Analysis
-
max time kernel
226s -
max time network
227s -
platform
windows11-21h2_x64 -
resource
win11-20250314-en -
resource tags
-
submitted
20/03/2025, 01:18
Errors
General
-
Target
https://bonzi.link/
Malware Config
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Dharma family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (787) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file 3 IoCs
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Drops startup file 5 IoCs
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 20 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Drops desktop.ini file(s) 64 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 57 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bonzi.link/1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b4,0x7ff9460cf208,0x7ff9460cf214,0x7ff9460cf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:112⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=2652 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4924,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11403⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6216,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=3560,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6400,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6416,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=2728,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4176,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7124,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6112,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6740,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5848,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5436,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7908,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7812 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5220,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6872,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8024,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7888 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7900,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:142⤵
-
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
C:\Windows\system32\mode.commode con cp select=12514⤵
-
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"3⤵
-
C:\Windows\system32\mode.commode con cp select=12514⤵
-
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"3⤵
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=752,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2604,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=2840 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6892,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7892,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6880,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=2840,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:12⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7876,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6608,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:12⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8236,i,15206722625403335756,18181171165811991534,262144 --variations-seed-version --mojo-platform-channel-handle=8240 /prefetch:142⤵
- Executes dropped EXE
- Loads dropped DLL
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\PowerPoint.exe"C:\Users\Admin\Downloads\PowerPoint.exe"2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- NTFS ADS
-
C:\Users\Admin\AppData\Local\Temp\sys3.exeC:\Users\Admin\AppData\Local\Temp\\sys3.exe3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\fc365fd24a5f43aa96ebb4079b355981 /t 24440 /p 243721⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\9c2d0138c941470a9182ff9617901898 /t 19120 /p 187201⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39db055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD53453d85138c57b7b31836409e03d29e5
SHA11db131d0809b43f75251179240b1c54b41db7dd9
SHA2562a27438e1432f00395bb57a2cd2b60f058dd7737f5456d24af9cff1ed0dfc3c9
SHA512b35a080642027ee0afef2778f9abdbbaa73e791583a9af40da5a010e548eb37ac4cd33892e42b623b86db116e12d6ec2164461c0752f3f2dc97c7f23b4c70d85
-
Filesize
280B
MD5509e630f2aea0919b6158790ecedff06
SHA1ba9a6adff6f624a938f6ac99ece90fdeadcb47e7
SHA256067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b
SHA5121cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264
-
Filesize
414KB
MD536f639347d1b1728633d8c58a98c5c26
SHA1755e9431f4f5d00ea5c4f428c2ed55bb609e83c8
SHA256ce88d0b7309e0dc96d3a97852293c98cc6167bf7d4f60dd6ea85627968834101
SHA51253b9857b3733b070c001ef1312c11666fb0226513fa7f12f02a162b5b7a8ddab17e78fa3e82c6222b2b3087b067fe3ecf6a00fb498b1eca9be58c3c665b4a3d1
-
Filesize
7KB
MD56ea2e25d2e109ef37785b641713b367c
SHA1dea6ea1e2cbbd327f223a1a6c5d57b0dabd388cb
SHA256116d179fbf761073a13dc9a51b297eca3256b2c1de772ab11b7b49e8e4604ed3
SHA5128ebbc17990acea338eaa810c1c67fa059bc80a6da148d0e08b9d56321b16b13f9393ffdb0d7c8d1009cbffc7b3c3cdc875a600ca38413bb68c0fbff8e4585ee1
-
Filesize
3KB
MD5eb7027cae1c925fa84dbb1614b4f96da
SHA164564244529afdb13663762b1b8d7915636f6772
SHA2569123161ead40f48297cb7a4df8dda600b7d1f9202c4551df7deaef4a4eea2c97
SHA5124d489a0ff9156d0e0bbce69fb56b75f223eb5f9e7f979b713fa9673c6c7732a988ab8a6889900e36a471ee630817500adf808ada7d142f83df87f1c142245cb7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
32KB
MD5842dedc06fc92dbd4acd287a5ecb11e1
SHA1a9ad17d5113ccde7ea08c90eb486d34f4050dfa4
SHA256626cd0bc3702539aded15964c61058c403e526787a840bd42f2b96cb595514e5
SHA51225894db97a6a86b2034677cfe4a990c8aa627a8b7f8a9479e9669e82c3323327da217c3b0c7b6dfb71314d894ba04025c4dcafb6145bcc99069a9454fc0d7481
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
343B
MD51a35b277f06f88b1efcb4b51f81b092f
SHA1d47d18100a51e680f41083d8dafa418f63ee3cc9
SHA2564d9de419c66623d6d7f1d14a01000c395c6567e5d50a91b65abfa1b1dc3d890c
SHA512c69fa201830daa5ef515dee152613bf2db3bd8b80bbae68454d75983e4b3a00c73007c2cff4b9680149f68d179362eb31e0999e672d78ea760e7c8a4907d09cd
