Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 11:57
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://gemcreedarticulateod.shop/api
https://secretionsuitcasenioise.shop/api
https://claimconcessionrebe.shop/api
https://liabilityarrangemenyit.shop/api
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Program crash 6 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exepid pid_target process target process 5540 5220 WerFault.exe Loader.exe 1164 6048 WerFault.exe Loader.exe 5180 6048 WerFault.exe Loader.exe 2904 5556 WerFault.exe Loader.exe 440 2620 WerFault.exe Loader.exe 5820 2620 WerFault.exe Loader.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 3 IoCs
Processes:
taskmgr.exemsedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1790404759-2178872477-2616469472-1000\{6C816575-3B86-4BCB-931E-F6AF42CC44C2} msedge.exe Key created \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exepid process 3436 msedge.exe 3436 msedge.exe 2968 msedge.exe 2968 msedge.exe 2084 identity_helper.exe 2084 identity_helper.exe 1640 msedge.exe 1640 msedge.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
taskmgr.exepid process 5624 taskmgr.exe -
Suspicious behavior: LoadsDriver 6 IoCs
Processes:
pid 4 4 4 4 4 656 -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 5624 taskmgr.exe Token: SeSystemProfilePrivilege 5624 taskmgr.exe Token: SeCreateGlobalPrivilege 5624 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe 5624 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2968 wrote to memory of 832 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 832 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 1960 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 3436 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 3436 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe PID 2968 wrote to memory of 2816 2968 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/h2w3stcoa/EulenFiveM1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86f1146f8,0x7ff86f114708,0x7ff86f1147182⤵PID:832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:22⤵PID:1960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:2816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4980
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵PID:2168
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:4868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:2192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:3004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4344 /prefetch:82⤵PID:1436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:1708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:3884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:3296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:6084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Modifies registry class
PID:4512 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5748 /prefetch:82⤵PID:5360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:1684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:4792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:5932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵PID:5108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵PID:5180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6760 /prefetch:22⤵PID:4360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:4576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:5840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:5176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,3742240107406765558,6827998614005150792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵PID:4072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4292
