Overview
overview
7Static
static
3GDLauncher...up.exe
windows7-x64
7GDLauncher...up.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDIR/app-64.7z
windows7-x64
3$PLUGINSDIR/app-64.7z
windows10-2004-x64
77za.exe
windows7-x64
17za.exe
windows10-2004-x64
1GDLauncher.exe
windows7-x64
7GDLauncher.exe
windows10-2004-x64
7LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1chrome_100...nt.pak
windows7-x64
3chrome_100...nt.pak
windows10-2004-x64
3chrome_200...nt.pak
windows7-x64
3chrome_200...nt.pak
windows10-2004-x64
3concrt140.dll
windows7-x64
1concrt140.dll
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1icudtl.dat
windows7-x64
3icudtl.dat
windows10-2004-x64
3libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1Analysis
-
max time kernel
153s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 17:44
Static task
static1
Behavioral task
behavioral1
Sample
GDLauncher-win-setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
GDLauncher-win-setup.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app-64.7z
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app-64.7z
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
7za.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
7za.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
GDLauncher.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
GDLauncher.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
LICENSES.chromium.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
chrome_100_percent.pak
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
chrome_100_percent.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
chrome_200_percent.pak
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
chrome_200_percent.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
concrt140.dll
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
concrt140.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral26
Sample
ffmpeg.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
ffmpeg.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral28
Sample
icudtl.dat
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
icudtl.dat
Resource
win10v2004-20240221-en
Behavioral task
behavioral30
Sample
libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
libEGL.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral32
Sample
libGLESv2.dll
Resource
win7-20240220-en
General
-
Target
GDLauncher.exe
-
Size
142.0MB
-
MD5
51dc199e41223520217f34624b276e18
-
SHA1
0ce3f6b9a26759b21a23bf25ed34b1b7ce624295
-
SHA256
0b3c6bce1a0a61414a7e3048616c6dbfd55a2233b7ead7c4666d7d0c59e1ff50
-
SHA512
c40e9d4b8db3ce4d195f0e634b48f4b7f1da74070ec2a9bf3db4b543d819a712a011496d99da6fdd6461305c012f808c7761363a6ef2b137bb58a439485fc42c
-
SSDEEP
1572864:Zx8e2z2aMcuE5p9vzLECsyP2d+J/AG8TQX60:vLabp9rY/W6
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation GDLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation GDLauncher.exe -
Loads dropped DLL 2 IoCs
pid Process 2796 GDLauncher.exe 2796 GDLauncher.exe -
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open\command GDLauncher.exe Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell GDLauncher.exe Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open GDLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\GDLauncher.exe\" \"%1\"" GDLauncher.exe Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher GDLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\URL Protocol GDLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\gdlauncher\ = "URL:gdlauncher" GDLauncher.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 GDLauncher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 GDLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 GDLauncher.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3520 GDLauncher.exe 3520 GDLauncher.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe Token: SeShutdownPrivilege 2796 GDLauncher.exe Token: SeCreatePagefilePrivilege 2796 GDLauncher.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 2796 GDLauncher.exe 2796 GDLauncher.exe 2796 GDLauncher.exe 2796 GDLauncher.exe -
Suspicious use of SendNotifyMessage 5 IoCs
pid Process 2796 GDLauncher.exe 2796 GDLauncher.exe 2796 GDLauncher.exe 2796 GDLauncher.exe 2796 GDLauncher.exe -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 2052 2796 GDLauncher.exe 88 PID 2796 wrote to memory of 1404 2796 GDLauncher.exe 89 PID 2796 wrote to memory of 1404 2796 GDLauncher.exe 89 PID 2796 wrote to memory of 1204 2796 GDLauncher.exe 90 PID 2796 wrote to memory of 1204 2796 GDLauncher.exe 90 PID 1204 wrote to memory of 1280 1204 GDLauncher.exe 91 PID 1204 wrote to memory of 1280 1204 GDLauncher.exe 91 PID 1280 wrote to memory of 5048 1280 cmd.exe 93 PID 1280 wrote to memory of 5048 1280 cmd.exe 93 PID 2796 wrote to memory of 3520 2796 GDLauncher.exe 97 PID 2796 wrote to memory of 3520 2796 GDLauncher.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:2052
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:1404
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2408 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"3⤵
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Windows\System32\reg.exeC:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid4⤵PID:5048
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GDLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\gdlauncher_next" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1764,i,5247501284046318974,12266459043291357763,131072 --disable-features=OutOfBlinkCors,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
281KB
MD54cef69a682d9b896b4fff99fca80a08a
SHA185fcae77830c3e55badfac97badc97ee53d5ada8
SHA256bccc1ea670ddf3560352327eac402e7a99b5a585bd1d2af02bff8111b6ee9738
SHA512cccf2aced4edf15a3162cdd867f623c73895b4962910e1d6a57afa17032247becd6378546206dd4705b3ca5f54e6d063a56a5ca54223bc5a67406cfcc27b2587
-
Filesize
495KB
MD5be94689f0cf2f4e36ef77fff3b573460
SHA1f7187d89237506e6f50db5418c25b79cd1b3d271
SHA256a8ae4e1f6ff70c724282b5d468ac463012e9b0fd5b52997116946fdb2e2ac34f
SHA51283078c0a3340d912f42b6b67f6dce624e6395fede93043cd4f5b391c2547cc68aa6d147a70b523c9e8d646d4913a92b96d59fda0b28ade83c478693d8a256da5
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD5949e4128177091e594698ad2e330a5cf
SHA169eeb6dae0a783eff0f3a4c718a3fc5fda574505
SHA256d823c55c284e8ba408639ffcedf166b4100c8f986132d0b160178be750280cfe
SHA51238d5adac879c0a273877ceedd41e832ebd5e0929455d37b694f915662b889e2b5a77c471420eccc17535703df1886c595e9fb4c0bea0658f2cd5a3f3a99a0d42
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
871B
MD562a4d86bd498572d9c5f9a24b1d31695
SHA19ec255c03e7d00e7994971ede21a604c5ac50431
SHA2563df80fe2134cf0baba119b80dd3d8856025a5d76d6be025fa74fdc11daa6c7e0
SHA512bb18e30145eee593d45865acf4f930727ab8db06131132676655b103a5c618578e0a693a0a876a51ee48bd5d4889005142dce3071fb5df0ecc0723ad3a30bad3
-
Filesize
871B
MD550b59f71e324cad185104163ddde1f96
SHA169d0bc35d087045bac27c21a6388af4c89f3eaa9
SHA2567a2caafe3bf0e84a8610f1bfdcd147ec6f7f01b0a4190077de13afc8c1eeb6ec
SHA51289e43724c62a1dd7c560fb5279b96f727bcd0c1ae1d601a3a1aea41ea8b0fa18a73c617c8aafff07777a16e51395b39c0ad1d06073d5af3c3402edba883816df
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
86B
MD5d11dedf80b85d8d9be3fec6bb292f64b
SHA1aab8783454819cd66ddf7871e887abdba138aef3
SHA2568029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA5126b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0