Analysis
-
max time kernel
91s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 16:45
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe
Resource
win7-20240221-en
General
-
Target
2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe
-
Size
5.5MB
-
MD5
12f7e264ffff1073180001d0002757be
-
SHA1
03e7087f881782a73dc545299e977d405f7c8cf6
-
SHA256
9a2ac9cd13c454164975da5f6c13d69baface82a5d00bdd3a1d1c106e5b3fe62
-
SHA512
26558b6d38d6f19ef74bc734fe598b8852d021e617a7864d0be7436ecca60324a65cca25df0bef16d31cb6ea9ef5ce66cef95d705decb2ceed16992db9028277
-
SSDEEP
49152:qEFbqzA/PvIGDFr9AtwA3PlpIgong0yTI+q47W1Ln9tJEUxDG0BYYrLA50IHLGfZ:AAI5pAdVJn9tbnR1VgBVmJ8t4C7
Malware Config
Signatures
-
Executes dropped EXE 10 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exeelevation_service.exeelevation_service.exemaintenanceservice.exeOSE.EXEchrmstp.exechrmstp.exechrmstp.exechrmstp.exepid Process 2388 alg.exe 4404 DiagnosticsHub.StandardCollector.Service.exe 4852 elevation_service.exe 4752 elevation_service.exe 1180 maintenanceservice.exe 5064 OSE.EXE 5924 chrmstp.exe 6084 chrmstp.exe 5228 chrmstp.exe 5320 chrmstp.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 9 IoCs
Processes:
2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exealg.exeDiagnosticsHub.StandardCollector.Service.exedescription ioc Process File opened for modification C:\Windows\System32\alg.exe 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\765445e34ab059c5.bin alg.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Program Files directory 64 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exealg.exedescription ioc Process File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe alg.exe File opened for modification C:\Program Files\dotnet\dotnet.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7z.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_135953\javaws.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_135953\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133569819246967648" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exepid Process 764 chrome.exe 764 chrome.exe 764 chrome.exe 764 chrome.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid Process 664 664 -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid Process 764 chrome.exe 764 chrome.exe 764 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exechrome.exealg.exedescription pid Process Token: SeTakeOwnershipPrivilege 860 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeDebugPrivilege 2388 alg.exe Token: SeDebugPrivilege 2388 alg.exe Token: SeDebugPrivilege 2388 alg.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe Token: SeShutdownPrivilege 764 chrome.exe Token: SeCreatePagefilePrivilege 764 chrome.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
chrome.exepid Process 764 chrome.exe 764 chrome.exe 764 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exechrome.exedescription pid Process procid_target PID 860 wrote to memory of 2928 860 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe 93 PID 860 wrote to memory of 2928 860 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe 93 PID 860 wrote to memory of 764 860 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe 95 PID 860 wrote to memory of 764 860 2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe 95 PID 764 wrote to memory of 1756 764 chrome.exe 96 PID 764 wrote to memory of 1756 764 chrome.exe 96 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4532 764 chrome.exe 102 PID 764 wrote to memory of 4008 764 chrome.exe 103 PID 764 wrote to memory of 4008 764 chrome.exe 103 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104 PID 764 wrote to memory of 3116 764 chrome.