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2956
-
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"1⤵PID:5220
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 10922⤵
- Program crash
PID:5540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5220 -ip 52201⤵PID:5516
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5624
-
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"1⤵PID:6048
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 10922⤵
- Program crash
PID:1164 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 10802⤵
- Program crash
PID:5180
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6048 -ip 60481⤵PID:3112
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6048 -ip 60481⤵PID:3260
-
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"1⤵PID:5556
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 11482⤵
- Program crash
PID:2904
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5556 -ip 55561⤵PID:1544
-
C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"C:\Users\Admin\Downloads\EulenFiveM-main\EulenFiveM-main\Loader.exe"1⤵PID:2620
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 10522⤵
- Program crash
PID:440 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 10922⤵
- Program crash
PID:5820
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2620 -ip 26201⤵PID:5764
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2620 -ip 26201⤵PID:752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53bde7b7b0c0c9c66bdd8e3f712bd71eb
SHA1266bd462e249f029df05311255a15c8f42719acc
SHA2562ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a
SHA5125fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818
-
Filesize
152B
MD59cafa4c8eee7ab605ab279aafd19cc14
SHA1e362e5d37d1a79e7b4a8642b068934e4571a55f1
SHA256d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166
SHA512eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6
-
Filesize
37KB
MD51db559d5a90934ca4269e4a6dcf5e60f
SHA1fdd6707c372b71e2d75a928d824ec2ed5794faad
SHA2563106f79cb71ac20b0fe040ff0f0a5b9fff409fa283e85fbf35c6c98ee77d721d
SHA5128a9f4135d271569dac43930523bee499050a22bc65dd3dcd0a79f72a667b9c6bf07cb987210bcbbe3525473f94c0efd95bbc2d20ac6e0b34488370bd8d87d751
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
30KB
MD5452cee87a193d291cf0394c0a8f961c9
SHA15ed43fad7737f776e85433d7fe7aa70d37eb4606
SHA2566c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61
SHA512355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500
-
Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.1MB
MD5eeb2da3dfe4dbfa17c25b4eb9319f982
SHA130a738a3f477b3655645873a98838424fabc8e21
SHA256fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3
SHA512d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD57372c0a0327fe75206a94e3284c170dd
SHA1a58211a3dad64ac822c1aef1f97d305c1a02d0eb
SHA256ce8c4eaff8b943105a30c6dcb8bebef5d10854ee7400ba5c5065fbf47a9f7340
SHA5122a78fc60045968d39e97fd2e3b277cfaf2eb4045dca22a3d2defb91483bf34a1304374dd75b163b767b5b18d289aae4dd45532081d562277e3398225fa1c5c40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5f5867b4ca33ca8c60ed1710c21288f5e
SHA11c618cb643a85c269a30ff884fab330609afcda1
SHA2569d77b03692ea3e5917afc1092c694bef00cc51bfd9d1666d5ff22a81661e9110
SHA512d62620cbdc149eba756f9ba62d631283fbec469d65c30cfd6d73c272416747e4ce5be267dc53820bbd427806df83bafe48c0a6021aa4366969616910111fd690
-
Filesize
656B
MD5c2ef7501908bd85085bc5510e696d779
SHA1d27275e2f26d3b15d0e6f50188eafebe9811ad79
SHA256afb5299c3b69d23b4ba8862855271759022be4d6d638157b9e47ee1498f8bd9b
SHA51257981b923c81b624bd4e6121fde52b499cc4978beb68f4575589166d8fee1cf7fac4c3eb26ad93ae258fbc0fba34da92ddaf4eb3f356262421b515c53c768bb1
-
Filesize
6KB
