Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/03/2025, 19:38
250318-ycrjca1kz6 618/03/2025, 19:35
250318-ya273a1kx9 918/03/2025, 19:32
250318-x86gpsw1hs 618/03/2025, 19:31
250318-x8flaaw1gs 318/03/2025, 19:29
250318-x7f6es1kt5 1018/03/2025, 19:25
250318-x5evks1j19 1018/03/2025, 19:16
250318-xyyn4swzdx 818/03/2025, 19:13
250318-xw6a6swzb1 1018/03/2025, 19:04
250318-xreyeswyfv 818/03/2025, 19:00
250318-xntmeawycw 10Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
18/03/2025, 19:35
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
Malware Config
Signatures
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
-
Downloads MZ/PE file 4 IoCs
-
Enables test signing to bypass driver trust controls 1 TTPs 1 IoCs
Allows any signed driver to load without validation against a trusted certificate authority.
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Drops file in Windows directory 20 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Control Panel 42 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 52 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x25c,0x7ffcd88af208,0x7ffcd88af214,0x7ffcd88af2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:112⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2272,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4064,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4088,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4108,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4176,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3612,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11283⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6136,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6576,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3648,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7164,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4712,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\ColorBug.exe"C:\Users\Admin\Downloads\ColorBug.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Control Panel
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7136,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4120,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7188,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:142⤵
-
-
C:\Users\Admin\Downloads\ColorBug.exe"C:\Users\Admin\Downloads\ColorBug.exe"2⤵
- Executes dropped EXE
- Modifies Control Panel
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=4236,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5044,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\FlashKiller.exe"C:\Users\Admin\Downloads\FlashKiller.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 2563⤵
- Program crash
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4188,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6824,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7240,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\LoveYou.exe"C:\Users\Admin\Downloads\LoveYou.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6844,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4528,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=7100 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4644,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5836,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=7400,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6892,i,10600523081392863948,7097726880929379078,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\Spark.exe"C:\Users\Admin\Downloads\Spark.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\bcdedit.exe"C:\Windows\System32\bcdedit.exe" -set nointegritychecks on3⤵
