Analysis
-
max time kernel
454s -
max time network
455s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
22/03/2025, 17:11
General
-
Target
https://github.com/ThatSINEWAVE/Malware-Samples
Malware Config
Signatures
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
Ploutus
Ploutus is an ATM malware written in C#.
-
Ploutus family
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Program Files directory 55 IoCs
-
Drops file in Windows directory 42 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 10 IoCs
-
NTFS ADS 1 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 23 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ThatSINEWAVE/Malware-Samples1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x268,0x7ff95a65f208,0x7ff95a65f214,0x7ff95a65f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2112,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4092,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4104,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4136,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4172,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3736,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4108,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11323⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6556,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6736,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6904,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7044,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4188,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4088,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4156,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3100,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1864,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7188,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6692,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3540,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4244,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=7244 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=4604,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6216,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5292,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3680,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4524,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:142⤵
- NTFS ADS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4200,i,195078627486627946,4165161084989207770,262144 --variations-seed-version --mojo-platform-channel-handle=3712 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
-
C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wsl.exeC:\Windows\system32\wsl.exe --list2⤵
-
-
C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa6c --server 0xa682⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xbe0 --server 0xbdc2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xcb8 --server 0xcb42⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xda0 --server 0xd9c2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Malware-Samples-main\" -ad -an -ai#7zMap8493:102:7zEvent67371⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\Malware-Samples-main\Malware-Samples-main\Samples\Pikachu\pikachu\Pikachu.exe"C:\Users\Admin\Desktop\Malware-Samples-main\Malware-Samples-main\Samples\Pikachu\pikachu\Pikachu.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\Malware-Samples-main\Malware-Samples-main\Samples\Pikachu\pikachu\Pikachu.exe"C:\Users\Admin\Desktop\Malware-Samples-main\Malware-Samples-main\Samples\Pikachu\pikachu\Pikachu.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\Malware-Samples-main\Malware-Samples-main\Samples\NotPetya\notpetya\NotPetya.exe"C:\Users\Admin\Desktop\Malware-Samples-main\Malware-Samples-main\Samples\NotPetya\notpetya\NotPetya.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #12⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 18:213⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 18:214⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\9BB6.tmp"C:\Users\Admin\AppData\Local\Temp\9BB6.tmp" \\.\pipe\{1DB1D02C-D27B-472C-9D09-C2EA6FFF7420}3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68B
MD50f1916e9bbf740149210c5ffaa88158d
SHA140f020e60fd31355bd4a7c6916ffdef000a0f5f0
SHA256b1d06274db9b93fdf229e106a4b19b50676f94bef0762dd0bc26b16f07050705
SHA5126bd6fa7706f91ea2e0363e9a2bb0cbf6d28e0e3dc48a6d32a65966aac58c3d38ed7836ddc5afb69c570172ee7143c8664bcc93393b88d9a442bad451519d78ef
-
Filesize
2KB
MD5627073ee3ca9676911bee35548eff2b8
SHA14c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA25685b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA5123c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb
-
Filesize
105KB
MD5ed831478428f88826cc2e3c074f28689
SHA150b1a666dbd59972c3b793178de44d3bd96b4e6d
SHA256e45db6c346162b3d24c374fe388cd3c2ba252a75d539734a620c89c82e73ba3e
SHA512afeca5ba0faffaf9077ac7fc310ec676aef5a2ee9fc8987623cb98de41dbef520fc3f2a141673ba5ca63c671c2ed2e6a92cf873b5de607221c275669536924dd
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5ca53cefa89eda1561903f2cec58af742
SHA166cc43f787136e1070d79ae51e3fdd4c0ddf6159
SHA25632e69371ea4fce52c45992bcb31113c9ffb90016e93d0f5f9ec119caa8a8cee9
SHA512a71715ec9c429d3ffb4e59b4e995e6698187ff8cfb5b3096dac9f54f0a87d02cc97ed181cebe55043bee5a75834ad1f893b72d345210459e92efa95404ee70cf
-
Filesize
280B
MD516324d67eebfa38055529e9e5f1f9ef0
SHA1d8e94ea2c3d5a7f4e73880055b9247e1014c5c1d
SHA256aec06bcadf691e0d12402f0c8ac092df48f1c2b4b77dae27d10ec618d27f8e95
SHA512ce528cf5233a9f3b40367f45612e7e11eeb89aba427a7b353109fc742681e99c8368e217a0d51f882c31cb6f88cf02dc9e352a01b86863749929d71f78864f66
-
Filesize
7KB
MD5b0e51356ec1d194b0e015e5a2678808f
SHA13400d83f4e52772b8788f47ce9c39596198d6900
