Analysis
-
max time kernel
525s -
max time network
519s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11-01-2025 18:13
General
-
Target
https://drive.google.com/drive/folders/1-LuOZ-oGDsRiq2mxKTxsge1GX5nbonLR
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 3 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1-LuOZ-oGDsRiq2mxKTxsge1GX5nbonLR1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8344446f8,0x7ff834444708,0x7ff8344447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4688 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\winrar-x64-701.exe"C:\Users\Admin\Downloads\winrar-x64-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\winrar-x64-701ar.exe"C:\Users\Admin\Downloads\winrar-x64-701ar.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\winrar-x64-701ar.exe"C:\Users\Admin\Downloads\winrar-x64-701ar.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6516 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,10400411553602081330,9639266583096381725,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2196 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Cairo.zip\static\Cairo-ExtraBold.ttf1⤵
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Cairo.zip\Cairo-VariableFont_slnt,wght.ttf1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Cairo.zip\OFL.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Cairo.zip\README.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\5d3ba7ce2355455ba25c6165e7d317a6 /t 5744 /p 44161⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\3606554e430e4feeb87a45fa24233990 /t 3616 /p 34401⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\4b6884a7e8144381b0b36bf7b4dabd76 /t 1792 /p 28961⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x40c 0x3081⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\7ab3a6ec7491459caf2658edf981affc /t 2456 /p 48081⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\كل الملفات.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
215KB
MD5d79b35ccf8e6af6714eb612714349097
SHA1eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a
-
Filesize
47KB
MD50d89f546ebdd5c3eaa275ff1f898174a
SHA1339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA51226edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
70KB
MD53b06aa689e8bf1aed00d923a55cfdd49
SHA1ca186701396ba24d747438e6de95397ed5014361
SHA256cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c
SHA5120422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
309KB
MD58192d891e754afd81a399f98bc6b265f
SHA1965e6c69f45118feab86eeebbb0fc4964f2b3a98
SHA256e2e4d97c20d4478e8e947480c8f6c71a2c795776d405366be70db82e4ea4ba77
SHA5127c2712a1e34da9062f50e7d93f4e74772044e45c265c682abcd4e28e4004dcdaf6ce7479a4e8785986a88a32257e4fac0ecf8ce23afe47968c4510df0a2c800b
-
Filesize
153KB
MD55f0ee41d7a0a69c46aab85777fc0adbf
SHA1fd94d58d17450355ae4707869c6926806c22df85
SHA256457e3fabe00f26182f9b84923aa6e07dea048618c43ce6a4d6afd521be77f6b7
SHA5128b0a52d61b254fda0df5eabc7bf406eefc98878bbb07a601fb38586852523038df6269c4adf8b5ca59f45b4aea03db0a14d2cf92271be7d51dfa3d3dfb54662b
-
Filesize
26KB
MD55dea626a3a08cc0f2676427e427eb467
SHA1ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc
-
Filesize
17KB
MD55b1230507abab694f8572254454751ab
SHA1c6131406a4e6e421c9d1ee1eeb5b8b425d5e621d
SHA2567d315eade247d8d8c307cc4abf4e53c25d3d1b7528553150fff52cc9bfe71137
SHA5124678b3ab76e6320bdc1a12a5961d805d51c02eedd19a729b31a2a901d6c3948a5d2aff5cb72c812c11e6337c8ab3556ccbbb374c3ad56d7b1f4e0231b565944e
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
3KB
MD56a3f7fc04bf14cd4b3061cb778fe93ac
SHA1f9087ae85e2b7c4efcc60550a23747d56d599a4b
SHA2567cdbe2f77f0ab0783d727376fff5a600b67797814ed13a6c4539a9b2c81eb0ff
SHA5127e358515ac755d6b0472b904cc25b09cb677556feb5eb041bcde13f94e15c6edaf6c169a1149b498f0a8b9420e40fd2e2506b2b57f6a2aefa8d4b99fed9d0d19
-
Filesize
3KB
MD5d33c7021d4d0f082c145d43fdf8c1d03
SHA105e1df9a72bf569b48dc7fd3c3abbf699a857503
SHA25643ad6ce5f35c8462e9aa547b0338b44ec9efed4eab4f24d84645eb7202472c61
SHA512bd1c43909697075ef242cab80f50867ae6da00b4b33eff6704497a7ed1125ed1b97de467a3d6a13630b749eb17fbaae596fcfe2e0166a29c9f53886b1ca1298a
-
Filesize
3KB
MD5bdbe751edc175adffd5187a7f6fc853f
SHA12387af9d46d59be8b868bf4659872b008ebc1ffd
SHA2564eaaa296973731278327434eceebe744a5db35a13e8b587f5824179de76d9a87
SHA512724b2d866e1c260104827f0a36294681aa3d0217b7fe9ac59cd4a2659b9638693ad1caefb7ed2b3614936c54914898e7e8f8fe31c5083082f23a30489ff38037
-
Filesize
1KB
MD5033d4db69d254d8950dad13c8efb677c
SHA130329d7472a570994993357d85f8ca3031a97be7
SHA256320ba48d987ee81253e85734da01b694b4a45abe51c7e26466c7de83e85d7d48
SHA5127fc30a830badbde51c67b3346790653ce8cb606b33ed84ee6e82bca4a3f9425cdcc239b9f12e60d495ceb927ad7b46da5a1c6a08feeca832af2e90b3370c70e6
-
Filesize
3KB
MD577cb242d7418adcd24621a88eba33f9d
SHA154217c34e9d998db64bcccaf7d96221ef73d42db
SHA256c6a4e980ae9969623f6a81fa32a80af7ff9120e575cb00a16c597ec8a22c3551
SHA5126eaed389d9de3b0bd3bfe68aa54b6e15c846ae3e79d65ec656d4f65947d361170c669bc28643ca5850bd3c363ab2412e5d188c91afa0acc8d4e3d20ae4ebcee8
-
Filesize
5KB
MD50f8586a95a4b1efff107ad4474d77533
SHA16ea29fcab1ddb89d5481194fa5a7761629ea3162
SHA25648d71f30cb8c7833d7e27be5ee04a974d76911a16f80856da7b79b416d6b4512
SHA51232f15b9daf2708ea3cf877de4e55052a56914e205dd5ee571133c35845f59faf96aade24216701477e51dcf309ea48ae973ca461331a39d5d6d274c52ce76778
-
Filesize
4KB
MD572d38501b85645c6ca32102ad43346b0
SHA1533adb1025f3bdaa91365b2e914228b65c89e0fa
SHA256f2f89d6c6280cdd07c662507deb6e16de0e4a8c834a505a10397b3c467e1b6ef
SHA512681e012f43f7e4bf24e73d2bbf4c7a20b4fd9a51050c697974010044a82858de1fdd35bee3e03f7397847074edab183dd31479c8e341a89ed7a2c306e28af271
-
Filesize
4KB
MD589fcb52844767fbcbeb64b24b6cde428
SHA16a49eeb1e6fd3261b2b9be675468d14d8bc1e464
SHA256a82312c2562e8e42444a8aecfd5a52d9315bbfb5e45ceac6faf1d65030f270ca
SHA5127227332d263fa9b41ba8cc9b8c111df0348ba8f0417edebe54565478b17b2f798124556a85799fb9dc92ba98a0241e6f71e037f2e77bb4e13d35156066b95c81
-
Filesize
8KB
MD5be61939143203c125f3dca0e02177fbb
SHA17cd797c8c5a94d0e5c509008a1a720aa2374d97f
SHA25683ffb81c4978bc2b10767c3680bdc4a2b797366ff025385917eb45117d58148c
SHA512d94d79e28e30da452c2784086cdf5db597947f54b1d18fdf5e6e79d924cf87b0f6a3b7b15e4538f923b8bf1f07ffa6eb91529c48052f41f925604b22d153ccd3
-
Filesize
8KB
MD51171608c6f1173ef1e32c61a2e18c663
SHA17fbf1ebaa78721b7733c98370c77a285551222d0
SHA256ab6b408330c9c5ab879b4c7a9b2f9f0685f1458a4ec8e4e4de35d4f8a0c36d99
SHA51219f83685356d6b78262ebb7998c44ac46a2ab66ed6d3ebe7b08495734dc188f5f036a497561ff0e829f3cf192ee7e1bc830a1a876cc63194edef35647bc6340e
-
Filesize
8KB
MD5386ba14aff17920e6dcbd1836ca9bbf7
SHA120c1a2c4628490a965f37c43927753a9ceeadf7a
SHA25688379888d3ebc44bb6f0b085d285eb237dd502d7242bafe60a3c0664bc2c906a
SHA5121622c2cef616b27c60db4877d94aeac8990563cf99038feadbf77221f35ec4f91f7c7af1d2194df9f8bac0c64767bcbce21cb17027aa59d39dcfff08411e020d
-
Filesize
7KB
MD51a6f6395ec9141d670fcf91116a4ad0e
SHA1167f0a295e9a3d3001125aebe22c74ecaefd0241
SHA256edf006d8c79dafca79183a5e5a389f6a1bfc10d46b98d88432785a81762e0775
SHA5129249c3b58a6e265e598d4d57b7e46d9655368fc488d8f825fed07afb87cb3320ebd4b81295373867af640171833392d5cfafb59e0d5d5d5cdf45bc029635b7ab
-
Filesize
7KB
MD5b86b8e4a565b565d726924c53282f8fe
SHA154412737badc21aa6dec0fb4c32ec084b5af4aad
SHA25608415076239c58828c8afc1bd21af1f6bee7e7524bd93ae29b6cfa1788ecbd3a
SHA51247710f47aa3bad1a568d73e516263ef1346dfcec7f68ac99d0fd9c124827f4b114ef56ceab3a49a94c06f915d302d05b355ab4ad7851c72998a44b52f129096b
-
Filesize
8KB
MD5f5700315b1e6d7287570d26769bd7607
SHA1052cdc4a6e77101eba178e6578c1dbedbff4ab30
SHA256afbd8d81ce0a8255ffac872381d37025b4a6a1b92973326fb4af805c00dd44b8
SHA512b5d984aad01025fa70aa1670a65b4de80853da7ef791bb1bcf5fb0c621c3601e2138bdc9af964bcb17b760591e804c611b43540f19e441d335c86acbe3900bdb
-
Filesize
5KB
MD5aeb8d698f16b2548cb95dfd2e2757416
SHA13c3b20cffce72b5ee15e09f52d3e2bc9c900d3d0
SHA2569339994e3a4023d34622c9233e2854371c141f80f957b09d7fdfc3eb0890671d