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
5KB
MD5e5000745755b722eda798b86aaa98f27
SHA1ee646787615b6c39df8a32598662bac9bb0c8771
SHA25631ca24099d92ab6198a23d46a9e427da968e8972aacfababc4100dda37f2009f
SHA5125da87e53cb1f8a9856c3714429a73c7e603590ab781aa909174222cd48dd5be8fe307c318ae7ea68d03cd6e829420ee8c62c315604a06c7ee0b4007061c69eca
-
Filesize
3KB
MD5756ca4b4554e535fcaa8dcbba3eea438
SHA1d69a9844810a5735f004f659a2912d5ef2715c70
SHA256c8d824f0fe8fea0e7aa39736aded5eeb2716cf76e9338de373793c1f29c914f1
SHA512a464189ec865747fee8bdeb54ed1dddbae45f7b0e3abe9e62a38597490e2ccb2db156b579ad504ff4a39bc7ff7a12ef54818855f82fd28655e7e1d383c61c9f6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
211B
MD5b57da195dd5b5d268779063f91d75cbe
SHA16766b158bf9d164817b7f2d49e3da6ac1c90a102
SHA25699c1efa14e407124d3e61b440e8ec9b67a148d878ea8e58bc257c20681601f76
SHA5120e2cbd9c0eca7519262be9dadc2bb0b145bde7132a91ce198069a199946f704ef4b8c26164b9040eaa0294918e3795bcbeed29b7d065c9eb2d5a660a47f1218e
-
Filesize
19KB
MD50425c6fae9fda1e0ecd52f4afa1f5832
SHA1fb3adfd8544a8e3a33fb10ed9d786e30f1d2d346
SHA2566a06a4c490f1660a7c3167d494b8af4b9a5613f85ab4bc9bbd8babdca4b66cea
SHA512c94316032a6faee362ecc23735264a705df448f8223457d2085662ffb7f11178901cd13b8d0d0056f47214f68db5a86cf7be66cf7a7dee825e342c9dee89743a
-
Filesize
17KB
MD56ff7afd1b09730ebcd4c6f26b3b8e5c5
SHA168f68d254467657898fb61cb2fabb5fb013c8259
SHA256e18a8000a1347fdf491bba94a1fed826a54f2ddb5a437d769b77eaa7bb580c8a
SHA512a050597378a40a01afdb5b13063bd0d9589115c1983eadfd5e8061efeeceefbd4d54c11d55f9d4dd3cd41c1ab71a7d51da41a0d0caedc49cfffaff78d7701b83
-
Filesize
18KB
MD58a4aacf4cb3e62f9006cbc6992147e3c
SHA18976468e1b384f3ce91f1d0b64ca0873977c512f
SHA256c7b35617c037c8125b6564d9b57ad77c46556675d0b82f9664cad041e8817445
SHA5123da77921c36b6baa1531f7b66d1ec613681505a70d0e8b7ee69a24e3510d71fa0d3cda42e025d84e9150255368970501222ce4b63ab008389764e7deaa1d452f
-
Filesize
15KB
MD5ed604e4b6e135106eadb6ea515acc3eb
SHA18962c511e34451746ed171d3e5de8bf805042260
SHA256c5e373ee51303b72a3fe758cef4ec0a14119cc7e7188850a65ea7117bb29834f
SHA512809f3bb81d78f3c611b17a1cda1c71b0343e8849d02469297dad7781f5bd69b3f6e13f27a6f45f9b7192a9d112cef90845ad13d176a73392a91796245e752157
-
Filesize
37KB
MD5d370450fb2d62397a9bfc1446f4cc608
SHA12edc12091ad1b44394cd6c0eacd574791a23dbc5
SHA256a6385248d70e82896f1141b022f7fe5831e9b1d77c3ab74c19d99c4ef8f26e1b
SHA5129e89dd166ffc3ee23afef6215410f7993f028a3b01e86121dc241b21da185ffba2561db64587d5ee19fb7b2068f1ebb384a50a8cb0dc22ad4081a39cec6df951
-
Filesize
57KB
MD5cef0fc7909ab93e9eaa13a35e58e0927
SHA1da0b47c9a251e9b231d846ffbc34936937a517fb
SHA2568137d36d9febac68aff5dd25daca9b7b925e1a6c0ad798ca2a2b996603826c70
SHA5124adfb3f70ce82f53e4e070722a779cbbd0cae1ba11f25fa7ebef055838d300f17ca6768d893bd13aadc64dcef483fa48159f1f960552bf25f2e7520189e9f970
-
Filesize
72B
MD52b9d354cda7bfedcf9d05577f64dee88
SHA1bf2a235ab053d11a9a0b6b7ed29d19971cde7520
