Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
24/02/2024, 18:47
240224-xfdk8abc77 124/02/2024, 18:44
240224-xdr1tsca8s 624/02/2024, 18:39
240224-xas4qabb22 5Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 18:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://edu.mon.bg
Resource
win10v2004-20240221-en
Errors
General
-
Target
http://edu.mon.bg
Malware Config
Signatures
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 101 whatismyipaddress.com 102 whatismyipaddress.com 100 whatismyipaddress.com -
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "231" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe -
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings mspaint.exe Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-910440534-423636034-2318342392-1000\{42F5E0AD-DFEB-4655-9F15-67D1D7B942E9} msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 5536 notepad.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 1920 msedge.exe 1920 msedge.exe 3444 msedge.exe 3444 msedge.exe 4740 identity_helper.exe 4740 identity_helper.exe 1696 msedge.exe 1696 msedge.exe 1544 msedge.exe 1100 mspaint.exe 1100 mspaint.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
pid Process 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1100 mspaint.exe 6132 OpenWith.exe 5176 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3444 wrote to memory of 4016 3444 msedge.exe 82 PID 3444 wrote to memory of 4016 3444 msedge.exe 82 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1076 3444 msedge.exe 86 PID 3444 wrote to memory of 1920 3444 msedge.exe 85 PID 3444 wrote to memory of 1920 3444 msedge.exe 85 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87 PID 3444 wrote to memory of 4984 3444 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://edu.mon.bg1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9b3a46f8,0x7ffc9b3a4708,0x7ffc9b3a47182⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6176 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6184 /prefetch:82⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2992 /prefetch:82⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:12⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:12⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:12⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:12⤵PID:6088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:12⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:12⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9984 /prefetch:12⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=8724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2004,10710611717377094319,8522257522941938369,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=9632 /prefetch:82⤵PID:2184
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1844
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x4a81⤵PID:3592
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CompleteWrite.png" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1100
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
PID:5788
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:6132
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5448
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:5148