MD58f2dfa339291d328eaa73ef14d567942
SHA11ec2b7b32226d3ae01a5533a6bd52752fff605b2
SHA25617df6d2f8227a568a0bec23fd205abc85b81a0b2043c3b5d18bfe0eaf7afd465
SHA5122ff5a8b8f8280c0875401f0f002fdc85e127670851b984d349f9c5ff2bb1947ba589ca28d6a65527658c5c4da2bd447f7ca223d721aa52821040a0a8819ebab8
-
Filesize
7KB
MD52bb93cbd2455961403987a7ed733c5ac
SHA1e590b80a1143f1bef58a516adc924c7b1988b32c
SHA256cb4e0be6116870e38fa83ef56500158249af1ec9491c73994011aaafe8a52bce
SHA512c3dc8132c3fb512af274748293199e8f9dcf9b9b9d751eabec13da05ed506cfc6526b0defdd154faff349761d672dfc4f5ec772fb9e606198bcce6c7d39e62f5
-
Filesize
6KB
MD500616ccecbfe535ee4de3037534671aa
SHA168eb4df877a9d281f94f1b6d5cd52688eba6894b
SHA25601e328b4442693424503b38004ffee48abca7f0d74963518176f18e485c01d01
SHA51214c331028ac65399b257438a44dbfd2209930fc294d4683a69764c5ceb4c7cef48a0a2ac4b85df5fcabe693a331333986a115a6af719a78624eca50388797aed
-
Filesize
8KB
MD5966eee6de0db214290eef1b4a44a9471
SHA13cbb44940380cbb6f65410922679c3a8f7944aa2
SHA25625e7f17f567d79442b3c7e937dc0e27ac190cdaa90c1ff30c30af08fc239774c
SHA5128c81861f1aa566a5b1de02a7061abc5b286bb4ca2748baf8bc1b632abbf9d14a97076447f6550d7ec085072f691d49bd0dfc71be798bde2bbdd3361057ccb8a3
-
Filesize
8KB
MD5442ab769f7fda0231bed67da7bf15ac4
SHA19a7ef6eb9d85ff9541811eff54568bef64cb57c0
SHA256ea4984a29ec4343fa885cc14406a8690347861146d6f6941ee48dabf240fa557
SHA512102ca1cba4c216945e8cd0bf9b9550792144361fc1f8578af40f09168caac870ed6c7ab1e4edeae2946190be8420643e2a30a6ef5d6ba36b15f42969a8c9d1bf
-
Filesize
2KB
MD56445ef8f2a24dd5a8874b7013d593998
SHA1acb067c670e3edff7dd877145f7385c331c1a483
SHA25662f6354b15a2f8d08abe04fb51ee38a5dc7a8e1de12aa3140fb986bfaaff4cc6
SHA512679c0c4489dec99d23f6330c63d14dada25a9b5bd6caa96dce74238241dbecd6f9296305139b021d799688114098e3fc953727b48abd493342180da439dd4b74
-
Filesize
2KB
MD527b364020c0bc649bb8ff54d253185c3
SHA1edb7cee9671fadc40e6b305cd35039a1d2182599
SHA256f550e3a5db642febeea1e0a028cf5347cc3e726fccff28587ab0aa70154521ff
SHA5122ce7bbfdcb5a11ff8502a1d7a9f88d27bfb5d7d10510bb8f628c42ea14067f83965e42fb64e7739529ef1f8ffe28c203d5a7884bb07558577d0b7fd03a74351b
-
Filesize
1KB
MD5dea1d352724a30dd4a70d54d47602203
SHA1c34fc893b418846f51e691beaa8db7de85ea71b2
SHA256e50d4b877fa107a0b71c3c8633aab10caa966a27966744120ec9af95646cf688
SHA512554a740213a6ef6b57797780170619ab640e509dda9c028c895ab5c1429e3cbb2efc607a9fc05a95d6900d27b3151818a60488cd729be45637cface41e7b9362
-
Filesize
1KB
MD56e71e7038af87a68ddb1d5b12b74d1ea
SHA147cd08b341963bcd13c77a5e04a98043f45ea7a0
SHA256d32b2f2489c6c6b0509adc2886013a2633d3d861ff2fa2c7279670406d2b837b
SHA512672e41e3b82b9059ae0a98bc334e134b9f7b4bb533e80ea9dafc4dc3f915261757fba9f44d35620948e0034082cff39cd2d55652015746fb51dc2ff13d4be657
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51b79a275fb0038937ac735550a7ed74c
SHA1eb8599dfdba82eac0842fd2f0f849a1783aa3457
SHA2568231d4779d19bfec3ebb539d471af2da41cb71cd87c5a862aeb10fb30b88887e
SHA51258ef331971562c81eafc9fcca315a58ddbe98fbe2b674647cadcffe2a34eb88930d91b2d784481f95838e54b7f41183cc6008a04778b5c6845cf59b61ea0064d
-
Filesize
11KB
MD506adcb314ec57536ccd34941a0713366
SHA1515ebca3ba0003bb018bc1b65c6643874e79f927
SHA2560164dc975be7cc850da145c080f911fff3288c277fc843ef9b40bb168636a9ab
SHA512c5c5054d6bf6cc600be7b2cedacd100558123d744df40dda60ddd4df4690c79754ece20cc22e18d19c0700b540d6f10f36d10280f9f7fb7fc07895dd8fed859e
-
Filesize
1012KB
MD59c3d1987f15cd1e39dd4029e0a3635fb
SHA166c169a9ee2eddd3b8d4929dca4dc768f3d34273
SHA2563f1b2a109a62411239af74481963d5b93d9b53cd4ffeeabb36015156f129e609
SHA512abf9f345e2f132728dfd50ffe7ca81be67c0e41513878f8dff13fae6ec51205764877f39b1db439cdaff96b14708446daf0b539457d0e53dadf7bb9a7a134108
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e