- Modifies boot configuration data using bcdedit
-
-
C:\Windows\System32\bcdedit.exe"C:\Windows\System32\bcdedit.exe" -set testsigning on3⤵
- Modifies boot configuration data using bcdedit
- Enables test signing to bypass driver trust controls
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1340 -ip 13401⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
2Code Signing Policy Modification
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5ecf610ffadb6b05b729f1fb747c925ce
SHA1552e136d3b35f6554388dbf3de27cc3f13aac1aa
SHA256e60d57b0c686fee38e691bd9736e26c41a31f3f058f68c1176c0a71f8108abdd
SHA512ac191b7ef1e260e052031443b9e97b79824c03ae79dc76639317c4f3c70c33ab7b3239cfcf38ae5ed803adf4bb011bb9a9973cb9ba1787b91de2c171cba803b5
-
Filesize
280B
MD5d078e361e0ed3a9230b38d7f87140520
SHA1235c905284ee451b6d19054ce804e8e02a4dceaa
SHA256c568a7aab912809de985c73e6f662c91cf29ef7e6d91ef6a2ff03989f0894338
SHA51279eac09b34e1b2274901e9114c16212b608d4ba2c8875e000b77b6cab80578e25ad5c8020ff0f32c4b57884c7bc41cc494b936b4154f5d922ebba3e6457ac9e7
-
Filesize
5KB
MD591a8a1810f6af654b3d4c870f94e8368
SHA1beb672938cf2cbc621b7b99e2cd7402ba413483a
SHA2566298653ed8383b00e7b89e3e9238c405a8c0eda29529e0da0e3fc706b15621c5
SHA5129415d6ae409b8fa7fdc593f718719c1b21d51d316193c3ebcdad686e588598e0b97dcfebacc2b2e1f8f3a1fff160f4e2c06ca00a0a11a768676eeec73b30b1c9
-
Filesize
3KB
MD5751b3baeeaa5806d7a21833fea443d82
SHA113c881147db930c6925b374582a6beb53cc09b9b
SHA2561bc5cd43625395c8c73dbc2af360ef13802a73d2e95972e8684a8551b5022224
SHA512416fda08c5ff102a183527064bed3ff9d7898e9b34144e24d0679b8d145c1bf280771bfa7020dd057086f137a035ea15653829f49f0f5b8685bf9952230bbeb5
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
3KB
MD5f9cd456f669cda3755de7f563fee63be
SHA1192a46885d9d6ad8ba883c02831208d80f3209bb
SHA25655411c5738ba64148d2b52f44d0db742f5b749f4a0ea00a8eb95384b9892494f
SHA512c49188e1fedaceb11a4d69b213ecd20a56e68b2460e76f8bd90cbb66c27f31cd951c3427d08150efff62be405a6a655404d29255484c6175462d71e029bb4511
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
15KB
MD5ca53d5184b227ea18740fd95b4fdde26
SHA15adf058336cb8de1bc39ba2e8850c39b08ce375c
SHA256a43868b4b0cb6baa1269f78cb93671e24aaca2683b6c7d5663886605e0ecdaf1
SHA512073a5b2a69d2cc626e0c762bfd478c6a83727299b70bf8482ea5439aa32e37d11f703cbf4ae88adbd56ff54763b6b57149d2deaee84d12c1be41878e9acb5160
-
Filesize
15KB
MD59484153d585e1b390f911277beb9a165
SHA1c5c468de2365f98dd35c5da6e766675db2fd7b19
SHA256ff762048c8c6c02877e01eacf1f303d8f943d7284df3b3b9c1e7f7e46ee04627
SHA5127dd48bdb999085985057e84153736fcc12d2e95ce95cdecddfbb0fdd8b21c457604457fa0764642637c94f4140af339b79c59f039b2dd88b8d62e8dce42d322a
-
Filesize
14KB
MD5ed889dd8f8fd2b19b482c10276a6440f
SHA12f1f705cf8328f92da026d14b35b2a597fc1c35e
SHA25682ae639d15a9c01a37a2b5adc6704a900b91b1e31d2190b3b79216ef3a9152d2
SHA512d35feb2d05df11f6c8e45fcfac6c87054446439599dd0b85e0b30a9cf56bc93523b8d732a253d5bd8c4c24f656ad7890f6ea706ff6897b1057e3bcd57317bf56
-
Filesize
37KB
MD52414e6ca1e6b148935a69aa1a5a8f491
SHA137e99f65b63ca4088ba775ecf2d1ac201df49cfd
SHA256189d26964bb087046d3995ab74d8c15f03d37a08ee10abd2da1fbbecdfbe1ce0
