Analysis
-
max time kernel
72s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2024 15:49
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
spoofer.exegoosext.exepid process 6608 spoofer.exe 7036 goosext.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
spoofer.exedescription pid process target process PID 6608 set thread context of 4344 6608 spoofer.exe RegAsm.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1944 msedge.exe 1944 msedge.exe 3956 msedge.exe 3956 msedge.exe 388 identity_helper.exe 388 identity_helper.exe 5676 msedge.exe 5676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
Processes:
msedge.exepid process 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
AUDIODG.EXE7zG.exedescription pid process Token: 33 3148 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3148 AUDIODG.EXE Token: SeRestorePrivilege 548 7zG.exe Token: 35 548 7zG.exe Token: SeSecurityPrivilege 548 7zG.exe Token: SeSecurityPrivilege 548 7zG.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
Processes:
msedge.exe7zG.exepid process 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 548 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3956 wrote to memory of 3944 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3944 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4868 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 1944 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 1944 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 4492 3956 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=m-4qCndS-4M&ab_channel=DjMantie1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca67746f8,0x7ffca6774708,0x7ffca67747182⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3712 /prefetch:82⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:82⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:12⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:12⤵PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:12⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:12⤵PID:5972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:12⤵PID:5964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:12⤵PID:5956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:12⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:12⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:12⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8536 /prefetch:82⤵PID:5656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:6152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:12⤵PID:6220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:12⤵PID:6308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:12⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:12⤵PID:6456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵PID:6528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10028 /prefetch:12⤵PID:6600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:6204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:12⤵PID:6748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:12⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:12⤵PID:6244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6684205809237397355,982445043119902240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:12⤵PID:6256
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3132
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1820
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x468 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
PID:3148
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6904
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\kernelmode\" -spe -an -ai#7zMap6500:82:7zEvent109101⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:548
-
C:\Users\Admin\Downloads\kernelmode\spoofer.exe"C:\Users\Admin\Downloads\kernelmode\spoofer.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6608 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4344
-
-
C:\Users\Admin\Downloads\kernelmode\goosext.exe"C:\Users\Admin\Downloads\kernelmode\goosext.exe"1⤵
- Executes dropped EXE
PID:7036 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5716
