Analysis
-
max time kernel
165s -
max time network
183s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
25/03/2025, 16:19
General
-
Target
http://onenotegem.com
Malware Config
Signatures
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Checks BIOS information in registry 2 TTPs 10 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 7 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 13 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 11 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 59 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 6 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://onenotegem.com1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x254,0x7ffa3075f208,0x7ffa3075f214,0x7ffa3075f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2056,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2504,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=2444 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3512,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4108,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4168,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4276,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4460,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4424,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4204,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5344,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11323⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6484,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6924,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6920,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4252,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4684,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4656,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=4216,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=4672,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4348,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:142⤵
- NTFS ADS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4100,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3492,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6040,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4364,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7368,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4140,i,13729700649574105781,10854021856417387320,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
-
C:\Users\Admin\Downloads\NoteGem2024\NoteGem2024-75.0.0.355.exe"C:\Users\Admin\Downloads\NoteGem2024\NoteGem2024-75.0.0.355.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-03SLV.tmp\NoteGem2024-75.0.0.355.tmp"C:\Users\Admin\AppData\Local\Temp\is-03SLV.tmp\NoteGem2024-75.0.0.355.tmp" /SL5="$203A4,15998778,121344,C:\Users\Admin\Downloads\NoteGem2024\NoteGem2024-75.0.0.355.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\is-VL061.tmp\_isetup\_setup64.tmphelper 105 0x4EC3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx86.dll"3⤵
- Checks BIOS information in registry