SHA25602b7566427f1c22163ebc794c1abe53453cff4a6c9d9d2ee2b202041e84868e6
SHA512f718cb01b14b31240abb8f2532d8b1fac7d665f2738295acd60102a8359e40541ef7d3d98a28312fd614518a464870e01da1f849cd6e8e329d7ff43132f564e9
-
Filesize
158B
MD573e3618355bfdcaf041280a964caa638
SHA151962c05d79150c43f6ca8a9af4ca080b11e4ba0
SHA2561029c80591e790dd3ac2f558103210c1327531c1bc4bcf7ed370ceedb44122ad
SHA5127d0925c5b4692baa7463f42849225ebf18be66d3c580ae8addab33cdeb37def9f0e7d348e26f2856a873f6404131afa30869a8dd316d00cd7ed05eb62a310bb2
-
Filesize
5KB
MD562bb5e97cdb26321bfd965d915b1f4c6
SHA19cc827bf9f452f3cbef40057f3353b3a844d22eb
SHA256e375cea5c35a6db99ac88347ea0d4517dd3b915641b149e70db22f4b7d77a1ff
SHA5122bbce9655e5bf619f62cf61bedba0a0c745e68f02297d32e79e25e115107acb15563047203a7239f6ecdfbfe8b6be3c8311f35dc3edbc8c3d13b265c84e3274e
-
Filesize
5KB
MD597653dea9aa485d64a27bc129933ce75
SHA1caf5e489e32a42b9ab031de07307523daabcefd5
SHA256278b1355b5d366c003ec9fc0fde0a31ea5aab64c131531f71b5442dae558dd6f
SHA51280e1d6cf2b476b4fa2021f38c26488045a07e748f1b5f98a765cf017b6210e62e42dd00b3031e032dab0f4b63956cf60d6f48ab5bf38e9ba887edec9d6ed5d69
-
Filesize
3KB
MD58de9900f2aa0b8d6817637bf8c83a8c2
SHA1d0da68e5ceb7d3297a2d273d7f78354c3288134b
SHA2567d1dcf3cdead42fa791dd1346c3b8cd3e5558192d067dd09c64a8577458be3dc
SHA512c336f5ec6bf8ea22cb7a320efece4266619a6965be58f3abcc1fbdcec4bdb09f7288c97cd1adb1f13330a5c5d82e9fc2524ea585f90aa56c0ccd81bfd56d7cf0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD59a0eca67145d50387e459b23a878da31
SHA1a90c3d279b53eb7c49f2fbeceec80f600e79c6f7
SHA25688a3d10daecd8c60f043238bbc2fc42d4599ef79f52455c471f7eee087da4f64
SHA512d435cd5df6de50ce1195870d0b2c498544ddabdf73052924d13a0f1930033bb762882984dbf40d6608c1a03f2aa370189a9b18bee616f43890c6d3b6a3d6a154
-
Filesize
2KB
MD55f88fd99bddaf1a93ef0dc098583cbd2
SHA1392a648c910f0e140b03834bb6c35aa46005fe36
SHA2560713c36bb46000a2ce28c21400f1f0c1cc0acb271564b326d502eddf51b12004
SHA51227a9b21b185eccd70b3c7ea1b03feedf2df90d7da420a06cc25469e6dc8e81a9b4ba18cddfd55df6ab1ddcdc46c8b3ec44c091dd5a718b81257c4a565daf9f55
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD5adebc34c03f3b0fd0a8bc236f9c16f9e
SHA154dbb9881fe57143f77a052cb217327f797510d2
SHA25679a9e164d47de04624af4a6bc9c008017c37fea51bd609e3676b0a1d611172d1
SHA512488c4e7d5aeb1bd52f11724093a870808030a23ee37161a00dc6aa157aaac468c612184d1256c6710355f405b074695a4a8135aad9146345f386f556b0d7856e
-
Filesize
2KB
MD58ed5bd064ee2548037624073681a6636
SHA13b89870c824a735e2edec8df554b85dde3fa0ac6
SHA25676aec2353fc5519487aced08fe5ee09dd5c227457ae788875229dec5b3dc9319
SHA512b3336afa13ce88e67edfdc8a7a6862627d6719e303151b2657a7f49d8fa0b4eff7197124d1507054ebae01098d1399762a242635e3a8619c62cadc95272b242f
-
Filesize
2KB
MD52295df24c772ec9b8fc8eb8698a6dc9e
SHA1177c030a267130c6e65903c4fb753a5e0efd1051
SHA25603440b6e5f934fffa550433ae48ac33bc92368cfc85d962c08d07a5fdbb2452c