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_12f7e264ffff1073180001d0002757be_ryuk.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2d0,0x2d4,0x2e0,0x2dc,0x2e4,0x140462458,0x140462468,0x1404624782⤵
- Drops file in System32 directory
PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:764 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b3479758,0x7ff8b3479768,0x7ff8b34797783⤵PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:23⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:4008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:3116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:13⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:13⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:13⤵PID:4612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:2920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:5696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:5768
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings3⤵
- Executes dropped EXE
PID:5924 -
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x290,0x294,0x29c,0x298,0x2a0,0x1403b7688,0x1403b7698,0x1403b76a84⤵
- Executes dropped EXE
PID:6084
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=04⤵
- Executes dropped EXE
PID:5228 -
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x298,0x290,0x294,0x28c,0x29c,0x1403b7688,0x1403b7698,0x1403b76a85⤵
- Executes dropped EXE
PID:5320
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:6004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:5300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:83⤵PID:5184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 --field-trial-handle=1900,i,2254120955762223208,919924955705656428,131072 /prefetch:23⤵PID:5092
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2388
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:4404
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4852
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4752
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:1180
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:5064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:81⤵PID:6060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD56e6a5df566516ae1a0a4deff38861294
SHA15b0bc225399483f469c80268097a67e4d8df2b03
SHA2564fa95742bc87a03d6e620cd07875f8dbfa5f49f09564d8b31d9a872559727d7a
SHA512f45ab48d2fffeb2d26910d6d2b2d40ddb6a84d13d88eebd97404d7399341b76f55d790f927258bdf5b1b2343299ba0f51db8b5ad331d3bbb785dbd683c0fd7c9
-
Filesize
1.4MB
MD55f6fad819ad98aaea18e7c1ec9270a9f
SHA1eb5f4f55819c6ca5bda8c6726706e7c22bddf1b3
SHA256c929831401be5c8d2a43a657638829fb40e734e9e3a302a1aabc5039c3baea5f
SHA5128e72ee7187c03df63eaa3efa548414e0259195185ddb2862d9380a46a7fc36309d67f7828c493fd405bc7c9b1ea0918a39b1f53839e96c3d791ac7de54c8b495
-
Filesize
1.7MB
MD52f852b032a3aaa08749e1d746d9a26c1
SHA198e0ce34b83b384b0305673e373619d9cd86f553
SHA2562557cc26d7117c0f5a4c37f072eb463ef2c00f79e9d7cc4fdb05a8f69c562894