SHA256b9fc095b3dd980eade05191631d648daf87723a66be16710dd1c1aeeff8d8e00
SHA512c0d71121f5c7330afc073b0f43d8d56a8cff1e52aa0c038091e6cf38d4ef2b6c844567823b7154645e61cc1006ede3e609b588ee497e88842e612c351c1f36be
-
Filesize
72B
MD5ddb87be51c537504c58374a9a99cb609
SHA1aa4d7d0a0dde61942ef2c04fde94cd04723edf1f
SHA256e6eb0a015f714fdce5f7080f292c0be670ad17ba1d43204b781b1490cabd88f1
SHA5122616b311c12a512bde642d69e366f527db3460e632b5a2132c8d789bad02aa71c48b5968c8f3e59b930a33f26c1530ec1f5ce03094e273353310e9f46feffd1d
-
Filesize
72B
MD52b4abddf63fc5576af32343805e2fb84
SHA1d9f1b557d93f4c12d589e7dba1a69a491173309a
SHA256e9a237d006c73f0bfae964730d81bf4ff284c845d357aa5757340bbd7b9392cd
SHA51248667a298447abb0440afdf0b01b41a11b09d21b354a97c1cd14dce1e9ef7b1b9234dec822de59a9f6e32d1f83efb1a59abd8a516e61952276f61f9a793a7cc0
-
Filesize
96B
MD59dc0797d9764cac2e28049ebdeb8f9e6
SHA166f1aa009ff89f1dd3965ea168e1ec1321a16d78
SHA25677e6e0120d97fe3c64376f57bb4440e7ba9a84201b8affb6fa4b7b5d597dbc02
SHA512d036cf19a4f4b697b5cfc8635d3faf950fd3720bff89a08296e0c3a54e0441e8c1f850bdd488643e89a03c12fb2642d7e7e4e07955222e647a7c1d93489070f8
-
Filesize
48B
MD5eca572ccc949f621444f34d686e40c41
SHA153deba5ee5c565f388d476417de44b72e9a0ce1b
SHA256468375415077b5a941b9977117cde25c12ad5c3c4235cc658c7dfa2ea62719b5
SHA512f9e40b447b3ec97ebaf461cfb96131859e7b5777d97c1cc3920b41b6613d0bcdc51699c53464bfcb2e11d08e8a7e5c86623f56f33df29de35fe4d08cd39cba3d
-
Filesize
2KB
MD52f6fb63895a8618484024fdacedacf86
SHA1dc2ce151ec83b1c60e3161120b083010a45a3661
SHA256a796bfd1477558de07f51aa83174b40b07737d080ea4dd8c8efc3e7a10dbe51c
SHA5128ba371ed15800aa9779f06d4888382ff9a45ad2983780255188b281ab692f62fb79c97631f4f5f99d9a843d763a30e6ff82f3ab05229f638ae0c239a4f065760
-
Filesize
2KB
MD57d6dd95d0a4e41043012519a895ee16e
SHA1cd404532a3830a686a1ae7e6f161d3420c93465b
SHA25616683f78a5c7b6247e6c2ad01018124a78120176dbfcb3291e56d80fd912c0cc
SHA51281422d4c13c5534173da9edc4fc1b875c6bb9c4e703b047e04f4513ecdb5d710a65ea5e22a8e9db69f95cb67d0cfaa5d296ff8d5a1763ebaa38bd352654b3729
-
Filesize
327B
MD59ff9b81a8813e4cbb740e69994bc9ad1
SHA16c15a61d7ed2b4e0280311ccc89f47110b054746
SHA25678c86ac82c6651cf552fb6afdfcbad5a9d056282ced8044ad2c64640b6e91106
SHA512724f83890e08b0ffebe007230854c165e23d33cd8a11bcdb915a39fad3a11c31a6fdbddc6db3034ba41ef994445389f1cf404a1e1c279b4c0a94d92a08dfd5b9
-
Filesize
322B
MD5aec50b709f57a8f9a1f1b8245d587f28
SHA12dff1ba335b1d02d468989310691d39b76e40f5f
SHA256ed7bc85d27586b27f6fa636e2aea6ea1414e0ef3a9c1a19d088a8723d66b6abd
SHA5127c8012920177b15e822361669b9f26bfd88e5e2f2507237e31c9e7221742a91a9eb57216f50da3182377bf4955567850780261162e18338a12c3ad98abcef18f
-
Filesize
72B
MD5098dfa6d00946e970ec8d6b8a0aa0280
SHA1b234bd7f8befd28d64579ee664eb5aa21dacf0ce
SHA256bd297d4b66f261152ecbe4fcf4d9d72b79b24c9fed4d2b77b4a574e0a23703d1
SHA512c13b5c7d5c7ab2f5439a6418929abb242a4dec0b83d0eba5ec89b92f0873a9491ffad8dd9564d455dc53e3757b63becd9e89a192b50dbd7ba52076c67b3e0915
-
Filesize
72B
MD5881fc596929eae09d0c91936c0685976
SHA13f38009e9d7782b91f55b40517bb8675847a9d08
