Analysis
-
max time kernel
1793s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
21-02-2024 18:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://file.io/fgXDCar918Wx
Resource
win10v2004-20240221-en
Behavioral task
behavioral2
Sample
https://file.io/fgXDCar918Wx
Resource
win11-20240221-en
General
-
Target
https://file.io/fgXDCar918Wx
Malware Config
Signatures
-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
Processes:
resource yara_rule behavioral1/files/0x0007000000023164-269.dat family_lockbit -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid Process 4612 msedge.exe 4612 msedge.exe 3820 msedge.exe 3820 msedge.exe 1056 identity_helper.exe 1056 identity_helper.exe 5380 msedge.exe 5380 msedge.exe 4616 msedge.exe 4616 msedge.exe 4616 msedge.exe 4616 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
Processes:
msedge.exepid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid Process Token: SeRestorePrivilege 4180 7zFM.exe Token: 35 4180 7zFM.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
Processes:
msedge.exe7zFM.exepid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 4180 7zFM.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 3820 wrote to memory of 2608 3820 msedge.exe 80 PID 3820 wrote to memory of 2608 3820 msedge.exe 80 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 1312 3820 msedge.exe 82 PID 3820 wrote to memory of 4612 3820 msedge.exe 81 PID 3820 wrote to memory of 4612 3820 msedge.exe 81 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83 PID 3820 wrote to memory of 748 3820 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f30646f8,0x7ff9f3064708,0x7ff9f30647182⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:12⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:12⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:12⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8620 /prefetch:82⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:12⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:12⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:12⤵PID:5976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:12⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:12⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:12⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2414645772758838122,2748499979311358102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8676 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:572
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x518 0x33c1⤵PID:4548
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6028
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build.bat" "1⤵PID:5544
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\keygen.exekeygen -path C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build -pubkey pub.key -privkey priv.key2⤵PID:1572
-
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exebuilder -type dec -privkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3Decryptor.exe2⤵PID:5928
-
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exebuilder -type enc -exe -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3.exe2⤵PID:1008
-
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exebuilder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_pass.exe2⤵PID:4288
-
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exebuilder -type enc -dll -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_Rundll32.dll2⤵PID:2172
-
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exebuilder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_Rundll32_pass.dll2⤵PID:1224
-
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exebuilder -type enc -ref -pubkey C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\Build\LB3_ReflectiveDll_DllMain.dll2⤵PID:1392
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\LockBit3000.7z"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4180
-
C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe"C:\Users\Admin\Downloads\lockbit\lockbit\lockbit\builder.exe"1⤵PID:2352
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5d68c46f09c4d88f7d309c93cb71af6c3
SHA155d89421402d536e9eb3472919ea07c8e7594636
SHA256f7d0b62fe5c25bd7db6c1d0e54ee423ba3b89a8ba717b81a4e6d98a499f292d6
SHA5127e9224895047a09181dc6610d5639ff62fe293997538013e5826ff2ee2ce0abb9a2e37a7d37a83fdef8153c2b2713a291fd4f99dcd8a38ebc1c623ac4a9bcc66
-
Filesize
152B
MD5360dd5debf8bf7b89c4d88d29e38446c
SHA165afff8c78aeb12c577a523cb77cd58d401b0f82
SHA2563d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA5120ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542
-
Filesize
152B
MD56fbbaffc5a50295d007ab405b0885ab5
SHA1518e87df81db1dded184c3e4e3f129cca15baba1
SHA256b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b
-
Filesize
640KB
MD581af74de3745678026a078995862efc3
SHA1825aae9fad6a013181775dff4ae4741a0076dac5
