb4880abf9c509ee30ea6a391a279deb87457fd37e3a342e45f0fad6edd9314
-
Filesize
11KB
MD5bbd222a7ccf04c71ff71d504887c5ca6
SHA1bc0c220e16463e0ea34d67df3c2033b534d7c19e
SHA256c872df252a68f229a2070e9cadc2e132ca4d4f57f0a72d710d4c99c53ffe194d
SHA512016ae9fb04466ed41fba258dfd89d48d232953b70ad275c98d92308c7466484a10fe5b74a09c096989ff78e31729cab6ffdc5911539fb27b91e0c3c2f70c7f45
-
Filesize
10KB
MD56e1467f49f08d811fde46eaf3c4c54df
SHA13bffd22398da11162acc288e52fa67563975a37c
SHA256615870242fe5c2b5321ed64d217a9482c79bdde50c2f566e2c88ae3b5b8c185c
SHA5126d9befbdd0f93421abc20e8f7055aace525955d192db6f3002d27e47767218925dd1ccd895c37d78ec614f20e740ed26e25f05dc9f65ae995bd5f73b6c2be83f
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5B
MD5e279ba55504530da7f1b1d2f729bccb3
SHA161a8e13e9563ca176fcb204bdac52ce0690a354b
SHA2565810b9584f10152fe3069fef22b3ce574c063845e09d6b7ce042697a63c85044
SHA512d06e45d89b1d51c82ce47dfb61f3b9adb330e939314f33c15b6f8010b829ada6244573051020714e0c40b7e73c5a489f56cd0a5c45301d5cfed6087fa708f854
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
10KB
MD5b7443e89f0cb29d51ee6a257750e54d2
SHA184127eebf275e781d5276af6fc4d09c5a6bfb7b9
SHA2568226877d6ab2e4834aea6bc71bd9865b28d0bd1ec2e8b4c23b8acf0301c56f26
SHA512446cfe25d82f3bbf7badd324cae691ad62e13bd7469e415f47b9141bddf30679219c672937f4f6768796c2936c3b9c557fabbda1fb51c5edbb7c1964bffa17be
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB