Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/03/2025, 19:38
250318-ycrjca1kz6 618/03/2025, 19:35
250318-ya273a1kx9 918/03/2025, 19:32
250318-x86gpsw1hs 618/03/2025, 19:31
250318-x8flaaw1gs 318/03/2025, 19:29
250318-x7f6es1kt5 1018/03/2025, 19:25
250318-x5evks1j19 1018/03/2025, 19:16
250318-xyyn4swzdx 818/03/2025, 19:13
250318-xw6a6swzb1 1018/03/2025, 19:04
250318-xreyeswyfv 818/03/2025, 19:00
250318-xntmeawycw 10Analysis
-
max time kernel
130s -
max time network
134s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
18/03/2025, 19:16
Errors
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file 5 IoCs
-
Executes dropped EXE 5 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Modifies WinLogon 2 TTPs 1 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 13 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 11 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x28c,0x7ff9dfe8f208,0x7ff9dfe8f214,0x7ff9dfe8f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1816,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2304,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2612,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3344,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4220,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4248,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3564,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3520,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5900,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5900,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6364,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4532,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4604,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5348,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=4284,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3636,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7012,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Gas.exe"C:\Users\Admin\Downloads\Gas.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7148,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=1976,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\LoveYou.exe"C:\Users\Admin\Downloads\LoveYou.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6820,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6852,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6024,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\PCToaster.exe"C:\Users\Admin\Downloads\PCToaster.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"3⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\attrib.exeattrib +h C:\Users\Admin\Downloads\scr.txt4⤵
- Views/modifies file attributes
-
-
C:\Windows\SYSTEM32\diskpart.exediskpart /s C:\Users\Admin\Downloads\scr.txt4⤵
-
-
C:\Windows\SYSTEM32\takeown.exetakeown /f V:\Boot /r4⤵
- Modifies file permissions
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\takeown.exetakeown /f V:\Recovery /r4⤵
- Modifies file permissions
- Enumerates connected drives
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6628,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7080,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7236,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7088,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6780 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Alerta.exe"C:\Users\Admin\Downloads\Alerta.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=788,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4396,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5308,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,12452323164968911214,6299462754391647108,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\000.exe"C:\Users\Admin\Downloads\000.exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies WinLogon
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im explorer.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im taskmgr.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' set FullName='UR NEXT'4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic useraccount where name='Admin' rename 'UR NEXT'4⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\shutdown.exeshutdown /f /r /t 04⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39de855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5a46a324553367dc0b13a007305e4f102
SHA1005a700ac0bf4429024f9e857e2281f82f370aed
SHA256a718f2fe90be4422382450b4959840a13d6d18dea09d3da5394624198a126063
SHA512d3b9fcde15be13451aa441070d9143fc53faa6a2725adea7fb9c340bcb9d7ea183dc1b36c0f8ec21c1748c80bc8fa03a14f198c2fc914c9f8e81702bd8e18399
-
Filesize
280B
MD529f13140c50c2394177caf96baf3a5c0
SHA1680e35060382a846752eb208b62de077d31fd1eb
SHA256f4554eb3e1e133edb5f5f01e19539ffc52adc0b346e19c4742a815e7a92b2dcb
SHA512d964d066a2913d3b6eb73925160d7e9d79a94ae5c6e3956cd361b54fe53833b311990a91346917bc90b227301d864939f6a5a417ff52ef9fe8e21971b1a661fc
-
Filesize
5KB
MD50096554a2334e66ee6923c94b83183ef
SHA1d8e924348c9b40e77b0d52148e1c0aa90de11c68
SHA256be4810311402f65c0c0dbda33f8c8f6b7757df9e47ca908eb8dedbb041a226cb
SHA5120c104d4b344a2c86d71cc5c003104e7fee2cfdd2c820b86948fd39572267a69bea3df1af1b9e2cfa124f0eb2ae0fc7c447e266b7412d6c4429482027bd7c4744
-
Filesize
3KB
MD5c5c4d2696aaed1cbcadfd0bb98c3348b
SHA1b2b8cd38b13f057a90b80650fa238a947c2b2286
SHA2567fcf29348a78ba7d3f933d7e8c40fab58f5dd6c36a61094d518303ee5d55e2b7
SHA5126f389cb3d377a4a46083e9bdaf7647ec18efb2a9b9a8f2de9a7627ca549c5f556d213622462d7c0cba5efd1f1b2f65162c2e640c15e58ab344a5b701ffdeb843
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
3KB
MD56f56666c1f0a3aec147ea18728956777
SHA1310491fa677fbb3213bd21d82eb051754e22f28f
SHA2562619b6074faff32746c9768d90616f60dbd044c0deaf80925982e9c181c1d4ea
SHA512f5436f46e9cb0a706d415fbededc219e7f408aa697cdbfa6e81895e5108eb3cb1d9b8e0092380f95fc152cd4664fda0719c4ae78cc3955d4f1e80281dd1aa7d0
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
15KB
MD540542a60584cb071dcfa17843b742414
SHA1b4563be01a27eee3ef1677956310a93c28de57b6
SHA256d59924cc7ba931981e7a973c08f82cc5d2e6be6754538d3dbab54f760e9254b4
SHA512389aafa523099e28e066e635a4325e5cfd5e9edde0586c944a725e031e681ecd095ebe2ea74d5501e25cbe86e9aa34ca590b180120d671af853b16e6a8f7b3ea
-
Filesize
15KB
MD56dbaa9465e2c8a0ad4cb47629a92ff8b
SHA138520893ef40c135a181925a904e628d0fa665f7
SHA256d0f4cfd89d3d41bf5e956cc1e4c5d8c122fe800683773665d29afc6dce74cea1
SHA512b52dd95b012158ca6e319d6e57e223aa45db1c7ef6afc8683ac033554c8b3453a6969dac17fbc97ce3f2b5414828ec5baa46c73b3e1981b1aea4cd0e9b2189ff
-
Filesize
14KB
MD5dfa6f6bc75bd426a5d4a99a8756f44dc
SHA183cdc175eccf2252f72e9b82dce20f652abbfa81
SHA256b5ab0e539220dbfba59bfd1d4732132e8eb689f9199f43fdab4fc1575151af8e
SHA512e2045c26118843e7228645e381851854e729d9734f77e0910f0a557b56dff38d4a4150fc0d065a3bbae78387e99f5e1bbc4b5d8ef9b56f1636238919d3f86954
-
Filesize
36KB
MD572404852a6b42e6504ba355b3e534187
SHA1af7158d6ae28fb3a910ead547bd948728a463908
SHA256b7158010944d793c5c3c49cf6ea7cdfa42993bcfa86456c6daebc21efbbb77e9
SHA5120a4be296b38c39050941e79b486f588dbabcd01250b5ba171bfd2915151c3dee14531ddd8e7e5bb56bbfd74e92b511ee80e640f1dbbf5d2874324a9fe6dddf1d
-
Filesize
4KB
MD55336694faf47c19467cc25cdfd0b7163
SHA18b9a439929b9d6c643cc94e80025f3922a46155d
SHA256fd4dfd3d79b71495b904fe2feda28d161cba6c14524f64ad62304dc4fe9e2347
SHA5125c6e98859fd31cab1e8d0c70bb94db840e928c4658e91f5a487d274606ebfcbe55740f7f423a8df7d62406810557c747c51485eb1620249facc76af273536516
-
Filesize
20KB
MD5622cf13abe8c4ba81acbbe4070f8d70a
SHA129c39577de789602617632a1ee745e5897805fa7
SHA256b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4
SHA51225d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8
-
Filesize
876B
MD52e1eeff320dc70ca1cb5a959a0e96c5c
SHA17f365196431b36a2eb69f571d8073760644019e8
SHA256c31cb2265a758de1fce8b99f43b89de822bf4f53e5a0bbf50bcc19e326271289
SHA512c722f2b688e3d63984ac3c3d2a32b3509612e02ad548f9c6be4a0c5b11be8d571d62276a71588a40c59d74e8b5afe44fd10d5978a76b74e3bd772aed635e0e6c
-
Filesize
21KB
MD5dbd6681987bbadb6b5e30868473d029f
SHA1ccb98314fcdf0e272d224141416c91cf0c20560e
SHA256a0481a5758c0771359e6a31efc47a940d5b53d8f80bfc75f3aa9f701f8f1185c
SHA512238da908b976cbbbf7be5fcfd0031ce528d55b8b13145265e79f3fa4130fb799d0f61aec621bee9687b9ced62d0d9f82598077a5bed58758b118d797dd98f116
-
Filesize
469B
MD5e5b6630af4092e5efac5ed468860964f
SHA18d7d61e4336e37ff95d0cd004bba44841111a3d5
SHA2563c8ad52f42218e6d859549d4e43e08ef91d84783d8a5b870684274166b776b40
SHA512ee4c69066b367935516b900ff693f6e9d4bddd837b02235ec23570173dfebf308fd1a4198da7ff440de24180b1a2d51a57a559b0873053f7bc2391b97a8c88df
-
Filesize
30KB
MD520700f22528d93ca3f7a56507d40927e
SHA13487c59fa5e741d5b88e7666328e88ad73c128ad
SHA2563a79870dfd5ba56942e7b632f79a911fb734aeab5d2ceb3e7e0a17e530dcdced
SHA512e0f2d979013067f54b5e8883a4a1b17d077bd88743f44cb1d61dcf9d88d8745de11939f95af5ba19c85938a9cdfa5eebddaefe2eb454b326f77922f4b8f22749
-
Filesize
7KB
MD5b975d1e28146a034222089e727da2d3e
SHA1f6a2f906c6a849975c40dbc1939e6e9d8f2ef7ed
SHA2560b44646bac59f2f2d08e9ded45ff6a2d1caef13416f1f764de69023d4eb8c732
SHA51268de577eee2b999aabe9fc7d083194ac817c41624caec89a4db9d0a7475f25cf071919ad43f7852e0ab7ff2a9a2f78ab5e8d950994e863a55fb32ae1ca61f16e
-
Filesize
39KB
MD51b92a6ed945147487a1a11a84c73d3a3
SHA147d2c38ec3d93419bf4581f6efd56378838d4052
SHA2566c65c0e70353724f62ac20720b7b6643aa854ed617e4a0c821c00ec843b84dfe
SHA512bbd871f082798612fe533d1c04d121642d38dcb9fc643afbb73636adf9cab38285c41d9260611a2800f5d76ab365a7a4f6c3333119a44fcb13b3727fe3f676c6
-
Filesize
6KB
MD5e57e1d63737cd0d68ef7af14dcd4c65c
SHA1e5cf4a523f80eb909f818724c34247cc47c25ca4
SHA2566dd1055baae5e20b5197e8525d33ca5267b8a2fd41fc85edb0bace3e819908ff
SHA5121d2c938bd63fdfa9ea245fc303e122c261b77a3b18c605facd9d447147853f846f44ae280306b732f318f7e53adee0f936699d581df255591bca3c248b348c9a
-
Filesize
39KB
MD504b8dac007c24457da98ce2fc0ec9fec
SHA16da5f6456c507ae34bb6bb7c030d4cbf616e95ed
SHA256ddf193dd07c5fb19bfdf7c823f5e16c55ada6d23dd796d9bb44c408e91ffe533
SHA512fa0f8cd24ea4b6466f08a1466eea809a432fd0a8b941c1214daa4bde29a1d1f5a4fd79b3599b03340daaf9f3377e180b34206681fd0e99fbee2812f751e9b0bf
-
Filesize
30KB
MD5d5c4bfe0a40274ad38af9a79a41f56dc
SHA18b19384e7cc2198a835e9fb96df488befb32827b
SHA25628acdd17fa7f3eee1404a29dd500cad2f4a6e6f1be13b397bca54efe2a1512bd
SHA512d83db813310ce0b7a6854b68f0a2b61cc633fe1af2cf52de82e340e489c4053ee66ff10a3810c6284d807fb15c0f37245d1fa3efdd473e3235c0e2b540ee65aa
-
Filesize
392B
MD5c26889c9a23deb04287167f5e5fce476
SHA1f020838b92e6e8c7aa1cd1935ba43274d8397934
SHA256db9fffbe010ee317ae713d6dbff53879c4c37114c21e5f1ff07596ae7023c1fc
SHA5127dee239fabfeb88dea85350cddd61735c8d3b8636caae5f911244e5268d36453df52ea1e2fae8f7b20c371495f000ba89458bd10868ca3a54a36a055f002bc6f
-
Filesize
392B
MD527e8c3372d67e75ad288c9e843ceb29f
SHA1dde56504d2d4422b8e6bd81e9663f9e64232078b
SHA256eb59f8f17241b8eadf33658de077f13ee7b1cad8f0e9c614297f2897c54d9f97
SHA51241ea483e51cd9ab8a69c070b79e32e8c0a3e9cafe9927254f36647494cfa46c8d0d9b7d15f3836e734c5204383090078a614c1ede169d6081394e1090b790dad
-
Filesize
392B
MD5a5936a7c37f4e66a1ecb8b307eb4a263
SHA133773595d49393a7b6b379fc5c15c785a27e875e
SHA25665018e7cca295e4702cfc85c9bc5a9391dd8e8cddf44c2600522ecd34ad813d7
SHA51254bd2d549b4f2aaa0d50635fa4ca3b5d0941704fce8860b264625e6523ebf0648c4e331b429badbb3b616e906fac5114d14a517fa14563be98c994e64b96deb4
-
Filesize
392B
MD5e988d82a324da5f0ac5941eb75797deb
SHA1a4cc71a31c133b5efdcff884bd74aa9e88d66c08
SHA256564bce96f292963c76dd9214594dca2965a51c2915fdd346908b5f62ca1ffab2
SHA512486f0ca917e4db4da366fffe421d2cece922f6c47edf186d0821fe70bbad96e8457a63c9ae957d1731c6e89227f8a465bf0868eca981258a8cdad93149db50eb