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\NoteGemx64.dll"3⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\OneNoteGem\NoteGem2024\Controls\MSBCODE9.OCX"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe"C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe" /Dsb2024inOther3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe"C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe" /AutoFix3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe"C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" AppendRedoFunToQAT 20163⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe"C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe" /VERYSILENT /SP-3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-DD1N5.tmp\me.tmp"C:\Users\Admin\AppData\Local\Temp\is-DD1N5.tmp\me.tmp" /SL5="$7040E,287835,121344,C:\Program Files (x86)\OneNoteGem\NoteGem2024\me.exe" /VERYSILENT /SP-4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe"C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemFix.exe"3⤵
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe"C:\Program Files (x86)\OneNoteGem\NoteGem2024\GemTools.exe" InstallDefaultAutoCorrect4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD59a125369e4cc6ff6b8e9fd92c9c94fd4
SHA1d79aa5f8c056390bdd831e513427be8b851d88a8
SHA256f067e7142ee956c3e4c0c4db7a4f05055e4e259f0c99953bcc950620772cd3e7
SHA5123629246c4773b8434105ddb34e08e170b0d9b2d3040c1845cf7fa4c25ed32f2f643f92c989de674f9fa353ae5a8a98c7f22a8137843af4b5c67858db715bb26c
-
Filesize
49KB
MD5fb7be4b265cad7aee7219ffd782d64ae
SHA18fa2197b3f3f89e2c74116a3392a4a15cb127d30
SHA256e8dd70038639fd041567e588b3f81318d840953ddb6049713b71719bc35a13c5
SHA5124c3f2db4a01bea89262a5c0edc1afe28c0d0931ec6fa1271ec5361028409fc87fde334a9c3ed140237d22dc7cd9908954c6fc8c2dd73c76ae246653bacc8ed70
-
Filesize
127KB
MD5960a73887d51ef0f768cd9bc4d297ef3
SHA1a905845dc805b6b2644ed2c4f1924cf802a25da8
SHA256c5526c75dbff791ec898418d270331fa27e91d6995cdf44c1f1991dddd98089e
SHA51258ad04d76250b0d3f7a9c8bd0d7f2880b19b5a7600edeae527800adda147dc76c1f09c3009f0a2d66062cd4d9468f98ba63fcdb1ea763bf5e47e4fa4b2f32d38
-
Filesize
750KB
MD51c3d7cd25012852e860564a0cb073e30
SHA12f9daba995479da4490e36e240aaa4a2f5654716
SHA25616f61545f0e1f4c03dda10ea3666104fdb07b63bea04c40915cf2fe680fc1dc1
SHA512f1ef35bb32fd8b867f73825d2a42faacf1f7c43006a65a8ac31514da4456f92a5105f55cbc376c7e4f76ceda7105001850d007a522149b78f4763576a4660e7f
-
Filesize
3.1MB
MD542fb4282bac3e90bdf15aff5c45438ef
SHA155b0a13eb17128f5d100b9f9d18cd0e136665b18
SHA25670ff9cf6fcf072a69b6dc3144dd240002c1b3a08987b9ff42bcdcb7112c6145e
SHA512b44e40de7d18fb781e681befe557b0c02f947d4591472e19e8e3074f848162097285b8bf52995061926a8956c62c25bfc04bcf4545652969a0a96488c754fd2d
-
Filesize
8.3MB
MD5e3ace15a5bfc1543be9dde65969a8803
SHA1781e2ca504a0f9e7e9249e6c2131ea066a54c6b5
SHA25656be8645b8c10968312a7ee9b7c665315ba80c3f0e259932470b03b9fdfe1f2e
SHA512f8e976d343bde52d79fc7d772c8d4c4096b976b58696162c1aa20093a73325d88a3764e7ace32d7f37a70c0b626b38e296dc25c5dc4326a44f88b79aee86e8d4
-
Filesize
6.1MB
MD53a87dcec7b6e6aaab8a02d6405e9405b
SHA165a19fcfe726846e754da83578522b777805488a
SHA2569dd5fca5d6d106ce7e8f69d2b23880653bdef4d7226cd02ea6144d2c2ec7f32c
SHA5124393bc2556ec2d7a2bcc24db05caf02e3b1a6bec4719d994b534d43b4cf421b0d9addcd5836dde47e507bee9c82d28dabb0cb011f0b5e91eeb512994f9ef8ac4
-
Filesize
5.1MB
MD55bca6ca1a7fdd1632b543e86c281c255
SHA18b02efaa5aca0554fa2524d6058b9d6f0063eceb
SHA256fd13f09c5ae73d188b0bfbe9c9494a79696b75a9cfba0f296939f19b9be7a4b4
SHA51253791901c107096d169e3572490f7b59403fdf01acbd22871c8d1c56d295b1744e37edb437fa6305889fb551e6148717a9a1884aa8705f0745b46900c04a9e8b
-
Filesize
138B
MD5a907072f1b72ad5243161e9e90ca67c4
SHA1caf002c7da938607a45607724a81d81190c28004
SHA2564f3e118cb677fba51ce3c8c3a1bf93ece3502a877eafb857ce560b6035613755
SHA512a3d26e9ee70670a36f83098fa1db68d57f6f1abafb2c17e2eca20ecc515c734475c56c4c1be4b71eafef21f7ec31ed3cf25dfb4d115993f0cc0cd4fc47459ebc
-
Filesize
140B
MD5d49b27c3242abb9e5cd71dce5673e0c6
SHA199294592049b196830fce85ac410b8a0c939f947
SHA256b311da0583e646c454725d98cf9c60037563daf3344a40ec33c6f00b352f9239
SHA51266040852821b684475e0a04cf5f573a98df7757a26698e117f86c726351f7192e4a8c3c5b8bf6b7094cc4c72e3988aab1ecbf2cd9630ae8b2d1d4cdbebe0e4c0
-
Filesize
140B
MD5c6966cffa094deeceecc7a2a673b479f
SHA119b4d084e39222939893caf7c859ae5e5caa6763
SHA25617861087196c64b0f632f210e7f8506be4ac37e11eff95e808c4681a07a0ac16
SHA5127086d03ee55f370a3158fa5f67d8c46a5ab342beb5c827d957fd902e04eb513b1c006bf56f1b477e07815afb7dac1fddb660c79db5644095b4a3cb9311885fc0
-
Filesize
140B
MD5fcd425caf7e35ee51ee8f50201f4f3d3
SHA104ca5b5c5620371d4f4d22abb072705430aca306
SHA256ab4115272a235d32391eedb3662fe8d43303d86708e2e3de420ae3d3abcc05a9
SHA5126d000edef078a6f7b61c03e303fd5e1d16e6888b42ec2b0b59eb3cb5a82472a3cbb7cfa395a475b653644b005e883652cf20b1fdc8363da6d2ee579fe1857cc8
-
Filesize
140B
MD529922e526446d6b33011bdb2ae551d9d
SHA15e478bb89ff9e2c50b35ff0c994df141a289f063
SHA2561009249d466d643b46a8ca55b09d8a035acf1c32edca95bc42e9037c66ef521d
SHA512e8ecdff6c44951cca0991755b76c9d5ee510ea05211da56e0b0245c26dddb83f33bd7d63cd3d6db8d8d6a2ad9ee0519eb09b31d60f8d6dd31c60ad9fca134e87
-
Filesize
4B
MD5c2f09542b6c7daf4288f3524c8cebb18
SHA19430b21baf07f0d105b9ee5fdd9f868418454517
SHA25655d7808233c58f1606fff77eb382a02ed729bf5d8b2640fb313d0f7c91e970d4
SHA512dcc19cfbc78b78708ce2586228424194f846d80b6d072045baaf93559d20f71e809a4eb57e7dac3b4ea109d90aeb585d0b5438dc1dd7d34054c03aa6350d6672
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5ecf610ffadb6b05b729f1fb747c925ce
SHA1552e136d3b35f6554388dbf3de27cc3f13aac1aa
SHA256e60d57b0c686fee38e691bd9736e26c41a31f3f058f68c1176c0a71f8108abdd
SHA512ac191b7ef1e260e052031443b9e97b79824c03ae79dc76639317c4f3c70c33ab7b3239cfcf38ae5ed803adf4bb011bb9a9973cb9ba1787b91de2c171cba803b5
-
Filesize
280B
MD5d078e361e0ed3a9230b38d7f87140520
SHA1235c905284ee451b6d19054ce804e8e02a4dceaa
SHA256c568a7aab912809de985c73e6f662c91cf29ef7e6d91ef6a2ff03989f0894338
SHA51279eac09b34e1b2274901e9114c16212b608d4ba2c8875e000b77b6cab80578e25ad5c8020ff0f32c4b57884c7bc41cc494b936b4154f5d922ebba3e6457ac9e7
-
Filesize
3KB
MD59e6c984fb5061f22db9b9b3a239688a0
SHA16ba9bbdb05ebb1c751fdb9cd281d7f1c1d2fecd6
SHA256a95c8d7640d9a8a0418c26e672d4e2acc8b16fa9f9a157cdd4a5b2ea7738f548
SHA512a1efa6818aa9fd8a56d1dd346adf025e8682326e7cae7dbbfebe8f70c655326f17ae66dd1f9839c7b922ede3488c86fe234acafb30906a698418c65724255a9d
-
Filesize
3KB
MD5f7473e46366d31365b5f49a27de3e415
SHA191587d5e73f3c3dfee5c778a532a39fa64b425f2
SHA256b3dbb3bb2fbd84adb6a343c73ac7c1f54591733d0f26c92f08b198f6e6f74de5
SHA5125b5080a837beb1955f26b50930c071f2bdd79321753112838c57bdbaa54d2ae2f7d93144b9842a459d8b531164b84d9fccfb3222e2dfba343c7eeb97915c34c2
-
Filesize
3KB
MD5b785af5f8877ebd5e4af18482ab085d6
SHA12fd472769dd3a3c3a06745203180bb9fd742984c
SHA25607c00e858e5baa532c9080ec553f965c284703bb64792849749af8c240c70663
SHA512398e921c4eb6d3d8165ec73f9506b4f44c8a29156d741f926e3919d4575777c1dab6a405d74cdc6a11d9ffd5ebcdaf4a8e5fe272748ba622d55aba77b39e3366
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD5957c7e27ad1c7c10622f0559275bac29
SHA14e40fb11ad10377f0abbf2b0266d1cd1a8b98dff
SHA25601a61b5e002f2e3809dae5f53097c0009ec2cdbac7bcf1b18ba22ddaaf38ac3f
SHA512455a13bb9a284c6e913131e6434f5ab86a481c545032b91156104c8018596bc706f9cfe6c8d43f28db265be73be7b0fe93acf2c304e6cf1a7badd3832374df96