SHA51246ed579512e3c53e359baa9936881dc8b96363d0342b7a14491b48d20163106aaf3f6426f39c4b3113413c061699ce9e2b9d501fe53c2d7f03ad73eb6521e948
-
Filesize
4KB
MD5a316f7f9315f4ee42b98c8fa97395cd4
SHA1c63db4be22b99c0c6646f498b5c82ab65a169d4a
SHA25639cc69c4bf5a066ba4c355c2c008df01ac4a4d7b6713c3085dc0557c1267dde9
SHA512ae46b188f38d40940897e64352270a224a1b4a9f6fb0a5a14f75e5a0f8f1f0aa11b412f73d92d86a93b7cbb9f4d80422bf51fca2d7641e766dc6d82941b136c9
-
Filesize
20KB
MD5622cf13abe8c4ba81acbbe4070f8d70a
SHA129c39577de789602617632a1ee745e5897805fa7
SHA256b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4
SHA51225d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8
-
Filesize
21KB
MD58a36406c045e6b8e48afe75feae35bb7
SHA1a2c003bb6b250ed78f4bfe324daf823a70aea19c
SHA256380669fc225d6c0d781f329aca0d00c7c515cecc7f1907cbf639cd14502fe6c8
SHA5121749b43f82ab6bdba33da95620ebc9752f388a764b908d049b8750a398ff089c3ff1b5204ccb2e749cc7fbacf0824fb5a94f4c4093c63eea2004e413bc67f045
-
Filesize
880B
MD52ffa698efbd2d5fb77398a8231890b06
SHA1bf7eb04bd66eb047d8ce2f3a1401766d1e73b09d
SHA2562e82ff8b2c4412a4c073cd9b3a0df76b4a9a708b29d3b696fa7ae97380164e67
SHA5129fdb3067a7c7c30edd26352e1311c18a566b2b9e9c948d96a252ea35d6c9e26bf954c8699c5044b56351ce23ae40ae1eb6942ca38dfcb73373dfc56d7ba4a1fc
-
Filesize
469B
MD56d9ce2f626ce4a6c2b6d79205b23c829
SHA1cc23cc3c3303c04151400f903049c675d2f31593
SHA25662defc3e2327bacdce184a24793af43d2ef1c8805c60fe2342171c42ac485683
SHA512e9b4230784ddc78318b6e0b350177fd65267f3a6b05ef9fcf44f1d20667da984989d11fb3a1af83779e5e0e8b3d45dfb3cebd4fe340d67f84360e75e27de08dc
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
30KB
MD5f9d85cf6edfabe9c2a263d3c3b2857f2
SHA17e2c8d030b7de3c781f2cec94a7c88ee8bb468b5
SHA2567677a3557eed5332f15b87c217cfd33c90e70594380da0f9b5253fd9e2cc7a55
SHA5129b02f5fb56562ad7f54021943851fe5437c5519bb3221e0693263ad91a5bafd473c96498b9456e36ba62270f4374f10c08b8baca1c901b20a7b8ae8c31117eba
-
Filesize
34KB
MD5b0e948463e23788ddc958ec3b9b4672a
SHA1f0551ef496c05dd5c41c7988936b2b3efb499ba4
SHA256483f745041edb5f9695f987353342394ad16e2adab42f42798e068f0f09a76c3
SHA5127a4e1c98ed41a85b8f7511baffa4109a574f7e58e9d6a0c8c703c1065677fa1f8e9d4e4f8b2916cf3f7b8e34b67bbf37403eb7157c43da04d64f79b8c413cbab
-
Filesize
6KB
MD5ca269ba7a3d9731b9d1dbd23b61e01e2
SHA1f1fd8fd6b96a2770345e7fd4da5b2152546bcc69
SHA256666198264f6fe714b5659dc82b0aec6b4ae61271ad532d415347e6483b51822a
SHA512f27c7cb688b2f96c119daa5cfaf465da0440c75cceec51d4f43b33af02bb8f5adc753924abbf6a3ef5135f00b994236bb0cd3f9c2634cf17f48338e51e5dc508
-
Filesize
7KB
MD575a093d33a390845e8e9b83e62b0eb92
SHA1c0dab3ae6fe820f3301b39393573b3958ad1eb65
SHA2566ab6be4bded982e1ac175c3fa4b862fba810f14a09e78e18f74b1653a183b98d
SHA512fd14a88b4b9f22cdbd1a0ef52511dafd889cbf1eb4f1afd0dd6cf62b7281c980bf0335ce8d80a7b43bad2829435953c77d242f3c3b46dadadf7e15c8dcad4fdc
-
Filesize
30KB
MD5ff6ef6b55ee2ccbaa4995bd43c2e6e80
SHA1b507b0467e1d55e42a67fac332af3db341bb4f8c
SHA256687c38595ecebfe60ec67a294a7566108172cfa6b9287b749e9b87f937ccbc66
SHA512222a907211e94b0c697db3ace90639817958632d6d63844266bdcd408fb897c8ddca124760ba4c3d6c4bfdf197367e22e51d83aa79e43dba3f3aeaf6d1ab5886
-
Filesize
30KB
MD5267e24b53208466220e9f714a3e7278c
SHA1d686e75458a1d57bd0d3e0c434db1c451656a1bf
SHA25633e5be03854777c054429a59c8550f2dbe1cd951a07fa5f552af557f91a4d2e5
SHA51238c9bad44ea66ee7f4f2c841d654a484e739ed1a72fc8e34393d72c40f4f64529dbe02ed70b8b0001d258c73d48f941d43d70611f46c692dc816bb21cc77a122
-
Filesize
392B