SHA2567679d913122be23fac272ed3102034e1d9360c4278d7a26b99160776077b0861
SHA512a9e5ed555621bf6ae9555a1cfe8ecbdb7881f4aad1ec2a9f6b0fc38a4078697d76380f2b4e51a677a83788ed8652fe30d872efcb30da431d56d921a91da48c03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1008B
MD56a3bd6b783747f845e30bc949daf4b94
SHA180fc9622eee9eaf54c034e92e9724ec3f4af54e2
SHA256455e4820b3b73fc58c965f38cdae1074e58238d1d1d13e1e5ff2e5602e8af45a
SHA512a8b360d95d602a240ebf15ba177f3bd33df839d7cfa98ec2a278df1a256dfea6140bce09fe5b6bf93302d29acd0ce6c8c38c50157a2aeb2228bbe8c7f7bb1d10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f1ae34a543962c117e52677f926d926c
SHA1f3858760162195a3907ef41474b94f282f5d8b64
SHA256424e3abdffd306a70bf8ba7835fdf042bf8911c76d4bd637ef5f13992b4e3689
SHA512c50492f8b1969a68a27d0adc249ec10298d83778fb0cee380823ffda313a54b2f1329fc3b4a53439e9df5cd3021e30ae13b53143add9f084381ad06171d5ea46
-
Filesize
5KB
MD5ea7f9e01a0e99d09a44b643000da5283
SHA1ac31d004fc3f8de2c4324f7f1d632ba4069cfeaf
SHA256067f9ebfd9537aa577a1fbaad72263953fe2121d50fda47497dbc411f9a07db0
SHA51299210fee25ba1edbcf7b22e737f02df7d3d61aaf82824117a687b9714cd8cc87b389431d11de4a80956a73f9218b3f5197acadf6a102acb51101e9b1ac532c3b
-
Filesize
12KB
MD542271aa221b97f1a58eee98c6ca0455c
SHA13222907e18c60a899990ca04d36a2880b18957d8
SHA2560bde11174392a0b5276ac6b3ed1a86874eec746fc7c19833e4f2b9360506f6a2
SHA512f78c5fb572ca178c7b48be43ead60fc15d0934da09584e7b14058328b3c890fb4a94241c65ce35fa88c806b2cddb57c69069c5516fdc7461a236164ab310e568
-
Filesize
7KB
MD53e0916eaf75d86a7e9d041c62c2d0f6b
SHA1b7e3baba107718cec40f59c155fcd6ffe4491964
SHA256d4c131315a1bb4f73252616e75f2054e4db4daa787babfb6f10d834bfef9eb6d
SHA5123fc36ba060cead7f0225235f0f21d203720c3ec4a95008f6d719473084868a1f4c430b87c745146864b6cd747448b9b5c7942bab9072191053ca6d174962cfcf
-
Filesize
10KB
MD5182de97533495c02bdd936a57a8fd7d2
SHA1faca3d4ce74b64da8648fbe0d58edf608de7dad0
SHA2569c4515e1e8ee9f4d7a731db0ab7fa5f608eeb434ceaf5bfdf3c96ddfd18f7774
SHA512c0e91f1c4232419ce40f45e2cd6261eb01684b5dc5797feb739ae15d5155430b2ab73a8558ab2c76b199582fa8aad215aea726c2a6fd935049c3f58f2d6dcda6
-
Filesize
14KB
MD5717ea9c367e03bfaf992d07cf4c667e7
SHA124eee16f69a9af796a2690dbe3c3933a2c7b43dc
SHA2561d15ba6b30f8c26ce15724984ecfb95c89d0d1c8141b37957965b8be27f7f373
SHA51212637cffdaa42b6982e3f61b365398c0f6b31610579b771bf4cbdb5e8ef73858c60cb1f80f32aad30764d9dc4e5624fc36bc726f3046f85bef595dc82c8f7d85
-
Filesize
6KB
MD546f7c7656dbc22da5ea9d38064b2ea6e
SHA195c8bb646f2b1b981d83d148811418dd10d1e631
SHA2566d1c29d0d3c72db8cad01ef2faa369adc307c6ad948003909ba3cfd9eeff13bb
SHA51286c16c8865bb25556d8c9c049eaa9764b09737317e9a750a649e61eda78a6b9321e9849bb8ef30af506847ee15c88bde5c8f6a60d6fc100dbfbbe147e38a30aa
-
Filesize
1KB
MD5d172ac56d1b29e5e1f416d64a6b4a3ae
SHA1820e97c7635dae69f86f7aa0666830549ad7d95d
SHA256070f9755f93058d031a4f65fb0c1b690154eff9ba8e7e6120282e1d97ea36389
SHA512dfa1e7bf3537c50d1576799a6df3215199a7ee276aa89d13c20289f0a35d7a15c0afc5cad2062ce166d779b9270cba3c306dca53a8141f2797e24c4d1a03832a
-
Filesize
2KB
MD55e1a7c9420445845fd9399029abc8e66
SHA1cbc21b6b5a04bc067f79f44206c6951ac93c6bba
SHA256197b4156399a3ceb80ff5387f1ab51676852f70fd443d687302d13c32c01b672
SHA512183299ac7251f5057ff248bbe34282d2efc99ac5e4e5f36c192ca503ac3f9a0900330e2b9040fbbc9515a3c44dea4519de66cba354b57e382922e736192fc8b3
-
Filesize
3KB
MD501f11385e5ae8aab13fa6c1a3e606a07
SHA166aa972a3c25e2c30183654a8a9d6ab04305283c
SHA25631e39a4edcf261108f0d388b6c18708d33ab331f153d76753c35abff3e6637c4
SHA51261945f7b9da21b795e89e9fb0d287fa54f52cac049fd431a6184a5d96abe845e1fe146bfeb16729067c539f7c8ccc11c03358b445e47ad9b3a7e39e68d77afcb
-
Filesize
3KB
MD5e28552e250a1fd25f2203e700dfdfd1e
SHA14cb0a142fc2f2c0177ec355ec1099999ec54d14b
SHA2564b2f31dbcd0ae3ba8dc51f2bffdd298eb6edfacd1a003900902a54281c351768
SHA512f4ed98dea4d7fa8920616fb62b38edc2581d641f32bb58a976367f6a95bab96980c5cf474e2b35ceb918f03d3afbccfd6b0bb2c8f62cb79dcff0532cf1962c17
-
Filesize
865B
MD5d46308fc32c548edfa21f51229f79d8f
SHA19bcdca9da3905212d165e7e22b4d439456e221de
SHA2564879795f3d6bc3401fd3ea4dd5781aba21e6d64ba0e4c46e7ece19598ca5ba5d
SHA512ac549e8d8208e76c8b185a0714e24f50665cc25f949a5da761e88a92538e4a45d651b05711ab12370563807d46b8fc346286f55659e1733522400d77873bf3ad
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD59dff3aa97841ae68427f0cb672a3ca70
SHA152cc646bb0a72c11bc0bf109f21bfd6b74861afd
SHA2566de77b0cc70aca8105b7ccd5f5b5ac5d519c4206a7213b6cef38058d8a70e973
SHA512371fa12345cf35abcba0eff1edd26e90198b3ad42d1cdd7a828281d8a9fc26eca6ab841d42a05816c6c93d5839263692c8892450c490a6705a13afd737a644e0
-
Filesize
655KB
MD5e2119231341e7c4a9edce29d45880bcb
SHA15d17048983e7a756e826eb6ea4b716500e7e8bd1
SHA256e90d3474c206d86ddc12b5d31886e726bceaed55f6a39b4a079089880a8105b1
SHA512d2b818a7b7721f445c43795c6a4d1c363b6aa3f54b04a79853a35bd5181c63253e989627d6bc4c3369b3b416bdc48954b102dc4bb4025726d05354e7bf61e9a3
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e