SHA51231d23c051a2f204e4fd12aa4a02ee6e9a27ad0afac57895ce69afd6492286764c98a42e3e4eb00f1b79fcbac717d8e42abdec40d87ad1cc36c58ad4398106d5a
-
Filesize
7KB
MD53f4ad07bb70ed41cdd22fde1098d9980
SHA1424731ad233cb399edc2d27914d0334a1cbec53a
SHA256cd4512d6f6bd4fd5ecef580a1c93ba9e1104f9f379075b35425112ebbdff49a6
SHA5129cb5514572309f49e4e69c7db90250ad4593b7a9aaa0f8cfacdeb047f1e709be5046e9dc9e5802f6354fdf9f97a20a13ec4ab62f11a5cb48f7cccc49ddabd6de
-
Filesize
8KB
MD5cf3483759c669a776bda0dcc9fa3efdb
SHA1a66245fc101c9b2f013cedb0ded2b16b1c79ea0e
SHA256d803b792d5ed61a33785b352719c16dd2f7b31a83eb71b566c7f4ab486fd3a25
SHA512d2e2e04f04c026d1f5dcddfde0b201df03b775437a6a935074c360f27ea27134858679f9cba84c31b56fe20ecbde954471f18badc79271695ffa33ca5079110c
-
Filesize
8KB
MD58e5679659aa28a2f9420ee04a258b841
SHA14d281a57d63a9fd8c13ffc2d3d2146e0f20eab1f
SHA256e64abb50b329d5881cd81a94c04141914d5a3b06c535157d7c274630e44ee399
SHA51213852dbe1794988ee0944233c1f8463c81135af086cab7e517e05425b208c1b32fa2acc6f1d072563265f13312a78103f2873c556e8e0cbd1588adb1ad337fc1
-
Filesize
8KB
MD52c51fa2975a951446937562d70c0d89e
SHA114d89cabb69d087dfd1336885efb27e7359f8a28
SHA256d67490bfcbd1c9014f10253bbefea5bdfcf6fb7e5cf1ca4250beb4de4c65d7d1
SHA512eb2ac550cddbde17287f77741bc9630c388604cb68f4a501c627b6620c73780eeac7bce4c8c51183d8964350a47d3df31289bc16f855475cdaa6fb427ae039fd
-
Filesize
6KB
MD5cfd4ca0e451c4e5a423f0595edc90d7d
SHA1257c5c845b4829380a5e5e38a5465d788dc08191
SHA256f9f58813179ca0c2a8f312031a284f9611954ef06f0a407145e3df14f65f021c
SHA5128765fccffecc40f8e3857c05c122b46c6e024118fdec4210072c9f57d67db61eeeac3080897c2d114d805111c65c439917769b0a658a9da7b3a427c18010db03
-
Filesize
8KB
MD58218f1ff20d74cf1d0e8a7f92b1127af
SHA1ab2627244d0b75b7946ba03e6aa09fdf63679b43
SHA256b34e7c9173f8261930933a9f6e6b818f14770991073eef98816fdc8ca354dc61
SHA51212813f2598bba0146c14feeec78d5c777adfff5fe4ff2992212f28851fb773f0ea30af9a0ddb8a9e1a089094932f99cf034c8d8db39d64476861a3daecaf3edd
-
Filesize
8KB
MD558d0752d7d6a7165b7dbe95d66025e1a
SHA11dc8929efc956e5d0ed95861456785bd7c3af404
SHA2564c078abe0de23666c58e2413d44b61984c50146081ee910f4c46ebdc31c61f3c
SHA5121a70291526fe417cbd64d8ba4b8a8f6ecd4da61b68e6898e358ae6c4e21767e9bbe657863c290ea8447e747825a922ae3d2a0ba811dbbdaf9ef14bba30605484
-
Filesize
72B
MD5af34b161d2f052e26d56c0dfc3683f5d
SHA10a9334e9e40085827bb204436098647e93399e1e
SHA2567bacdfc5ef0440d5e054297536cfd479034dfd06944ab28bdc895350003b4f58
SHA51202d4e22b0581408f442359133bd1e4fb984463f1b89087d8892d032050f212e078928c6521729a3aa343b4da05db7a58b2a1899ff61db8597cc653fa329c206a
-
Filesize
48B
MD5f5c7bca9471a837ae6b1d4d4b796faaf
SHA17025c4d07fd6e7c809bef584500ed9443a7a204d