SHA5124bba93d3bb83ba32644a3c861e1c68ad03a54b92b12cc6fdfb56c01691d8c0c8ee334d23873339c1978479cc2b813545bc21fc7d3b9bebfa4a252dd9cbd23900
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
16KB
MD50e0ac527de0dbfa4fda16d761a38fc99
SHA1c21c61293c94f78f24f627fcbd5ef920fe6b1e82
SHA256487fbecd64f2c4d5c7d6c605fe46770387ad77a317e4fa1c9735d8921d7fb2e7
SHA5128c85a892427d704879f4dfdd7209ecf4f021188353ac3a747f857caddeda305e4ecae80d1e7ffa949e7d07acf8511f013f9fd54024fce9c89cd042ca3cbc82a0
-
Filesize
14KB
MD5ca4783f88e24065bffc79c1e54d00982
SHA179f9be2389400f2683a36c831b24ad9425e23647
SHA256ee9a80705a0238908b3ab02b2b85bb9198be5d0d6c0fd933d1d6293b41df4e53
SHA5123aac27164bebb9a00d94adc0a948f80ad2c53317844dca27d07f2c9b1d059cd677a5e5d7508ed3d5df3b8c8811c60ddc593d04523129c11a21c5323649f8f392
-
Filesize
15KB
MD5d3a9e0d099359450f77c40e67fbe8ecd
SHA17d33b97db30becffc76e6fc9c208d009170777c3
SHA25672ad957454e0637799ca7cdfb91a04a22818f91edd8dca1d6ac3f6b6ff196b38
SHA512c40a751f1393031a8bb59272c4495c137396323dbedf74617654b91c6baf8912424fb3270dfd7ab943ae198dfda4b6490f3b6ab08537714c50b49ce2249de051
-
Filesize
16KB
MD5ff0909b833e06ae95f458944f66b852c
SHA1d1ed7d6b6acdd734a698a91e07afa08c357ae056
SHA256b1f1fc1e465d49ed85a9d2ddd92570c3388d1a02726a4f28b8a876d1d9182345
SHA51254b48a1839f8d20d65382d565eadfcd8a2b773f7f6bf1d537453d9b83573f624e49c460b3fa3be185277606755873925717d70592da2818cb5532838f8739837
-
Filesize
15KB
MD5a7bcceef0fd2d961b1542d3ba3596859
SHA1955536c340a2486f45658c84e21194c4a327641f
SHA256a22de5b37128ec1b060199751a68194687ab0f65944b40375e7d4df02abeba07
SHA51210ea8336085cbb8d346bffe7d3f44d39ce2ab4c9ebb5d3e3d94b893a6b50de153696f6deda5038baf3d6b238c491493f5689959f912cc11e042b1ca7d4bb7bf8
-
Filesize
37KB
MD518a3b3b4d957d15ec0cbc2edf395b0d2
SHA1f25c7c483b66c4bcbdd107169339f45bf1ecc65c
SHA256d64db2f1a702959c7dc14b92bc102c359059d8f088c78c96e4be41e8ffc7a7b2
SHA51274f96d7fd220a1be4f2bb69f8847bd5b36c4a1e7da3ccf1b48ee6c27be556127af7ec471880e6d157e2358b4199e4031141853fd60f81e14113f2b9797513ec6
-
Filesize
1KB
MD5b0560750325a2672603f7b635de1e28e
SHA1cde7eca5189f0d5c3492a798fd4e0fbeb4765dd8
SHA256d5256695c71ffb4ae7fba470fb1bddfe7c97c05425d3e70f2f4875d192898559
SHA512e2d10a3eb3dcda72f6d5552e57bd1aaa78daf8424749c715387385d2e56e8e0834c509a8d0fce64fa410dd2b48d44bdbe6caa6d66f9034894d038fe0d4362bde
-
Filesize
1KB
MD555c0b5580290dfd6fabb8848298f3e22
SHA1abe97a30cd2df738554df7a5b7362f6f657c1eb0
SHA25661da47d8c0a6a34717be8b0a51c6b5891f41d4eed2f411e59d70fc098f57cffa
SHA5125bc0caf4383ace92894b6ed2f7d47713a05e4f4fdd8db4dfd8ef979c64fbf7a602e515b1768cd8db35676beaa894c46a88272e034fe00ac25e6e22e6be70ce49
-
Filesize
253B
MD5a62668b60bb1d1a68dda4f44714f76c0
SHA1fa15838438ef7692531256e0f29480a831883244
SHA256e23ffae34745bd3352042d8e0fa1e0b74bb0fe2396c998346350586b4fbce756
SHA512c49cd41be901c9bb76727508e8e4134f5956de640872b5b4c02d2dfd0c4a1e8b414e8c555046c586211e69a8f38538bedcf28e86882218b911200f362aeb807f
-
Filesize
4KB