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe" "C:\Users\Admin\Desktop\PopSet.reg"1⤵
- Opens file in notepad (likely ransom note)
PID:5536
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa392a055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5176
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a65ab4f620efd5ba6c5e3cba8713e711
SHA1f79ff4397a980106300bb447ab9cd764af47db08
SHA2563964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76
SHA51290330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9
-
Filesize
152B
MD5854f73d7b3f85bf181d2f2002afd17db
SHA153e5e04c78d1b81b5e6c400ce226e6be25e0dea8
SHA25654c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4
SHA512de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971
-
Filesize
32KB
MD542934682695fe7f27319777509d96cde
SHA18b754e2ac6e70554bea21cdd04cfb1a2e839ae16
SHA25647212d4021ae3fa29e41eb54f8368b6d4fde0b30cbc889dff2daebfb127c937a
SHA5128bf37d7442736ff9413bf7ded65b67b6f13fe4eea6417ebdde438a2de41f9ebbd9185701c4926514a83fe54da2fe4b834d8c87c26859f9348f69fe5579bfcd1e
-
Filesize
61KB
MD51971e737391eabf87667012e84069a5a
SHA18fd29644afc6da70873c25f9bf9d1c495c759843
SHA256c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3
SHA51223062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5216da8ac608737e4720ee7e865ae6330
SHA1ec4123ca435e6c3a8806ca687bd49a856a577044
SHA2568f7eb1e126701634d2c3848e7d68a30f9a9b3703f6fcc94ad6180a358b17712f
SHA51288d099e67ddddedc2101f305e09d3c707330c8dd8bb69d1bf394d9d269d8c5f64336c05cb248cc641854ae80a2b5e7c72bfa9210c14da4e52b57682852dd1f0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5dfb33d27d445405fab42efd3f8c88015
SHA174c73cede14d7cb5ff7381835ef57e198371d260
SHA2562110c08c4656e7f58d2148560ec31abf9824cf7159a84ccd0246ece168ba1366
SHA512772826272b5264f18762d45c946a247ac4cdc3aaf0846bf1ef49408f8ef9d7b70114279a8df6e8aeadf22b24a750327f444baa76847c94860dc80f4f12ff28f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5e0102bc9609dfced0365ce14f6227217
SHA133a600afcf76dd42cff921280ef193b26f5dc06e
SHA2565dbd8ab888d30bbabfd13773b8a5b766705b6874950188ac764519e1b1b9dfba
SHA5120d79db2c0ad0cf0b7218d460b97aebaa88549ca528da75fc0ba0d60946daac6dc193b624682c1469f56e4ef39babc39b634551185e88ce303c3d542df30cd029
-
Filesize
13KB
MD5d77ce047cd53caa6a26a4610fa3f4c81
SHA1a04f68c301b5e2e0d73f6197ce2f41f6a274f2ec
SHA256dd317bec2eecba65f35847b1db919accf02c4d21f2d93a4c659026508cc331b1
SHA5126d1c6c783a9a1f1b0af5d551c19d698eb5b401fe786302577d49482223f6e8d14faf2fcba6baeca5f8d8abdd5d622e865b124aa122f8b3c73ee1a76e9a027f9d
-
Filesize
946B
MD55e79fb96cba80ef891dc13895f298f2b
SHA160a3d969937207b93c023a543e74e31981169508
SHA2560a0c1eba5fe5017de0506f246810c28ef329c271675ee5017cb5ce1d4dda6b4b
SHA5123521ebf4778d0156cfcaf3b2aceedad49000460da1963bf0cc3f22eecb2f8f0fcc44fdba6df01bfe931f8c961f3dbfa42319d360d5042dbe5063e1cbac670651
-
Filesize
6KB
MD5a4858d9fff1c5f4dfa886fb0e49a84bb
SHA1218f62b7f6d12a3643ce5e7a97272c18e8bf22ea
SHA25634c18ef0675b15b1b672c456908a60a39bb2152c8860de19f94af4195e181cd7
SHA51235f7ea5ba9325e01417073881003570e5eeb9e4dce5bb38580a322aa3b47e0063d426c9882014c15c3d851fd0ffa7f3b01c40f87c95e866c44383fcb6cae7e1f
-
Filesize
8KB
MD53a39e58ce2c1def1dc1fcef059993ec6
SHA15fe5595b5cefd3c6793e8c6267af5e1bad3b932a
SHA2566255b5792f402a3e1ef3595fccf2ab92faa5e7581039c7c0ae76ce7b5cd33fe1