SHA2560f14cde94d5d36ab8fe40cbd6a12f0d02882f3da66dc1162cff7133211e7fb03
SHA5123a589e6d139a0963a4923be0f574a1b4ecf953ca9b2caa2f1e1bddba000a95c8d676b6ebfd56cd1a6e355576c431be7d2e137b5a61ccd55ad0bf02f799555417
-
Filesize
22KB
MD583a5ae28b3eb5e70c797412066076e81
SHA1b58fab967f96bc802f001e82cf7f35e04f467f17
SHA25694884a4fe3d750edf7387cfad17ff168ea4521f5531a00b4366429f08375fdff
SHA512718c36a31dd7ad9b20756b266787fcdaa4847d1c04a4493b81890c8c03a7bff4a3583fc07d3da4214c4027029ef23940971fd685af52dacf74ae10a294a53fee
-
Filesize
116KB
MD5f58f34936280b974c884e8c7cb6c0b1e
SHA177818d9826e184f8d7f04c04071b3e72037ad528
SHA25690aaa7c67062e0dfb04d0ae527800f8600ecd2be173b68c3ee049d4de6705235
SHA512b0438fe83de7c1fdcf852353622a3f55368d3d309a644405ba46b6c4bb0342ea5dd2dc9087d8efe1bb48144aac1c40d0d5842cfa13f80bb88a37917243aa1628
-
Filesize
467B
MD57c9ed291fd1a409da5e2132aaf604182
SHA182fce3f1a47e441f1a70eece3316b26af7e32bc3
SHA256ce9055b89c5f050789b1324b84ec845f09c0065d75e115a6ae9f2e9a3d19e4a5
SHA5124028ea2e1209d1b5e1a4cb9aad9f0aaba85852e4bbd8f3e5c442877900c42daa9a806d589ebbef473a650408974a1ef7b5c1719e8c981706804012dbc3922d88
-
Filesize
18KB
MD5c6f78d5bb42cf670470352fd2f625fdd
SHA1e4f96c98846e341892ab57f61ee5145d3d0aaf50
SHA256f4a5c0144bb14a20c611e1badc5ec63a0fd807e228bc7c6fe18513e23682eea0
SHA51218fa111529a4cb92039472ad1962cb39461a39fd2d96bb41a6ca89838f573555e7e0d4ff4aad0019f0bf6a81ed746424c2e1e76161c366423dbbee4866bed4fb
-
Filesize
900B
MD52c610a242bb63906cb7995ca91787c84
SHA1d72a181f10b2ed3178645cff95a5a108a5f648e0
SHA2569b6914450f219109007136bf9b8fa42c9d11d273d98d73cd3fdb76023bef179b
SHA51269f0534b830598a7077bf75ad8faebf87d9d9626dd8eae6d8a354cc48df7ec0e886d3d14b61762b26b860717952d408b90f2e5ac18666911a99c5ac4657a346c
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
2.6MB
MD58c2ded5ce16a7bf55288dd0abfe9c2e9
SHA1e3bd16952408e3b7dfbf868b103b46e41ddfc069
SHA256ad49aa499e8566e9656fdda03b08580a30c2c27fe5d1adb3e6cf41a684f99229
SHA512cdfc65065939cdfd7488d805d5aea747020b0420412b8ff4392bac74012ad281f3dc6ecd3db964f8bffbc8e0776651b16a0c3253695764d1c3d89bf7805b2eb2
-
Filesize
23KB
MD516d41ebc643fd34addf3704a3be1acdd
SHA1b7fadc8afa56fbf4026b8c176112632c63be58a0
SHA256b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c
SHA5128d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74
-
Filesize
804B
MD54cdefd9eb040c2755db20aa8ea5ee8f7
SHA1f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA5127e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209
-
Filesize
81KB
MD52e7d07dadfdac9adcabe5600fe21e3be
SHA1d4601f65c6aa995132f4fce7b3854add5e7996a7
SHA25656090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a
SHA5125cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593
-
Filesize
34KB
MD5ae3bd0f89f8a8cdeb1ea6eea1636cbdd
SHA11801bc211e260ba8f8099727ea820ecf636c684a
SHA2560088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d
SHA51269aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa
-
Filesize
55KB
MD54da47c78921a063871105e6df7d6276d