MD5f20520f867df211a253c27a1dd126f8f
SHA1aa61e824db8a89bbe792c5ef374625f0d5268cd5
SHA2565792a8019eedc880e0e012ddf783261e046935a984da46fb92b857f63a0f5b5e
SHA512d3b0a264b681932a0e0ecf852de996b04c30231a88dd93faedeaf9cb1c8e724c50078d32e508bc23b6d1942ad020d4e877900c9cd3fcb50323c62e009c24513b
-
Filesize
22KB
MD54bc1068b1d8f991b45cfc0761192a9b3
SHA13713ba75b217b251606e3ba09b4130f347344976
SHA25642bbbd7e0670318974acf257a69c50f453fdff2e055e948ef3d386f9f4458f0b
SHA5128edf3df362bfb23545f2e46adc1f7026266bb32c6a2fe28445de75f526c1c469181f3f902484a414799c075d98b1543a7e1a564de2c91c7e2c47f3a9ce3e2e37
-
Filesize
880B
MD5bc1dee1e11be1f39653045e71a304187
SHA19d7c3a8be0d2a5b7c011a46610ac1296a9a69ff6
SHA2560c94a0d5172c70978645fa578ccbd50b17da3d91dbac756c05e9a95d33a5c3ed
SHA512b2dc2090e887ab118ae40cea82ae48a0d20555a0bfa58bb13349dee5e845041cbc4b8eccd278afda27bbc51d486ca4d64e081689c848492d8cc39423cecf2463
-
Filesize
469B
MD549cdd87916dfe1291b26999b5681c513
SHA1998fa3dfc88115802427914054f5672095ae2c8b
SHA256bcfd252a95275d34ad270c5587c7a8b73117a13bda1c1e8f0ac739896acee40f
SHA512662a7287938cac438792069db30c8bee758c29f93493f13f01fc1ff6122e75f105337e2696c9e3e29f9ddb78e4ab3103783b91177b4b53b45e7d23fd9f428367
-
Filesize
21KB
MD5e4dfd0504387a1ebcc4a48846e44a23e
SHA1a5a91da421e3d8728ae857694dbeb24ea72b7866
SHA256d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6
SHA51294a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
30KB
MD5e81dacc2c0678d0c3c20afa0004a1d50
SHA17f5a8d998a0ea395ab14deb6ee529ee2c003c3d2
SHA2561a0c9235fcc140964070685096e0bfe7e7f05a4e85fbaac27547942e6d6d1aaf
SHA512bbb47e393d4751e374857ec596cc0eadb2d1a93bc1e52409c25a0131eae82041181d5b2ace5e3b21ba7fb19e88fd0cd25c0f05e4ca9a01b41026d3ce0ff9b9f7
-
Filesize
30KB
MD53307496a876fc34cd83c886756ff4b6f
SHA1496866f48e31cef509e1745cfe7316cb40699e81
SHA256d9060cdc8fe90c392b814aea1ca0137b09d4d3d44b99a3007ab9ee94ba3d5900
SHA5123ddb1cb59a057b1ff81546872d912d0db05e838b775a591fedd0617b1d3666e820464297c9ebcd714f2c968d6757bc4498e00d2160b29e0c97e98c662d0d1c5f
-
Filesize
30KB
MD5ab21d1783736eedec062b8903bd7a59b
SHA1b117b6eba0e531e321b39d0577c9d773b6586986
SHA25606fafce5a63f0a9d27a3f05206f2cafc764920f870f73918404be73d68d03ebb
SHA51250c1b816f24987ed2b1f133dc01614dbd471d915e4517e3029d82b7fa9fa3c0d8db0069485835c7fe9128c55bf67bf3d79ac45812a5a47577f2c7e720382631b
-
Filesize
6KB
MD5420bbaf4c9d390b6a9dad89b2425d8ee
SHA178f4720b386aa60e4c9985ad2237d098da6c9dbf
SHA256a7d5e9ebc4d01b92a2bbb48ad2a355de79888fc6a91291f3c5fe055de2b9c155
SHA51207ebd3ac4d0367633c542b3ff9b2e9ab80d9424373d1a2033cab3d42f27d3bfbd6bf4744aec42922604b22f72b265b820575eed8d4097b3b9af49b6ef8534cb2
-
Filesize
7KB
MD583a7a400fe030a5c952f2263acc21784
SHA11c22e97f658c8c03dd7b96b5ad0dede843cca8c3
SHA25657f9b4521f9b7d1abd12e74bce958942cc3574b4d2fbf815e9caa03d307df266
SHA5127c28176b80b00ef8da2365bed58417d3ef8bcbfe3730e87f5d98a3116ed456228276da1c37dcd503c6a48760293882cf572a71c19f761fb8b7c99fa14df3577b