SHA512f0b388fc8e1ed57e0b7a0994dfebed3c20aed223e1d0212eeddb56726b1ceb96a91a78cff82765b09e8fa099e617476ccbe337f49cfbc9cd35a799ed09f02fc2
-
Filesize
1.5MB
MD542f38895d00b92bd95270bae7a6626d4
SHA14c721d68244bd44b21605a23e14f685ea460e973
SHA256e7f2d23eaf2fe7963e507fd58a30916011f387bc0b9f06546e864f48f3b51b2c
SHA512b4d66eeaec991f6a38b2f2747de26cc373f3f905eed56cf1330eb0610111fe59918315b305d2a166d55bfa68f013dc6fee98157dcf655e6310089f836696164b
-
Filesize
1.2MB
MD55235ff714217bebf85e0f35ce427b4b6
SHA1a8c46c70b6af39f77d814ddc33ce66a2d3061166
SHA256ce67fd1171ab77258f101099d139e19157890fb5369ed1e567d51c1fcdf629a2
SHA5120c81de686e16de0a9ebbc687a2fd49e6261b146a34534018af5d5d137c87791e99663c26c4e1d8da2c088897e2b5ed8453595625043b4f422e3e0916f572b466
-
Filesize
1.2MB
MD511b375fe3e5a6dcb055a46f0ddb4ee75
SHA18b0f9df40cc229998b4a52c731149eaa21cd8398
SHA256a074629fb9bcb203ebfd842cf3222a70cb0b9d1545ac96c54c04b9e1bfd2fc4a
SHA5123fc0dc5a1a2be349d7b1a9a7e25d73562ae8fcbb8a1c0b03353339d509246e4700b85c0c6122fd65533a309051870e4a56ca5f9a572e2256fd2b32710a9abc81
-
Filesize
1.4MB
MD51ac6a1a062f12dbc49bd247f4978d488
SHA14a0f7809530f89fe5c8105091eaff6dbc7b08bcb
SHA256116bf690cc2cbae16c97b975a4f5f8a4bceb0ba0ee11fa650a3b31592bb2529a
SHA512293a0c1c8fc6958286b3670f6598df5aec3ed529e8ac1f8559621d2947a69b69380ab306519a49237a1dd0182f59d09e1133ca568bba4fcdc1b713a747bd8893
-
Filesize
4.6MB
MD5b253c7fe7852a87e67d6b25ee7b3e2e5
SHA1b2805c01a588a8409f1fc014d79a823fdfbdc0ce
SHA256874900480a3830ccaa5fe6059664a26ac5ddc12708d900fd77a3ae6a78a5899f
SHA51268eb8edbb740335d88cd43a3f021ba231a1998db66a67610b972251aa613967a89d0c77de4f89b0b82ddf372c686eddcb4868cb601d7a191155ffb2749e1fb5e
-
Filesize
1.5MB
MD5d1c66595a923c2afa9f3ff038ea5a522
SHA13cc50a08d94108af032be3529c16be124b9a55fb
SHA2566c9a0278f79529bf0547c1d946cc024fe1a205183c36a713e53a8d2b42b8a735
SHA512ff1978e3459f93ad5efd8766f36573aa58d25cb2d9f2a6118ad1200da280bb179bfaf9c784384ef14c6eebd6ef2477d8b329c2a5a31ef3ccbbc257e7280e1695
-
Filesize
24.0MB
MD56c120fd1ea0e153778bf3a60ec760b01
SHA1192a205e3eff6db09f021b8af7111d560942df26
SHA256471ddc9e1b7ca1c10eff43a22d202bc6f3838961c87b0d45ebfd8cee074be08d
SHA512e21a7eefdd93542052b090b1c345b28a154c920789f469710101ead316ac4a6396ceb5b625794d5a6eb8e16fbdb7cb97ec2613e1c4d2491319d15efe5ffd1e5d
-
Filesize
2.7MB
MD59dec19a78f7d6095f3c62d8fa39deb7b
SHA1551455b4466dd6bbbe8c50286efeca068faae8b5
SHA25641ff8224cca3923ba454804a3947067ee2921b59c5f5bd5ac8c86ee45b9fd92a
SHA512f4923ff8c54eca11eb19b6a5f6438822f85f301e128e608e49c659641aefe1a4cce90a04463ebd39818ce7744e6d02daf0b4730f2da9365bc47bccab71d1770e
-
Filesize
1.1MB
MD5bcf8eb2ebc3bc7bb5c18cd649a95f7ed
SHA13f80325a9a58bb2750da0bf32e78afbab3d4fa44
SHA256c33f01331347b93d943b60883e6b7d44e8848e45bba667a10ade66defc9fce8d
SHA51279cf595883cf9d297205a7490986b62d6840c1967e0778adbdf47095c801ad02e045392443d79bc2a7b50d750801e50ad517456dcb61725a54963f2e62197fcc
-
Filesize
1.4MB
MD5d3301ec62d1053e3bc0552cd53546c82
SHA14be23faaa0bc70a727d59416cf2b1930e99c0594
SHA256f24f44db0459219bf6d8015f965a7794220f1d22f49ce8d80e02fd640656e39b
SHA5127aebd1ddd100b601fbc45dabb3e3a6779d54dd3f6039302c559976bb2075ec31d14cee5f7462176a48efaccf736d100a7c8510fbdd3ac39f893f49687affe73a
-
Filesize
1.3MB
MD535fb7e41ce67ee77641a987df069350d
SHA150de89bafa2bc80bdbd35b71f6b23d462514a0f4