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD501f18f2563187cec6274f79bad2f4c36
SHA1354c25b8954f8b099ea4191455b38207bc1837f5
SHA256609c9cd43d63db165c3f697b1183139fc9055634be14d897a84d42e1fb660a8a
SHA512cb73c1cda615b66220f52c5da546d5b9b685f01337cc6a730c13c16ba876ec9a00ffe175d38f1a4bc7753656f0734d292802f82f8f4c9b3f9ef47689f74f493f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
15KB
MD59f7886239ac90a4186ed1e53b5b06603
SHA1b5806783e27d079631653b417214bda9d7c3c41d
SHA25628649d6db0e9331ec1076aa77de5e4dd0736168c0ee1341b021bdd8906b1885d
SHA512058d483e7fa595c5dbb2581c6d0e2e11e47229c2aa4b8128b1c90c9caed3159557f95ef2fe6bb128769bec2279debb8e19a8acf262bbd3fd24048da74818ac5d
-
Filesize
15KB
MD5bee869c63c4af7f29f14ce47d6b4fd0e
SHA1348d3780535898535f2978798ad46fcb014cfe1e
SHA256910ea3b90ef4e0d4b84688e56c3978adab04855f73d91c1e2bb2a1af61a74f32
SHA512fe2730372e55cf6306c215afae132362e1aa27806d4fd6378a773ae73badec17b882367f20c94a059425dafd6067b090275638322a1d16b3a7db0b66b598bb11
-
Filesize
14KB
MD587310c2a7cf03eb696b3e11fb740bcbf
SHA1c21c634f36a20f1ba3d4e1f623d15bbcb89c6e39
SHA25635bfb72314663d6f3f557b1fc1e0114f46754077b28a7860177842311cc9b597
SHA51293dff3a04f2c892fed835a388f195d393e2aed23031ed7316f1b46c5c1464d78257d1721acf26855a46d35e71dd42b2127b8f1f656fc17f19e5ec81a2a525f89
-
Filesize
37KB
MD508fe630b05a49cdb79d162e0722501b2
SHA1083e86c3cc0b661e2a84b9ebe4a6e6a4e37dfae9
SHA25662da1512131aa129388b14a0ea45c92b70084d1d428fae5ea7ec8ec192469136
SHA5125ec33ad74bf6f4ec75cf80b0423cdf21322a7c2b606b0f8d1b068555499eee393675e794378d329d8c8a2bb4e4c7a3f9c337dbd1c9fdd546d5c5dbaba7cbf635
-
Filesize
4KB
MD51afd4f4db0d77525e522fa1a5a96ce90
SHA17fd9ad1521c794dc1c65dc43100b87342cb01d42
SHA2560b40949fa2c61aec23ac0a589cc75d2ffb8a6792ec3f3e23012a4a5c98c15446
SHA5129ce9e90d46b9e8a0ccb0b2e4aa828429abebe72808bd349f5ece93e0155668a13d4be99e6f021f28090534927ee6dbbdcb387f08a3fc4b3913423855692f0295
-
Filesize
21KB
MD597ffbea42e9a0795865f12dedaa14292
SHA182b1a9a09d849ca8e55914ceb05677991729de10
SHA25684db83a7515ea99283ea322d6ae8a7e806287e7e98771a53a5d0e3ff362ecd16
SHA512884e56e3e7419a5ce22725d8b39b6d9424c882185762fe6ebb3a5c67d65e87b846ecce8a26491019acd3ba79641f489a32e20e2c7b99576315352cca1f5a13a4
-
Filesize
22KB
MD5d3e00b740a145b8d76ef163b1a4d74ee
SHA1df8ef2809140abf121c4ec830dca72b82491d5f8
SHA25642cce6231f6f32b73f30f31212934f8c09427850a675fb10e8da0f192499fb28
SHA512a736bfe8d3b3fb939414fec1433d5ac2727fb9778401b48d960e4d57569f86d858e95937b407a68279f1d800b799ad6c3c79638c83ef76bfcb4dbd28903fba99
-
Filesize
880B
MD5b64c18e5fbb5302a958a57528f2000a7
SHA10baa40c4a499dc3bca94d67fc21395a9f717413f
SHA256b6e112b65f7ff65c14cdea2f1971eb7c53bbfd4dcf037eccb91fa3d9f734eca2
SHA512b4e6e345874ae7fbe350aa8bb1e3549d9f745292b7ad60f9fd09633e82e76164ce60fb648564402f9bb84e68fbe3919be8228a47caef6dbb9212abccb5df45f0
-
Filesize
469B
MD5a6ca99877beea8cde189a85dc0cc989f
SHA1f93f77e2882c628ff82c889cd1eb3d730cb66b40
SHA2567cf1e904d15c1dce45463b06e612c5b91c403cc81c051dcf18ba3aec2996c10c
SHA5121cce6e76004b5ce11c183c40f4218fae5d30b2ae49a42441b0c0795c7e26c5c5cc39ecacba91d95a448ea3d2715cc4161f36ce54f212fe93c92e509b5aa94ff6
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
39KB
MD59d41e376c405f986197a078d18f27037
SHA1ee8457581273aeedcf139a865bf708869ea38534
SHA256717e745b6bf61b49baf25be30deeb6711c69c501bfd363af40efe3d793d34c6e
SHA51256b1dec18c585fcfa49074b712096ab24e91dccd7058036716d379eb3537f3cd7ee72b837e0f09adf4e70db05c0821f1eecb9519c19822866d1b7116ce293c6b
-
Filesize
6KB
MD5eff114af73cd71f62d2e8a9bfb12b098