-
Filesize
39KB
MD5ea19b05f80c0648ef1d85d50efa50401
SHA10dddc466290202e6f8470ef59ba385c78ff2a7bd
SHA25674c643d2588dfc660ea44c173529af19accbd80010c4e0e9dfd1b1ed255f2ac3
SHA512b0305d88e90556fdae597a16c087045000885baa98706f71f16541ab521ad524b2a86abb956e27326a277ea9eff9a53ae47c917871a074e38d3a8f46765db8d7
-
Filesize
39KB
MD58fe4fc90a3bd1dc1209ce77820f7b8a2
SHA1fae14914ce2b0bd449067617dc3c0410c2ab982a
SHA25675f89b54633c36d2e79105d617700bf5fe9bcdd031b92cffaea3fccd49d15ebe
SHA512f6dba82dd6c9a7f240dcd85cff2efabe2c7cd8df7f030cd659ea9eb9d18dc92e5f3938ecc5b96987621c2323c4cacd2aeaed485fccb312eac647468acfa803a2
-
Filesize
40KB
MD58c9f4bdac0e67787633ed656881e8351
SHA1e8de02a05fc356889afbf965e4cbfac2fb866fbc
SHA256ebdf9a23df292e84f836a42ea8c72bfdf5b5d871ce430619082ecfd7831c963e
SHA512dbf92c5434be901a271ce6f3bddc780571a8efb92ea8d855669e5a894b7c23ae58790a357efb22bec980bc8d0be3f85a406613fbd94b105d9c5ab020b637657d
-
Filesize
6KB
MD5bef4f9f856321c6dccb47a61f605e823
SHA18e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
62KB
MD5e566632d8956997225be604d026c9b39
SHA194a9aade75fffc63ed71404b630eca41d3ce130e
SHA256b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0
SHA512f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd
-
Filesize
1KB
MD5bd24a9b61c16fd5cd0a1bff753445012
SHA15b932912572e033e2f511c7f47673d28b7476621
SHA256483bd7db160ee0fb1fddac8f79bcea9ce7456fc8da4c823f731bd235829e290c
SHA512eab7c9ef79d2ce7cf345187f0bfe4789d3b9d8e4d2e4ec7b26c1fac23c587b106a43c1f7a29615ede41ab0f60cf6e291bbeab0c5f1ea8c893b1ca155b0f37f61
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
23KB
MD51dbfc15d60c8a84a92c503d69f002e6f
SHA190aa4deaa542004a72c27fc0977ed8de710fad00
SHA25679393d824289ec314ca41edd8a34b91c8e895b7bc81c547453cd725f708c4db7
SHA5125db121a85ab6c0ba3c3383c85cbccc5070e62c97a061fa644da75b64f1c298681ba61fc721df200365ec46024d51624230ff47aba758ca58208fdd6173d26231
-
Filesize
23KB
MD53f70104f3f34865cbefd5b7a938398a0
SHA14cc34c7f89905c68a3f8e24810f07fe102c03542
SHA256addea7bb63059d92ed3591976bf1889c8daebd24299ae8138c371f06007910b8
SHA5121fb62d381c8a862ad4a3aa6e98c47130a748e38172d7bd87eaffcc1f0f5cb1f15c892f94c5e1de38d170fb20a3a45ca38ecbbf753c750e3456654a857cb06f9f
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
55KB
MD57e37ab34ecdcc3e77e24522ddfd4852d
SHA138e2855e11e353cedf9a8a4f2f2747f1c5c07fcf
SHA25602ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f
SHA5121b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
63B
MD5698c967bdf484970bd3d36c355379015
SHA1b0e98a788950eb6480a1d688c1da9e30baeaa586
SHA2562557367cbd09bf9e353917740a3c899140f68584e195c20f3901c92dc983c872
SHA5128d8dff9be9fcb79f20d449197e08bcce2a4ee64153b4d9f123ea360d8f2c622c9a2125b3892300f4c00041ced168c399717c763bfb347e7daf963b4c8b536504
-
Filesize
119KB
MD5c34452d71a9c62bb8732ce2583aab8dc
SHA197b20ae49381590321f851105190ff9295ca0a9c
SHA256b1f878172cd0056f139c620471ae8b8381927e7140f5e2d9c40e1f420610b059