SHA512722c5cdce2f6bf0b76c2fc9d4c1ec9f52c384cae325e736c9840ab5226ac2b9038d72b405de5923ac7dd6228274f4930308a61b74ed630a91423d42cd9d677a1
-
Filesize
7KB
MD5874c7e3ad36ebeea074ba537bf9819fc
SHA16674a3e033d9c8ff383bd487169733f794484ebd
SHA256ac75476887456c852e2fd3fdbc619415d3e792b731d1a622df598f97ae5e8a82
SHA512916b32088aee60e45dfedc79643fd46ed4f97ba1c1cca39ca56246199b16e0778c5b7700108d0e21a2f0ed2250677e3a80b03acc4cf49f51fa41e180ea53e791
-
Filesize
6KB
MD50d37ee1d57b38b69d0a214d58e96f31a
SHA1e6e1ce82d5c7c102cf02836fa2c6350a79d12d2b
SHA2560113f8716469fca1afb48c32ddb8c4984e1478fa76eabb306511aa8b37f3af4b
SHA5127d03f617af43cc1ef577458846fe442e40b553cfe0bb4f7bf7fb4423aba410fe795d04e047214503746cac6b978b8d4feba8180a9900fe2cdee94fa843871ef1
-
Filesize
6KB
MD540d92d557989e7965625c8dfdaeafa76
SHA1fdfde67a3487abde3ab4c2c0801f3acc56984bda
SHA25669d78cf1157ca842017454b0885f26a9df6c994a304d7e493c939223a60c654c
SHA512b15b213f65db81ef6495c31dd4b8be594e1945ef450d5aaf9a3192af79f74d8f16f8831c6e6912d0e903a8b97e2dc234c2b48370212b189793a0a0b44fe13c19
-
Filesize
7KB
MD55c5d2657a8892b0c52ff1b1478b184ea
SHA1363ea5f92e983c865a9ac798cdf74f86be7540c7
SHA2562a3a3ef51138f126cb44ec952d9d737c1a1bcc755acfc479b0332030790d7369
SHA5129c39d0e87b8c8b8f0bc8b4e2450abdfbff2c4ffeffcfa2fb58fd3828968f9368fbe66be72f5ba19bc2bb4e858c00aef523c9902462205078a98c89695db0ca16
-
Filesize
18KB
MD53e55eb9cd8fd44e3246a8c88f31e0cf9
SHA11cedcd0ff5edf43b73d4799fee819f2d51892136
SHA25624567edf5347424a0b2f4ac46d6d890c825e1cc8a79bb1d3709a8eba0fca191b
SHA5126a93a0fe3c532542249a7eb6c9c437f3f3c257c2bd9183d423854b45db255e33a6907e1ffba6af188f9279019b9361fc96a0be6a0d2d139e39a5355cb3209220
-
Filesize
861B
MD5b9d5c6ca97e9266da912ad05a1dd8e58
SHA1320caf02a264672f4ae3110cb0e4a65077a3e043
SHA256339cdd28408369d4e0031479a94db40d8365161c0aedc003e2b9601d3eb4ec81
SHA51281bb56c5dbb1a8d0e83744dd722abd96ecc9beee133fba032b16d7a69b4d5afb5f4b23b21a5a9ac1b124854ef1c86d86613ae4099a4433a095ca56eb9eb1b492
-
Filesize
5KB
MD55fa9096a89ea8ef98ee9550e794d6825
SHA14820b6cb81fe20ecf86f487fa81f21712acddbc8
SHA256db29f8e68c684911ef03dd976406a209e2382973901f2243eee14585fb9e70fd
SHA512cb0a3fded27c9fe0981957db5fe31b7ebb638e5e74856d23352fcfb3cc4a4d726def70b102593d7fe84f949e93b60356ea6683541f40580f2268b6bd5b42a6c5
-
Filesize
363B
MD50f4e2819c96679548369487d3367dbd0
SHA17bce832d64bfe5fa6f19d4bbcb4668832d061c6b
SHA2563627d0c3cc7ebe927e58c8ddcd759d0395fa87c1b4b6303086859997a9831971
SHA512ee56f62ebaf4c6838ae0a8a982bd96bf336a5fa3b0461d32ab96ac068958cc4e19f7ebb126a0963758c643a2c5b5fcfe1fedce3d2c228f6512be542b8faa705f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD523048504d62e4898dcf386bd2b45fab4
SHA15047dcff20626c1883c6a7a1019a225859265a6c
SHA256a13deffa82b328e72aa697ae9c872efd5fe073279dee1e052ebeffb22a8e87fd
SHA5127c3f36a8cf55235f656098b9ee181c8ee326cd4ca90e237875cd7ca90986b0ce5b6ceaac815f606d01f91b387c497a8888390927ddc3138f617698e9f7aaae5b
-
Filesize
12KB
MD59a53ebe114fc5f25761653fe63d35c6a
SHA13b395780d3b83707b747ae075bed7c6d74f05b6b
SHA25669cbf7f112d64660242d067ab7bad2590b9f6cb59d85525cb9aaf6e213642c29
SHA512824250c8b99c37a52d5d637e7dcdcbd5b72cd1e080f3a9f586215660e90cbb5acdde551cfe8d2493d9e452a30fed23ce58c4b9ad80d847cd61fd22302800f057
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84