SHA1c5757775f97128f377cf9bc7c6a265493c0e572e
SHA25665b82eb68b551d1327088caad4e0d362375ce4c038e3b54e838da098870bf006
SHA5126f0b9f8daef21e01f79fa78ea52e366973311b94b447c77a67b7aa3762989dd085a1b4166e5d85178b827081e6ee9404790c72da3afce09389845a287fa19111
-
Filesize
30KB
MD5f9e8ba3a6d7ea7bb07142eb7e3e1184e
SHA1d75957a6b0eeea00a04dde6e4ab918e6b0b738b0
SHA256b82b402ef7e4b054c6a65ff0a2daf6844d138f2f77cb012990018b83152651b3
SHA512275b932c34af08f3d4f905a5d4dc40ffb0f8ea3247eb1d9a227539e93085c1336e11b3fa63d796340c7d06a1ad99739739adc3c36b69240170e6a7822f7119d1
-
Filesize
30KB
MD5aae6d00817ce4c4d8dd20326974989f9
SHA10068be4299e13ff880dadfbb1dd20d2f00905ad9
SHA2561149d4ca066e47aee94ec7e55373df51c39c0874583bca6ec4e8c344642c7f04
SHA5128801ef786fce53d66f7cb139a3fc71bb505cdf8b7947150956eb73ccdf62b1fa4f163358f603c6098f69f845d33e04f359afcd97a30309e0ed4dec9754647313
-
Filesize
7KB
MD51b580f468cb395f36abc45b0c76ad9d4
SHA17f07e5f3d57bce5de45291c5cc30569167c91610
SHA256c2e0926ac7cffaf5cde79c7446c82836201bf8e13a11e520c47b69677b44204e
SHA51256a76bb885e1542dc953b56340ea26e50f33c2dc52f75b3bc4df0d77ef549f78d6f657641fd6698c0c06236361ac6c6bc5f0aa4330f326038e3c5157fbf57ce4
-
Filesize
34KB
MD529ef7f1bef65c29acce2b1f98dff8e6d
SHA1593ecfb3f48d6a49ad8a2d327ba9d7a730bb1071
SHA256ae43847f378ac590e933fba36daec960028b0a57cb8250ad013cded7afebef52
SHA51227d3d3c348f17f33a84533537d3ece2d753405712da51981f20bb706ce1ef21838467bd96ace8b5e6d35fb4bcedd2980903049bf284e533f186b014da5bbb22d
-
Filesize
392B
MD51704276561abf43832cac5b5ddaa4d8b
SHA128bb5a830fc7801a481df46754d6e2c790e92dbf
SHA2568035a37b5aef22caafafa6803c9f55800e86e9d541c70748e8b5f3a5595ab1c6
SHA5129976737f7430b944634c627384aed64adda84d2e19882badaab1bddd1de6b171d9a5207b45dc9c81cea1d4b817aeebb9fd30f0773c497d9e4a7a5d2112b2b172
-
Filesize
392B
MD53c66db2cac90045a44e5b3ff9aafa48d
SHA1d0d2141cf1fa2cc0972f998199f16814aead0c1a
SHA256524742258ffc0e2f87783eca4c8153e36511348fde909e5d0f2f0463e8727906
SHA512a4a0d1ee24a19de776d18e5cf93467ab4411d197aa38efc193a6a12cc27188d22c4430ad1cd34ef7220bdb29c582349dbcba4ff19b8af3cdbbb4062f1a1b07c9
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
1.1MB
MD534acc2bdb45a9c436181426828c4cb49
SHA15adaa1ac822e6128b8d4b59a54d19901880452ae
SHA2569c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb
-
Filesize
6KB
MD5e4211d6d009757c078a9fac7ff4f03d4
SHA1019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA51217257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
345B
MD5beca0c1aba6ad9c7be31132edd717a0f
SHA16f39ff8b5917c4a5463016bcd562f812443fb2ab
SHA25698d8c1919085511a65eb30463df95f2cab13787da445225673affdd44d67f277
SHA5129b8d0bbf473a993ada027cb5ed8aaf050c5cde964c41b2d93c3944c5ac8005137b70a0c82861c18ae62cca5f438344587de77431473a785a91a31549cd6eae59
-
Filesize
15.7MB
MD554457faca0bbb4931c99eaaf94756112
SHA1b1f2204f350deb236b4a5fc51b99f49567984bcd
SHA256f7eca5287871522ad74bc9cc89e474ae8e993be04865ee0fbf9606106822ecd2
SHA512e1756ea6500c6646bb901f9d856b2ee474c755c5082400bd7a5c0b47f05164439ec9001cbcc5b2c651eea01603474e30200cfe84dbb0a76c045d8f27651daf09
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.9MB
-
Filesize
12.8MB
-
Filesize
12.8MB
-
Filesize
12.8MB
-
Filesize
12.8MB
-
Filesize
12.8MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
1.2MB
-
Filesize
8.4MB
-
Filesize
9.6MB
-
Filesize
2.0MB
-
Filesize
60KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
160KB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
4.7MB
-
Filesize
2.0MB
-
Filesize
4.7MB