Analysis
-
max time kernel
300s -
max time network
301s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
25/09/2023, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe
Resource
win10-20230915-en
General
-
Target
821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe
-
Size
239KB
-
MD5
a79056e7d41cb50cd9dcfbc6cdfbc4f0
-
SHA1
0066042afccac73edff4c63d2719c752a835cb7a
-
SHA256
821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89
-
SHA512
1174f42bfb2f0f51536c5cce521538e4c641589daaf42937f9967be72dfa8de0d91395d3e55947cf607d0fb875efc6485060a49141c746fed853c53d42b7c5cb
-
SSDEEP
6144:/146fuYXChoQTjlFgLuCY1dRuAON4G/w8y0:/CYzXChdTbv1bu7/w8y
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000\Control Panel\International\Geo\Nation cmd.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3712 set thread context of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 -
Drops file in Windows directory 7 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4948 3712 WerFault.exe 69 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AppLaunch.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AppLaunch.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AppLaunch.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5b781d5951efd901 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{48447C0E-EFBB-4CE1-BE92-C434D8A56928} = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3880 AppLaunch.exe 3880 AppLaunch.exe 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found 3264 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3264 Process not Found -
Suspicious behavior: MapViewOfSection 11 IoCs
pid Process 3880 AppLaunch.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
description pid Process Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeDebugPrivilege 2860 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2860 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2860 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2860 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeDebugPrivilege 4760 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4760 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found Token: SeShutdownPrivilege 3264 Process not Found Token: SeCreatePagefilePrivilege 3264 Process not Found -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1508 MicrosoftEdge.exe 2176 MicrosoftEdgeCP.exe 2860 MicrosoftEdgeCP.exe 2176 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 26 IoCs
description pid Process procid_target PID 3712 wrote to memory of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 PID 3712 wrote to memory of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 PID 3712 wrote to memory of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 PID 3712 wrote to memory of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 PID 3712 wrote to memory of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 PID 3712 wrote to memory of 3880 3712 821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe 70 PID 3264 wrote to memory of 1672 3264 Process not Found 74 PID 3264 wrote to memory of 1672 3264 Process not Found 74 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 2964 2176 MicrosoftEdgeCP.exe 79 PID 2176 wrote to memory of 4440 2176 MicrosoftEdgeCP.exe 86 PID 2176 wrote to memory of 4440 2176 MicrosoftEdgeCP.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe"C:\Users\Admin\AppData\Local\Temp\821214e489c8c2072bd1c9aae9e3e35979743876da47514dadbf751f5f547c89.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3712 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3880
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 2322⤵
- Program crash
PID:4948
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\14E.bat" "1⤵
- Checks computer location settings
PID:1672
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1508
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:3636
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2860
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2964
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:532
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4644
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4760
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4440
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:3424
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\045KAQ4L\B8BxsscfVBr[1].ico
Filesize1KB
MD5e508eca3eafcc1fc2d7f19bafb29e06b
SHA1a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA51249e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\15GBOP6L\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize4KB
MD524be8a92460b5b7a555b1da559296958
SHA194147054e8a04e82fea1c185af30c7c90b194064
SHA25677a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3
SHA512ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KFQB8FFY.cookie
Filesize132B
MD586be67e8d5074cf624f19d119f8207a9
SHA141cf7df2385e0d509dd9094c1424624ef175bb6e
SHA2560fc7c41e5af5e19e34c788837bd5d4939b9ba8ae9feb78ededf46547e272652e
SHA5129d5aa4b2c38c74efeab26e87d95977489e46be38aea6056ffbcf6eaeb854ebba35fba67fcbd1102187caaa84ce19682b7ce466b22fa3b6af61c7ac011d34a547
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD5b5eda74305a01c41450e0d12777199e1
SHA136162e9e8c3a69b237d317f7c300f11927a37c12
SHA2566e5c17b2b4e22fa800baa0eaf0b76ce73005e463b915503e8bca92223b9cf594
SHA512f96b2ea451f4ceef082e1289a7f1e160580f5a8d515eaf2b4df0d8d818c34355c17538806f873fba07118b5c937d8c3172721ee03e3d16126e07c0db5faf16f3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize4KB
MD524be8a92460b5b7a555b1da559296958
SHA194147054e8a04e82fea1c185af30c7c90b194064
SHA25677a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3
SHA512ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190
Filesize471B
MD53b7403306365b481a905b872a4a8fe8d
SHA1848d8b54a1b0fa0f473fe13bbabcb7872c0a6067
SHA256f7ffcd2b2deb0aafb5ab3eca136e1bfa6560686bf31f6982afeb0535dfd70bd7
SHA512bb40f31f256d4635c9ef00ef2eb7f6d959a262e55e8028d2d009073b74979900672073db15b2e3130b551dfe3b770863251940fa13c49375b8e18c5be24fb2a9
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5036bc08bb530042e4735b12881f91feb
SHA16dd40023a7572b16dd60eb9dc9e3b55686d3ab11
SHA256645f16690c7f71c7f3093d0a2341ee35708eccd14d9e34f1a9027e0308f65330
SHA512d0512330581aa555b5fd9550572334ed1990ce14aa8002001a35e982189dc1dff5cb6520a33f4eb8cf29e602146ec01950ccf4b4b8862bef6933b5fd12a57d44
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize342B
MD57c73a4ebbd833ad986626458592acc26
SHA12e5694afa5fe2f94eb87bcd3d6fb764a1eb5b9e6
SHA2565d1c33017aa714c5716269114018a6abac6f073e36ccae6f362569edc018b41d
SHA512a0f9f84f3a27b834802c50f984c92856d291600a22990d41480b1a54063cc72035570a7f5fd75e76f923e4affaf5bbc980ab47e4608987f04b643ff20fbe0af3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD5047542ae90a89ab5535c0798a799eb3d
SHA128d6a04785dfb37c46be86fc7198f7bf3618810b
SHA256d722cd33a950074fc94bb895aeae6c6cab3eca43fd70fd42ad430291efa6581e
SHA512c88af35a8f915782043c053162a7c2f476ddc98f51c0ef2c1e82d644a3f1073c5ae999782cb95f5cc48b1097fa2dbb5fb67a714b756fc26635c0317acdeb756a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190
Filesize406B
MD566573deb2148aaf1be6431734559a03f
SHA154a1c085b1d190026fe57aa4f90e3cca0f1efe73
SHA256967622fdc53394e5c18b7d4608cb14e4f1e6925a3ab62ab6f20e026b6aa51149
SHA51278cf74acfb36524f9b96d771621cec3bb0eeca28ffe0d8f3d91d13a82af8b975a65e5e683cbedc10b696a6560558e6e90f7e93739d9e7616e33128525e2e5b47
-
Filesize
79B
MD5403991c4d18ac84521ba17f264fa79f2
SHA1850cc068de0963854b0fe8f485d951072474fd45
SHA256ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f
SHA512a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576