SHA2564c06bf22b03d5a63df8d8224b387f32ee78e9e59039c3a5f137e39b75d0e93b8
SHA512e9e2499f6265cda35c32cff1b8647e50e4166d625cc73dae3f776f51e97cc441f4c348c0c91acd82f7a8d087975e22fb24facd7605be357980d07fca2bc2cbe4
-
Filesize
1KB
MD593625c2c9497117fdc1dade9c20bbd5e
SHA1f718f2cc3d4fc164a16559ebfcd7f1b63f88158a
SHA25649aeb5843f91f2723083ecd354323a05a865cdafaa3dfb7cc0c0bd51629003b4
SHA512beaaf77a400a8c5c9f6cec4e18f84b2c367e8e4b9b3dae67b2c1828ff44143d35fc94db3659e11e7f7b4ade181664cfddfe5ba7b7c0532ac5d466b51759e9a03
-
Filesize
2KB
MD58d8270f5ff2d75a8fefefca67d7d4fff
SHA15e230801bdbb3e8f9c4d33f7674ee1de5eb79f0a
SHA2568c57721850a773032cba4f1a0a1af4c3b5dbb4c7a544eda119b767beb54d376c
SHA512cd7f8a900df0a835cbf2e25e06d8872c42bcd34a956b48ff3de70d701c85010aab23de5d5bf43b16673fff0b1906881458fa70fa93a270897f0efebf8fd48427
-
Filesize
2KB
MD5092f8373a61bac99412141cb677e3fb1
SHA1af22e3af3dc2b2374ec7d2d26969fb4fe722a9ba
SHA25609e0612b00a151a12dd8e2692f2c2f4942d21734e47d568d0384ef22b965a9a7
SHA512cca633dc0d63e60f1a5c827574387d555020dae48b5a0abc6dbe7d6b7b875d7d698cfd231b1ef3e4050b3a9c64565bbf1ae1c168fa6674053c24bdcb58fc9589
-
Filesize
1KB
MD597578b87055d1616c9bcf649b8246040
SHA1cd1991daefa6190da0cec6d798660e0a5abb8b27
SHA2563aa931af1bcb6f6896f1878a55120c1cec9f2f21d3666b97d5e83c39d22f18e7
SHA5122207ecd90845e99bc62d656352fb52b371adb4e0da646fcf4f6072fc5d9525a81138a7213d34c26ea3c9ebd9a919e92d63e10debabfd5ce882ebd83b21a83b55
-
Filesize
1KB
MD581914dd65f9b26b6244479f2005cd876
SHA1147ff65fc1269c1954c6a66b7edebcc5bfd7bb1b
SHA2565742fed5226b262e66b750bed33ccfd9354c1204fa58b555936baf6cc2595a7b
SHA512411c4f2ee57165f06f236ba2a7c14238907d0216f0e84bec2801e1ab5f86c1e6a5be002e1e0b370e044039300c87ac9943704240697fe5f87a57278618cb242a
-
Filesize
2KB
MD5533733499f5ec674dffebeafce893f9c
SHA11cb3f02a2df56b0308d1fdf4c0c74c0f65d7aba0
SHA25685bff022671ae245b25d0cf2b6948693f270722cfbb0e52469ef998a11c92b01
SHA512cbddc02802942628c13d49a69b8bda6c5a0583d8e008b9cda662a48cde8d2a9b72a55d21b0aa5866235f3094eed841ec8db025cc69f37e6fd9261901274f3b91
-
Filesize
2KB
MD582ae9a223d137fcd3bc93f735b872707
SHA1de2d5a1984da311fff6713448fb4a50a0b958ae4
SHA256122622e21e7fff5c2e32d81ef1a92f375d2e670989f2f33abf787346343c0302
SHA5123487d0612e61b3dae9815278f576f5bbb692458e9d0090be6d845f93be4527643559354e08cae2b983db06f58c295f309e7d9f30fbedb7c778848894c52ba8e5
-
Filesize
2KB
MD5f717822f668d4659522bb8a78f4be4f8
SHA14a34beafc901dfec7779ff240a1aac45b5b7f8ee
SHA2561f24b418da371a24766065844d83f8f14a16221efa96297346fc4347979fcd26
SHA5123d9e27cc6474e0edf38f5862106285f7427e66132ad71784a29e8f6e3c77c8eb82cb7d25ea1557bb7ed056d5d8e8127f8a05e15369029881de9ea58784628dc7
-