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5343e73b39eb89ceab25618efc0cd8c8c
SHA16a5c7dcfd4cd4088793de6a3966aa914a07faf4c
SHA2566ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223
SHA51254f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd
-
Filesize
152B
MD5d4c957a0a66b47d997435ead0940becf
SHA11aed2765dd971764b96455003851f8965e3ae07d
SHA25653fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163
SHA51219cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5cfa8c42f531797edc01515095403c890
SHA1ae98af2c36f1385bad91520e50681e03b41a562d
SHA25683670292216050a98477ab53675231aa8d2ed465dd752a4278cc91c4cbfb043a
SHA512706357cf7a3dc7e4a94be4b7c611fb53045a600066dfb9d519d1dceddd0c6ed69bcef3574859c5442e9b7fa4b79b49c2849d5f3aeedab143a51ef18ede51fd81
-
Filesize
13KB
MD5ffaf4253a4ab254cbf68efcc067386dd
SHA14c4d505a137d61883651ca576d572451cecee09c
SHA256dc0c756277d3053f9854191517fd6b2d45d1d3a6f493f2a1c4aa6fcebe1f5f83
SHA5121a47cff4a2462a63d234fff17fbcb4507506207a6561f34bf4f5a1390201c5b9510c17ede0df0c42b1d27230e017344be9dc01234c33de6488c31e352f4d721f
-
Filesize
9KB
MD5e1a5f2e228f09c818d7a5f7763d5ce36
SHA16e0118fb3c9e2cec06d8029cf8a10320905d1dd2
SHA2563bfaa04658a8a8145b02eab87db141d87330f4bfbd82c49c1beddae0941d6509
SHA512d43f75e4de3c8734872a1a8884ef359edc30486c67fb219356ac582fa8fb64b084b53916feb0fd396883977d5a236708774b3f0506e30946cc90da91836a0855
-
Filesize
6KB
MD5cc548c0ce6ef6403209a977da4dba173
SHA1ec5474e4b111a3cb3e505f292ebc8bf10defc216
SHA2568b17ebe8f9ff4dcb2a48f44aa7701a1a6f1373155bb94f9983ee76474e9f1b88
SHA5129dbd4ae61227144acb90e76b9cdb879085eccf776f7081f68a085d73bfc1788ea7a2271897d18c616363dd93b5d8eb6ea2bdfd81b8b0d7d572d85c5d47a037ea
-
Filesize
15KB
MD5e2503d742bec744860233f1df6bcaaa2
SHA15d2786a5e23e1cd8eb57a79306c6d31d36625cb6
SHA256f59698be4be989882f945d02225cf2ff32697da7ec8467e5da91fda1f15dd224
SHA512c7e71902b28207e803d40347442b17554ad34704b3b02ee61505b30aae471fe6b5bbe10902087c0dab7f30d0f11c001c20d8b1c09f5512e793f35650dfd5db74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5368bfc1-b6a6-4976-99e1-f98b9025c5ea\index-dir\the-real-index
Filesize2KB
MD5114657aef2870762ea0fd6e9e065af29
SHA1e69600c5542bba779517f01c449e41a1e1b45391
SHA2569cc3134fb23f734ba6c2bd8caaf36510bbbbb20a44c21645b8894ae96cf4ddfc
SHA512b577057ae320532a36e724676f597a43edaadc07cd3c170c079ac5c0cf74b421b0dee6144d51b9b9d191881ecb55afc787a9580b03e759d132b53c5a7cf4141a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5368bfc1-b6a6-4976-99e1-f98b9025c5ea\index-dir\the-real-index~RFe579a3c.TMP
Filesize48B
MD525e21033b7adcb25dae090febbb35689
SHA1fd89abade84a69f3377e0e21cacba1d17a7c175f
SHA256901abc6ca1ae37ac20caf558b59cfd9a18749c5cf9786061a06d3f13c4c8ea9f
SHA512e36e041623919ebd9f916ae6e7eeb95fc011579028c3bd01f6e5f25836ea1eb92d0628056d58d291748a6f9d464828af619b04c666c05e4e32978ecd49b76ef8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5c3cef30bd3589537afd4d428752e67ea
SHA18707a76dd471c9df2157e1818d644dd76de6fdf5
SHA256877995ac0967b1945d67b30cecd79c9fcdb21f8f8ca965b853418b5f8aa2926a
SHA5129c5e29cdab259aded12ae0553a20e81a876adf9747353774a9b5a0b00650c269f4114559f12e12b12ab1ba4887cd59d9e8aa7fb1882217b1412c7bda7f999f0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize84B
MD5e59f7fcd9cccae43d02c2dc9fe2b8439
SHA1587222060ede3b75ebf6922a7eb3d39f6cd5c8b0
SHA256742dbfec71c5b3604396b03608f10f0663c1bf1aec7a9f5cb20e0bb32b05a394
SHA51259c4c919f73a9bb806cca242140396d292f6f27b4720b96415f0a0fad0797014f4c9f4b36012a577636ef34f9f48e692c10760e0b646763e86afa6545dd5cad6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD5c11516c91099b8d309da87aec0d675ef
SHA158c3b876ddef67268be3dd732f212e85414772ce
SHA2560223751d62bc2647c490b2e01050998378a5f3bdc6e7dd5b8df92b85f1f2369b
SHA5120542096a53fc37461bb1bcaa73e3b6d494390d83eaf68fee5d23f7444d434b0b404134dfca99e9acb26265c59bebd8d268cce480cc997669c47b1a9fae59b142
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe573d86.TMP
Filesize89B
MD54c4ef8926ec2844e2f839b3f84d90bce
SHA12c349ecbc5e6c2feeb0dbd5396f9c6eb8fd21053
SHA25688aab7f9648cafe034aa7063d3ca387ebd482ea7383ed013783ba30c57fc4308
SHA5123ab599d51d71217cd8ef11a8caf2d012e757afeca60c4eaab7f1250bb01c3444a17f84ff7b077af43c63e949c403e2a5c352888092bcabadc3e2a5c9d0a56345