-
Filesize
392B
MD5860b425d48ab69c3550bff41a62bf390
SHA1688b0891e236e5262001fb339d72a96b1d82d245
SHA256813edbd6d54893374830338ac1dd54980cfdb6635b12d5ccab851d93d22eb376
SHA512a27df251d02ccba56f27cbfebb84cf4bf62f682a19d0c430f88ef36cb8469c2c398dd93992c5896005ca0ea995418d50d48b40d936062ea5f17370f36df224fe
-
Filesize
392B
MD5d1c78a866e1fa96fc5599369376022fb
SHA13c9cc05c88215b6de702420c5b65ab387c858b04
SHA25695702e81168cef922ab573e0e5bbbeecd2c65ee4268b371dbdf084aef5db3452
SHA512ff43ba7d4072ba9a2e4cc181acb5034a44b615243a3d5b36de661cef2bb44076fa07dbc331f70349f6e850c1ebd070fbb3e438fc461d0392d51478fe5c60fffd
-
Filesize
896KB
MD5962f665ecd520cdbdedcdf6f574e5555
SHA1023c10519d91510960bbb8e989773ae01b5574eb
SHA256281f10492a2f6df878df2af5c1753434ce05ab26f4fe30f76d80da53d391e5bf
SHA512936f26b0e4036612e9c4843f8aee4faaa20d890fe260a9197ecd04c9d4c8664250ebe3127901e27fba8754f325348fce63cd79dc3b8b3e963726fb43abf2ecc7
-
Filesize
2KB
MD57f9cc5bbad0add8ab1331c74e9c1860f
SHA1faecef0cf66e23ab7431207c12d679493cf96335
SHA25655844bcd033c787c3442e6bb04486f07c8f9c9ebb36ca5d58ba55fe58417507b
SHA51240e7caaccadb2ae9a05b85186dba787fbfece0d411272d59cdecde084fea0fcceebfe8f326332305b70cf1b2b59f0278b79121a43bcd35e50603f6bcc9936814
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
403B
MD56fbd6ce25307749d6e0a66ebbc0264e7
SHA1faee71e2eac4c03b96aabecde91336a6510fff60
SHA256e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690
SHA51235a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064
-
Filesize
76KB
MD59232120b6ff11d48a90069b25aa30abc
SHA197bb45f4076083fca037eee15d001fd284e53e47
SHA25670faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be
SHA512b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877
-
Filesize
396B
MD59037ebf0a18a1c17537832bc73739109
SHA11d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA25638c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA5124fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f
-
Filesize
771B
MD5a9401e260d9856d1134692759d636e92
SHA14141d3c60173741e14f36dfe41588bb2716d2867
SHA256b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7
SHA5125cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6
-
Filesize
6.7MB
MD5f2b7074e1543720a9a98fda660e02688
SHA11029492c1a12789d8af78d54adcb921e24b9e5ca
SHA2564ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
SHA51273f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff
-
Filesize
111KB
MD5e8ed8aaf35e6059ba28504c19ff50bab
SHA101412235baf64c5b928252639369eea4e2ba5192
SHA2562d2a22db20a44474afbd7b0e6488690bad584dcae9789a5db776cc1a00b98728
SHA512d007c96b2fad26763d27be8447ca65e0ab890deb6388b90cf83c0b3431e09b225f7424098927b54f15fe34eae953b61b45371b0df4b2d89c60be9c006ffe9034
-
Filesize
18KB
MD5e7af185503236e623705368a443a17d9
SHA1863084d6e7f3ed1ba6cc43f0746445b9ad218474
SHA256da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a
SHA5128db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3
-
Filesize
22KB
MD531420227141ade98a5a5228bf8e6a97d
SHA119329845635ebbc5c4026e111650d3ef42ab05ac
SHA2561edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71
SHA512cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7
-
Filesize
411KB
MD504251a49a240dbf60975ac262fc6aeb7
SHA1e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0
SHA25685a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3
SHA5123422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2
-
Filesize
45B
MD5ad1869d6f0b2b809394605d3e73eeb74
SHA14bdedd14bfea9f891b98c4cc82c5f82a58df67f6
SHA2567e9cde40095f2a877375cb30fecd4f64cf328e3ab11baed5242f73cbb94bd394
SHA5128fe0f269daf94feaa246a644dbeeda52916855f1d2bfd2c6c876c7c9c80b0ceb7e42caf0b64a70bda9a64d4529b885aaa38998a515d6abbe88ad367e72324136
-
Filesize
440KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
5.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
6.7MB
-
Filesize
224KB
-
Filesize
56KB