MD51af9439caa43e18f96289bf450780ebe
SHA14cabd4668f95c99d8156be5b5e809639906ad882
SHA256c796d719ecf15c94f1faa6620fde91bf6c503f64249800b3230c533d8013a13b
SHA5124afd3273dac2f0a838abe79b20e73715ce29d6e31cb27d16933325a9f1244590b72b53ec1cf3d54ed43fc28cd76c183c0e4cc24080970534619978c03e18c0eb
-
Filesize
392B
MD5ff02da974fbb252984ddf2192a259be7
SHA1ba635a2800be3f19a4c65777fd010e9b1cc27c2a
SHA2560ec5cc79289ac955a6d743343bf3e42f37956f766077afb2f6481dba62db1d3d
SHA512bb6c6c521dc91ba15e8b733737196471608d4d23168cf89bbcf2dfa3a8453160ac1376b0b54706c85b0ee059ccacdfc8200e25f04bb0e67af95c1062cbd40a44
-
Filesize
392B
MD56ed9976a3fd0b5aafd2333929d02ac60
SHA113631975dc221deb9188a3fb097cb413eef924ba
SHA256db05534bd598b58614e3866126fe42f447dc5d6daddc56f243087978e7db1906
SHA5122c3fcf0d1c4e6112365f11b2eba9bf87ede3cb10f1171974781a241f4432e0f7322faa26186e15685f5a4c616982aea7f994c932d75c9a00dc2384a2ca4c9339
-
Filesize
392B
MD5b6112bd429bb7f506470371bfd3ed154
SHA13c558b5760523a5e86ecfd12ee91d2e7b321c640
SHA256c9e348cfdd15f2b0cc9f4103e8a7db350af8e14048d17832717e4b5e5e028f55
SHA5123c1767e7343bd73be99eae0f8084ce13cfd701ec75eb7cf5bf8c46b419ece7f1bcea234db20585af22b46a96bf06406f374b03620906eca84e98490fd4393caf
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
53KB
MD56536b10e5a713803d034c607d2de19e3
SHA1a6000c05f565a36d2250bdab2ce78f505ca624b7
SHA256775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
SHA51261727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
-
Filesize
223B
MD5c08152afa3af8bfa232a887dca616bde
SHA19d9e4bf9ccef1d3317330f837a0c6fc2985e36df
SHA256bb0cc6fd2397e3196da44dc619ed1f86f6727cb91589b3b0370ecd3ed8b2883a
SHA512c638221c87773ff7276610556eabd6a3e03d5c69c5782abeec39edfc93c45da7abb0b074eddea4daf3cc5c38cd4f17ffb2619451b0c8a8056952fcfe8f2bf461
-
Filesize
4KB
MD5331973644859575a72f7b08ba0447f2a
SHA1869a4f0c48ed46b8fe107c0368d5206bc8b2efb5
SHA256353df4f186c06a626373b0978d15ec6357510fd0d4ac54b63217b37142ab52d3
SHA512402662eb4d47af234b3e5fbba10c6d77bdfdb9ff8ecfdd9d204f0264b64ea97fc3b5c54469f537173a26c72b3733550854749649d649bc0153c8fe3faacc50a1
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
22KB
MD531420227141ade98a5a5228bf8e6a97d
SHA119329845635ebbc5c4026e111650d3ef42ab05ac
SHA2561edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71
SHA512cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7
-
Filesize
221B
MD5af826f376e2abd103c28535d1207173d
SHA113eb7be666d8f047494837ee794dc98718365b4c
SHA256a0b1843e9d31b5aeb5848139477d6897b5ba614998ec30bd49fc482b101be260
SHA5127ff602b9f060e50c3b0e173284b3580a2fbdd3aae10e53a767275b6d06c76cee5ac9d713c5b9e67966e13b1f3b01f2ac2cd01ae92fae39e8d727c47120be878e
-
Filesize
495KB
MD5181ee63003e5c3ec8c378030286ed7a2
SHA16707f3a0906ab6d201edc5b6389f9e66e345f174
SHA25655bfcb784904477ef62ef7e4994dee42f03d69bfec3591989513cccbba3fc8fe
SHA512e9820f60b496d6631e054204c6fc5b525527d40a578faac1d5cdb116abcb4a35aacf4f4354ff092a2b455c5d9c2e0f29a761d737d9c9ad3d59d70b51d0583d92
-
Filesize
116KB
MD5a61c26b360471c8258c7571037c4bca0
SHA15db105e0384f25b1ab165c10a9445e6b943cd0ff
SHA256e77316a1fd682e1af8af3ccd03c170f886b9ec8edf7013e1be6a6207cb5a6f16
SHA5123ef680d50ccfa4311d3d1bec1648c48cf8e8633353dea5e06f52339047ede36fd1655ce728541e769d9fcaa6ab8c2a66981aef708a9f4d05ae46ad26f9d6aef4
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
80KB
-
Filesize
16KB
-
Filesize
80KB
-
Filesize
512KB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
336KB