SHA19a4d2a073f08bfab764c99dfb09ba896d485233c
SHA256472ecbf300f109dbc0e2e8d1c1b803370749bd9b0934d023b777e3ad1b11d8ea
SHA512e99ef1f3c0f771a2eac45f8d55304f99bdc8739668a3d2e97dbc152f2314454600295775bfc70020455183f26b5460574a8b7afaef7bd61e494a19cbd2a0385b
-
Filesize
50KB
MD5bacb7f2bb89dd9e2328929341045900f
SHA15c7d21e47b0cbc06ece5916c7b051789b86d24c5
SHA25632da94954bbe0ea6a89a971412449e5117a9df2bc64e3301cfe0cfa79630374f
SHA51224b3f01c39522ea05944b81a7c0f04205832c0accd797999daef2b24161de4d27840804e21382952c0c0249d835805131e32fde0d02abaebf7fc06ad31818b56
-
Filesize
41KB
MD5cba1ab8a9b1756917a3a576d8b8b58ec
SHA10aaf305d7eb29223052f2baf8bec873e57898148
SHA256edbbd90a343c6e92f32af244443a6352977ab5496d14d6a10c1036a73a1711d2
SHA51283dd6efcf5c164a23c7f819814a2a537e643b2be52f75a5620fe6a4ca39d57f97912aec1c4779c20833a1dae7365c4b6ffe2ff5c5b437daede3760e656794cea
-
Filesize
55KB
MD5f1817036c065ac6b1e3b0df5645e489c
SHA160045e986a7072603c0b2abb5e4e6b38b532e9e2
SHA256e7063ce97d99c965edd96884571e132e949906552710cc6ddd351ace480f2ce4
SHA512f27f8496c55753264d69abd6c9f170cf2dfed0f4c684870fa708f719cd151fb4488c04267dc27b8bd90b1ac1f1e34067dd41247372bb34f0aaf99c597dc693cd
-
Filesize
55KB
MD5eb2c22d443055fe3344cb32705535e9b
SHA1350b02794f0e61f4b531468fdd77eb5d20916d42
SHA2567b5248271d8b9f609abf1465ebb7d920ddf4701dd5e00ec7247a396e7af95c38
SHA5128c144007b930b4382f94652f82081dcbf434b83724fc0b2367a00973e97a766efa41d3856c2c454ac5ae790a0c09ecdd53023729b56f8372bbf1bfcc69abedb7
-
Filesize
392B
MD5b2800cf23e40f11fdc3f48c3bfa08791
SHA165ec2eac2dfdea0bd7615910cd41a9040b923e52
SHA256384845d382460a368d1f7ddb4cee64a426f673ee1de78a73a6487f34197c02aa
SHA512196846f97f1b981cf213437f720e49e8250a7e0fd9b08e4134829dfda4f7401fd726ffcb6f0c52d0393357e90659d96e74c3fec4295b5c85b2eb1cbf1ccf6579
-
Filesize
392B
MD5b9f2ce9dc9e9d2639027af3f69600d4e
SHA1d520937b656d4772f9269c7230518890f213fae6
SHA2567fe6c6b4a638a5876bfc7f12516719207f66240dd4963e0c40f3d334fa2d9149
SHA51249984e59a651a6117423dbd7a5752974b7cd89f78e74abfc658888c937ac64699f9a40e094dc899f305c1efc4d2e1edd5c36446e17c0ea29addd926898a5b0e0
-
Filesize
392B
MD56ac8bbe40335e2b774f95572ce5cb45d
SHA1e9f09b8bceca1783442c8c1c37b65c9fb29ba5de
SHA25675ba95395f22f67add2ea0f1c40a582b8dd3fc499b906b64c50011dbdc3f0869
SHA5122cb772a2a8b6b93ed78e86cdc0ad82c400ef5e244faefa41810e91c14b4bdb170b104095c9cec768d2ebb4d594fe0e6c3b424540d6f3d5f5fb32e203169248c9
-
Filesize
392B
MD596e8305bc4a3bbd8e86b9176c0d98054
SHA15e71b5fa69d875903e35c975da508b92ccde446a
SHA2564e5026ff2b2c4cbb321d6a75a26137c5cb1d47a29e29b639a0a982d82afd446b
SHA5129ede9f9647327428e7244e0acfa42b875d53881bd6b30e118b83fa90444c43213252548b6c313a7bdaa71e916775ba16e22bb452ecdd88d84e9932d0c85e79c5
-
Filesize
392B
MD5ce94e41f6017cdfd272a292df73a7b43
SHA1df7938b1655d44ede8fe978d1c4a5348b3bd1282
SHA256d073b2ec61805b3a94f7fb0c7060816054d843bc78e89329d5ed329623e5a1ff
SHA512d4f679b9923ee6180eb7d5170906d0dc29b55e2554c1909644540b7ace6ae4f50a900245c9ef120b4390f9a20032306df8756075372561cc4bc0220d97603830
-
Filesize
638KB