Filesize
1KB
MD54b8773a8d5071a52c0318047d3d77617
SHA180daeebf871673ec2a81977d3fa1b8b836857ffc
SHA256a0895ee74b87ec2750cc972ee2e3da9d3a876d3e770e30d863f0132056a499cc
SHA51233d0477d81bea82b4d96a5c3977b82078bf4cdee6ead75b62913dc0ada45145bf3ea0d9183c10008c70a4a4196740cbadb4b131ef74a164c5d5ce4506496035d
-
Filesize
2KB
MD5c8d765695e11e2adee916c613d60205e
SHA1d0310c7cab62b0a026c03713c45bed928e5323c7
SHA256cdaeb5d8de90a0062ec67191681f9d1368504c123e23510846c1a798aa4306b3
SHA5122502b32a0c9c297d2c2d32460744b31291b4f25ad4388d01e46165c91767a070c59612f8cb470bd86d703415e6e48ca0b187213306f0ce177bc297422fe40689
-
Filesize
2KB
MD5eafe16d7b5f3b1d71b5ae09d900a1269
SHA1e16ac97a7792b4e6166a1e475e6d64262ef285a5
SHA2563a2f9aa8915b7690cb8bfa43a512d34fffa091976ab5d4b635dd5b3fd26298a7
SHA512c316dd0bc92d55797c60d861f496cd97b8ce6adae7dbdceb1dd3ae605c60f093b573b82e60ddba55d572d813d93a3f4d274fa88913376388fd03d7446dbad1f1
-
Filesize
2KB
MD5c710149159f0f79db639edaa6aa053b1
SHA109f79a17784f499c4047f096078e8d324cd7ff7f
SHA256be1c1270b756c4a1094591925dac95aecb8945eb39e845716e2299458088053b
SHA51210d099adf61043b50cb1c59452e17656c9cfa81aa0d00288e571244013c87caf8bd5064ce66a3580b7a2d73d5176e98f25c8d7999a860bd8cbfe1af094108a71
-
Filesize
2KB
MD5db9c00f00a4de332c3306d381174b170
SHA1f86ebf6acc59b026f44f93e8d9ae885220c32031
SHA256e4ef32f9873ceeb2d0c09bdfdf93a5851086f6557ccecb376a276186470ad2ad
SHA51235fc8b02620da861163538d9e6f06a0b4f96f574361d9b04545885b07704bd5e046c15475570945607886d6638b6c0451e929e1ace8f9caedb247ebf4286338b
-
Filesize
1KB
MD5b9bde901e1a005602b79bba9a3a4043e
SHA14567025beda360f3cdbdbdeeedcb6945f9a132a5
SHA256bb3d2190390a26b7d5d5d46b93a8ec29b1f0aa8f2786c240baabb2da362880df
SHA5124e0215a6ebc40c733bedfcb109b9b211cba659026d8cfac44ec96d8eb7f3547c2d1f1075a84a55e415b0a6366753b42cfa44d0ba768c3645888ab57a17beb6ef
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD54b39ee6c8e6b011db275c84259835f6e
SHA16abc2f134fbe9a601419ff16ab9d0d8fb39d7b34
SHA256bb7fb3e84670d1cafc246486c42191eb59cfa565f3f79bd127bd76dd1a62791a
SHA5121f614bf09d64344523c4514026b2a2ecbe85ba92baff28dac947b974813e7cff8dbe80720953e920a89081c306aaeffea0fa5fc43393af9c9b8bfd3d0f6ec775
-
Filesize
11KB
MD56935d2a9efc9250b92a5ba893d1aed29
SHA1bbb14aecf3e942b74cccdb25a0768c6970ffc9f9
SHA256bd70c3f4d56e8b8207712ba76f6184f03299859c8a80cdc8aa772070a0991108
SHA512d40e8c3376e1a2f661f38a7ca777bc9fa22af28d902c5471d63ccc7b30cea81c639910f3c4cc13a46f01b0be9cd28e5e43ba2ef8f64f9ca8353db67d137d21ca
-
Filesize
10KB
MD58b68a5fa3ad39b328a076089b681aa61
SHA1dc1c7abcf9da5b29211018c6d483f6e0a03328c0
SHA25646c536dfed536de0cadc32aa95a97ea436d57b9c802ff8b64887cfd334e8d105