SHA512635d7a9affedb837a326851464650b8622c0ef3a6d24256e1843e76604b89ec6631b731a38460031e811087be7d863723be9655472686121fbc3b8cb8c3dc01d
-
Filesize
38.0MB
MD5db97ed5bfed01500fc8030fdfcb81e3d
SHA179092c930b1a1a1624cfc0971bf6c7c9255c616b
SHA256cf1d7cd2f70a25f34e83056e221fe692f516c50407f87e19ea68b252446f46cf
SHA512336d31f54652c34010cf340c149d33e6fa4c220f5dca150f49ae0d6c1254db7fad3a5b0fd9ed456af12e1c6763720deb42ae8d265fc958857119dfbc30b7779d
-
Filesize
570KB
MD537cd2eaa39c40e23bc3ba4e0d1db1ce0
SHA1a9e34bd43469a328b4e93fb33100704b424cb382
SHA25609552b81ce6ae478e131a0ee0a62cb85083a54281efb45f3f4943fad843d1f9b
SHA51262588aed1a346efb154fdd72f9a654ca1950763641c2d373a5d68dbc06295a5e3ebc22ecce16a5e8a7922bf0c7a14c1c1c26367ab6d32befb578beb7aea706c0
-
Filesize
658KB
MD5753ab5a976e526ac58d39894545a89a4
SHA1ed6bf8a98a8b07e3fb63721ef819f003dc7a9a0f
SHA2562ab945c15c46a8f1f41c577868dc766a6c8f2e459086fa7c13b82195b1604695
SHA51280e931134ecd7bb446b509b5046cccb140eb134854cb762c4e17f389bf373bd18c718fb702a89877c25522a14f016c3616bab29ec1583c2ab9cc3a9dd1adf2f0
-
Filesize
406KB
MD5a31c0e576690edf8a855ce77a59fe958
SHA14ced205b021680312927167892a6054dd10c1be3
SHA256ce953bdec92d50dfefdb60c1d1206640fa962da068fd4662c947c4e270589ba8
SHA512874809f43e7711bb81d6bcb6dfa722e72f03bce56e81b1f4be84ec3d128d8c6041071ba4afed5a5a580803b315a95b92ddfc96cb28c03766472320662dc1cfe7
-
Filesize
1.8MB
MD5e7e328aba2a64bf58c9485cfc36fd9f3
SHA17a774288431d92dfe7f18ef4fe5bd5b6e514e625
SHA256adfd75b39d8fda760771b4c534571563e1db1900f93162ffea9133b207b822cc
SHA5122da4938f51cf1d7db0fe98bb0e173b52d3f183d879502bee381ca05a367a3d845bd85ff6dd2b54e7022b4702fadf8a10d47f326e0dcf8e2f47c0341c5b5d3ed1
-
Filesize
4KB
MD5f94fc6eed9f06034c26595a0272c73ee
SHA194bb4511887d5a3f9deadd449f4ed426a3440715
SHA25683c843a8830a91681e4f876894b6db93eb3378a3e6ce27c31baa705186b9705b
SHA5122951c1ecf8cbf5192bf144bde42166218ae0fc0f6385413c0780f40c1e153422a3e1a6a30c4730572749d61699c0a0aeecf88424a5636d1f6ceceb4516859908
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
135B
MD54055ba4ebd5546fb6306d6a3151a236a
SHA1609a989f14f8ee9ed9bffbd6ddba3214fd0d0109
SHA256cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5
SHA51258d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
79B
MD57f4b594a35d631af0e37fea02df71e72
SHA1f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
176B
MD56607494855f7b5c0348eecd49ef7ce46
SHA12c844dd9ea648efec08776757bc376b5a6f9eb71
SHA25637c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd
SHA5128cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a
-
Filesize
353KB
MD571b6a493388e7d0b40c83ce903bc6b04
SHA134f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
SHA256027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
SHA512072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f
-
Filesize
280KB
-
Filesize
136KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB
-
Filesize
376KB