MD5ca87451145b7744bee71724af1feca21
SHA13d99f1ad97326e49ef04904db63c312bd8c64612
SHA256d03de614aecf8590e013746de46b715605b72445a14702edbda12b5ce2db3df3
SHA512ef4a47b30b6b03bc73e4c876111af6d08f741998308bde635427d466d4800f8764ea94462f4bd9f13d21c9eff12cc3c2b8ac13433a8cef3f7aa5bc8395c4285f
-
Filesize
1.0MB
MD5055d1462f66a350d9886542d4d79bc2b
SHA1f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA5122c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
220KB
MD53ed3fb296a477156bc51aba43d825fc0
SHA19caa5c658b1a88fee149893d3a00b34a8bb8a1a6
SHA2561898f2cae1e3824cb0f7fd5368171a33aba179e63501e480b4da9ea05ebf0423
SHA512dc3d6e409cee4d54f48d1a25912243d07e2f800578c8e0e348ce515a047ecf5fa3089b46284e0956bbced345957a000eecdc082e6f3060971759d70a14c1c97e
-
Filesize
136KB
MD570108103a53123201ceb2e921fcfe83c
SHA1c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3
SHA2569c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d
SHA512996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
551B
MD57bf61e84e614585030a26b0b148f4d79
SHA1c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA25638ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3
-
Filesize
1KB
MD58595bdd96ab7d24cc60eb749ce1b8b82
SHA13b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5
-
Filesize
2KB
MD5cd247582beb274ca64f720aa588ffbc0
SHA14aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895
-
Filesize
121B
MD5fde1edabd926edaf85bd8dcfd6d26f0d
SHA1380c447a4df3871885c99d926edd1e689f247b99
SHA2563bab6a96aa24d25d5f838199dff00837be00480f92a559d30a24f67334e02a2a
SHA512acc5b7ee98a6652a74477d2a9b295ecdacfd0182b75931653d373fdb15c52d1d869bbe3a41e4a79db36ed91ed55c39c47526268b56b123e9b7f19479bbe8dc13
-
Filesize
113KB
MD560beb7140ed66301648ef420cbaad02d
SHA17fac669b6758bb7b8e96e92a53569cf4360ab1aa
SHA25695276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985
SHA5126dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5
-
Filesize
53B
MD522b68a088a69906d96dc6d47246880d2
SHA106491f3fd9c4903ac64980f8d655b79082545f82
SHA25694be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88
SHA5128c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff
-
Filesize
118B
MD51c86577f2cd4d32c2a66df8ea2688d85
SHA135a17132f6e9fa4cf9f7cfb307870eef46b697f7
SHA256312e962260bb133a4c811348a75396477d2bc284701393137cbdad971317578c
SHA512ab8583a6c1e0f34f937296d12b9c045c99a8d5eb61fb36e797940cb0bd65f952eb99cfcd44c56ae45d6d14ff330bde0bfbd9cf5c18fb8296bf68a64b38ef7594
-
Filesize
145B
MD5ba1024f290acf020c4a6130c00ed59e0
SHA101274f0befca8b6f4b5af1decc4ade0204761986
SHA256551b8c76c19c654049d2d8043a79b8edb3c03e1b695cabf76b4076ed4921ae28
SHA512e55b871dd3500f30d639089cc42a4edc3bd4d26d2c4fd151322a363fd8edec82d5345751953f9b581e40f22b6a8976faa0ea7ec9fd286f73f747120c87ea7157
-
Filesize
1003B
MD5578c9dbc62724b9d481ec9484a347b37
SHA1a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d
SHA256005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0
SHA5122060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
1.4MB
-
Filesize
1.4MB