SHA512f5a90b16415f608328ab210dc132ca1f97004e071be0024f297f6bd7167d8435245ded168ce2e0d78104cc6a8dcfdd9164be44d98896ca7013fd56df05f7043d
-
Filesize
10KB
MD50d7f3588195a2d65bc80e800652a6a05
SHA1cf7c059c9c2b44dab089ca3acc5e854da6778c0a
SHA2562f82424fc3fdbef7ad1a9e5ba7ae5090c0242802201a5fdb7a523ce2ab3c589b
SHA512d26db5452d063ad23b73d9caa2cc3da621e5faaa7bf53dc1f51c855396ce4c66f01aec965fd08cd049dd24f5b382afeef938da035f3101d0a99b446ae48b45a7
-
Filesize
11KB
MD561ce72112f4824e635cb57b44c59d0c0
SHA1a37ff4e28e45529a44d7eac45ec67000c6a415b5
SHA2569ec38d0fa6667c7b3ec2f934577dddba7936441ea48c343414877f130659ca25
SHA512704656e17a48d9f6827d5de69afaf58c9a78783350d58a79212d2c9c80087b30e3a1aa912d8088717ed0fb4c28ec4d825bb8fb4941ecb51fc345df5ad043b71b
-
Filesize
11KB
MD545990d17612ccf518ebf54d44219bb9d
SHA1658de6ea81693c85a6854d1375ec8d6d0f6852a9
SHA256afc48eff2b7ffd59bf8998f05909c2854382d17b8769b265f1a914fe5ca8af6d
SHA512ced48cc75b79e357a4456de1df40cec64f6596d2818f899b1f521be727a56535da90857d29a1487f98c206474adfb93dbbe9d37b1b6477eb14862ae12b82dfb4
-
Filesize
11KB
MD59f97ee869682da3e06b17fa23120f5bc
SHA1445833f0fa01151d5ec9d531963bd079eaa85e4f
SHA256e9aefa737c5e2cb8ac0ce94b0e4bc1012c0b2540d0f8ecaa30f464c6b892660d
SHA512acfce249da936cbb2bfd35f0c10d6692de5e0eaf435e8df1f2a00791aef64270d2b8406b00fe36578a40b5fe9a810550bf506335ce67b874168e9118c4c7f17e
-
Filesize
1.1MB
MD5f4ed3f278e6013f59b046729ffc650f1
SHA1da52721bf000708b987350989d75d8757a80d618
SHA256266571e521e28bc339e122d8baaa1e3d4862fbb8acb4133c14bf64a8c0df69c7
SHA51232d0116ed6c6f6287085be46b34cb7f79b461c6688b9c2783c658dab678087641abd7267786f62211feff11caaf7b98cace849ba7aaa2cfa91899279c824aa36
-
Filesize
3.8MB
MD546c17c999744470b689331f41eab7df1
SHA1b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA5124b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
-
Filesize
1.9MB
MD58b738a78e2b36b381bb36eadcc765b20
SHA166c5747dc34a0b24a52cecce83cc0bb54321266b
SHA25620996bd537016f7d46b8fa717625e5028a3736b4358d3a399d362c339f03f1e7
SHA512bf3d20d16c37ffc9009ea8c2d5c12bc5b9d6ecf24d629c5f66195b179c0a66f64269319904d640d36a60897ac03381ebdad0ff9bd17b1fba224515fd763d57ba
-
Filesize
3.7MB
MD53a2f16a044d8f6d2f9443dff6bd1c7d4
SHA148c6c0450af803b72a0caa7d5e3863c3f0240ef1
SHA25631f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6
SHA51261daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6
-
Filesize
3.8MB
MD55e2849bef6a38ed0b163ea6128afea01
SHA1d77e1467dcd5e6662a6b97de35cb017579af032a
SHA2566ec13e13059bac123d839fde5770db2c87248ef862d21f5f818580287a365026
SHA512e20bcb346b114c5e6f8f0e82d2143a7c02ffc77056983336a011fbe8e292d8fa0ed8d2aebaa6f665ffacfa1063f59a2788bc68bbe2605316d7791eec3a1e1cfb