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5522a83a25965190da3e6b2c60dfe2124
SHA1b2dd0a5ac05b3d850a66e87834460269d69fccd5
SHA256d97292b1df39e11c650f59a744901584139c25270a1121542344f19484ce7262
SHA51267893f87bf2e5c490f2712cd3acdb4dd58f2bef33ba9cbb61e8c6f81f90f012a8cc71a70ab7caa352dc475404d1927c5dfce92c33fab690b560a7a936f9cf6ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578c61.TMP
Filesize48B
MD5c0814a457de704e930a69a001979867e
SHA16cd0c72f4c9f24184f907c1179344a670a6e42d8
SHA256b03ff9d89606f6c0bd0f5885af26b18e14e10c8cecfe2917a29833658eec438b
SHA51269ee791acf11ddb72d17e05a9b4f6c0f270a7c1a84252509ede69629d6498d28d2e42658338903fa76013982e3d2d2171a4a321ad9054e144888af30f7736a0f
-
Filesize
4KB
MD57368c3337aea0c0f7e2264be4b6b06d8
SHA1567feb2a808b2d820f7f9fa9ee68c230ef1c5ee1
SHA25624b88dd0f95bc3590f53bf2e2928b2f81f439cd398689001493d9e4b3f80d849
SHA512eabcb2ef01d3f2cb6438f53f88162dcf519a2f70228a1ee8f12ad1d30998cec6d55b256e239a1959d572741499d5eef96269c20175f2e82495b1b49fc58a19e8
-
Filesize
4KB
MD540f38f195632f0e20a871b51698ae32a
SHA19643be8eedcaf6336f4bd14c53f00e9135a96916
SHA25683d1aa0c52235ca70a7c0e7292750e7e2755b2819306b598165376817139b924
SHA51286a1290bf072ba1e23699c7b290f919968daa67555e8c15be5f6d1e337a609795b6c076ba33b70bb3ece38ff72acb029fe8e346c9eaba5008c57e6fc7b5e681c
-
Filesize
1KB
MD5b78f0d452ef2674fa8625a2f4ca433c3
SHA1198a824285900dd9644d3b8536fd63a4c016a84f
SHA256f83bb8033293ade1868c2b293031448397f743d737d349937c64d3d37d89823e
SHA512b9f23c7ff41d23337096235c6049156b6609fc824dc2a48ca25522b9fce5681f458aa8dbc9e42002f90b82d6c4650c39430f0d2a9759c1cc2bc4d2ff29d6dd3f
-
Filesize
706B
MD5766070e5305bdd6561705d016dfd2a85
SHA1672d676d3fd140f24685d0d720bf674ca9ef7a88
SHA256d2c457f1642e40bf653e6cf976f0652ef15984040050c1a09feae3e38e8c6dee
SHA5124c8aa8e3d351425712c79255c38ba38558bc249450eaeb327911aa40fecab300a09145dd2779faf9b304caba6461a177ef019073043ea27bbb6e4a341be3f7c8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f9726d99-a8a3-45c8-a1f6-64e726c7d470.tmp
Filesize6KB
MD57e71f67e6ca96a622593878d0b1ff56a
SHA1e6814586496d28c3d2424483128b4533fdb972cd
SHA2568b6e584415ea8bff5fd34c2eb341314020a398a57f9890341c643a294a555236
SHA5127d70e582e788c5edd11e19e093a0992c275f814abb0933c72097dbdf02f0e914ec1a78988321e8e26f943d727fa88bc6f668c6e541df5eef1012ad53b430acb0
-
Filesize
11KB
MD5f9cc2ccd3be657c553a7db7b6be7988b
SHA1ecc7e09a8ee285884c2d91f0e585233979e565d0
SHA256b5416225eb4be45329b0d721107979631e8f878ab01c8834d2c1f15133e9b8a7
SHA5124831ca4a897981158a744857116d6c4c6960e1922c03d3ecb228f20b2fe38d92bcae1c1108cf36e62371649dc6c9e66370ee790c3d46e525ea5c595ab992fd5e
-
Filesize
682KB
MD56dc97214f4e81cc2eff8ea4a751e4256
SHA11f9f194155b1fd632c498188a5306e0ab27fd0f7
SHA25692b55882c3541ad61c92fe788cd4514fc68c86e250e6689317086a77d5f775dd
SHA51260710d6a118a66f1b17fc16967dff2a074e9bda8212770f7859d7d2533efd5c62edd1107a50444ecdc0c2e78412e6d02079c147250bb67125b6f0ca1251d034a
-
Filesize
1.9MB
MD57bd3cf6c28a0dfe7b2045cd34224d658
SHA1823d86abfa4227143aac77c61c3b98e7a0717fe0
SHA2562507bbeea1321056b1f32334340ac7c25098ceb6d7f0a1d1811d2daf44791074
SHA512eec9f53b04b8cecc251d51b25a8804659716132bb7d57cd45be2bdf1d6771db63d3f522170401e0ac2e1a4909acfe9d7ba62b2c37b84209875fec62b22da2e0d
-
Filesize
1.4MB
MD5763760f4a700eb7ccd1a3ea5c16ccae0
SHA1795e157b75cec6c9372ceafc8f48c59cf948c0b8
SHA2562e4ff69a6592ec4b631464689b0dc88ce2e7d44989e511a78a25642bfd45a395
SHA512914a512e63204a30004e71bddd15a80e3bb15e2fbfb2fe5bed1e3690a253cd3727015a94b5166995d8d98f9532617fed4c6966a6f651b8060013454a503bc5c8
-
Filesize
2.8MB
MD54f916c2026ec09993178f9cb69623b8b
SHA1f989810b3da6f2c95b40a62fabd31df987cc2e61
SHA2569e78e0c5ff5c67ac4d46aa012687057aac7942892f93497b1285f222752450fd
SHA512c21e27cf78119aadaaa26050c869e785a051c2762e1f8d5a39ecf14795b73ce114625cef4739fa930d4198b9cdf209bbf04ba1ba84f1058af5da5868a4f58d67
-
Filesize
13.7MB
MD527906fd5d91dcb6a2974366e9d3e6c96
SHA12561200d5b5bb033dc7d0f95c19226c788666e1c
SHA256c416b17734dbf275719c410c091d20698591d9b2ec07a2d84c7497ef9882afba
SHA512e92749a03cac7fa589fcf1ee68ad9012b14b9717c06edeb775541bb23f0ad3926cf1387bc490b0742dfe974915ee1dc160887808658472b17199dba695e491d7
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e