SHA256772aa0cbb9e9d4ea28d86e8719f3d845f36910ad5ccf758e01370baee63eab00
SHA512e1c0143750cdfea7503c28259630865d49ac4be20983e46765f88eeddca27830c100f6812775351da367154cf418c8860a5d9e7cc5f081b8917ee2f6bd4d39fc
-
Filesize
4.8MB
MD5ea079c542b0db064b9c7d47202a21861
SHA1473cc8b4729ebc1725059332beff1d8c933f3399
SHA2564f5d890fef20c30d58c35356406b7a318ff065238826c2c72536902fd5d497fd
SHA5125dc5ef81de415948e6d1ef8bb78c71ea7ff7198cfbc2c758e1ef5571fda4c43391f1233d93891506b86d21de496ed9cf481215d2769f878621c06d6243d47063
-
Filesize
4.8MB
MD554a9c05b940f50e4fbde329f1f69d387
SHA1a45c37a887fe727338dabef3d960db469c9c24ce
SHA2565089c63032e75b4ce3e0ac606babfe7d5f8568d71924cc841661f6a9844dd336
SHA512efd67e8665ca361fc8b9d60dac10eca2711f8f61a49f35995a55235756dbb2cc956d92f5f3f49875ec9bc09a50a4e61e7e3d4de8b4d46f34a6dd48cb42bcd5e0
-
Filesize
2.2MB
MD5648f939a59a6fb3d846a7ad0d7671732
SHA1495ed49327d53e3cac4c002754fad122537b6312
SHA256f57fe3cf8f69b3cf4cd699ca90ccee708b91705037dfd2a2bb865bcd411a5c9b
SHA512b0dc8c5fb1da310bcc3897460a1acd51c05e48c303ba5ddcecfe24e2eaab5b775a3da777800cc764dc968e0c1687be60b1967aae65c57dd5fbf366a9acad4b4b
-
Filesize
2.1MB
MD5a1767fddc11b59b7cf32bb0476ccdd01
SHA1e084ca8b7316702a87220c02336d2eafdde497ec
SHA25684a8847f5c883f7a7da45b72f34c9971c671e84b778f02c13c73b20a94fe5091
SHA51269df9275f269697dd6662de07770d8ce0c89bcb9b6f3478adced2ef6ef5fdcf3f57a85d8087d555d3c3ef95b215b509c289e695e6df43f9dc758e9ef64d9c4d2
-
Filesize
1.8MB
MD5efaa014bd1e6d5a27c964575448b4d15
SHA1a769ac77556bd82135f294a1241d86bc91b156e1
SHA25668cf89b3eac538b2087b0e00ee205290a26105bea05b1e9e7ac1ca73d1c27477
SHA5127195f1cfc664bba615278fc99f4721fd39bc65cdb1e654a3f07a91b240885cdeb95cb924fefd205ca99ce80368b7b44392a1aa93be8230168abd038ef2187907
-
Filesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
Filesize
1.5MB
MD59deec8b14be397f3a5724661ffb376b7
SHA188f803baa8bfb40086a307bd7daddd5ca1b7d0a6
SHA256d2d06edb1abd53e09ae643d3d375e51c1add4bfc1a4b871dab43ae815de03f23
SHA51282c0729adf24c56f153a84145421cb2d17ee2f7c12485a89ff4ac86bf62a1d3fb35375b35cfa6b9d2e398a6f1284d846352dfca665b609131848eeec06db19e4
-
Filesize
1.2MB
MD5aea4305635b6f9f7db39aa2b7cbdd5ca
SHA13eb99297564dd73be536e6910b16c25b2ce67b8d
SHA256626ee3e4b7932d2168797ce07b4e87355f87de3bfc70f075b7b0e8f71aae66b1
SHA5123e57717202faf53551787cd90451c0b04106a5cb3466c0b28e98521fd0b7d7cf37745e02d9a3106c563e98f47cf4eac2066cee6ff5c055e4a0cc229eac2f5066
-
Filesize
1.2MB
MD5111c33b2e135cf74d2a2e643b547476d
SHA15f612e4ec9605060af3ca7c674fde3ab5fccdafa
SHA25651c2d07d43e1c65c8d5b62746c8bd7adbe0bf78add54a163a117b3e6c766c2d7
SHA5126aa65ef0d96e533f8e46e5d69700f2620b7943a28864aef9edef614d8ad6efe5419bb0e5e48d93894af03d3a95a06b1193c7dc7efd04c225f478dc0d0db189f6
-
Filesize
1.2MB
MD577355b04029b339a043f1eeae597084d
SHA170aa37ff921ebbaa8c7852996d52f37e8bcb4688
SHA2561c1f4ae802cb34650011743d09d062519652ec77919496eb4965d58435d4e602
SHA5122eb062f61b44fd85f3945fdfb3e5e83d55efa48d730459159335a44ef53b99543553b2b91caae0baa8c5bc9605754361848447c8a49ce17befd9ed6c4b7e3486
-
Filesize
1.2MB
MD5cd4030662933e942ce207760027949c2
SHA1e58ef04cdb4c606b4ef0b9e156211a2f6b6bfba0
SHA25616aa9624c9595478af1b2ce960cc7fa3847c86d610efb197b932dce9ccfc61da
SHA512aa78667d2022d23301cc70ae1cb706e0b498becec09cf1c9a1e9a0445d7331ee665dbe1e5c6bb5dbb24aea9ff248cd3e95594c73a4d9b83760758b214e461be5
-
Filesize
1.2MB
MD5a7bbd2763fa1addf7a5a64736471a89f
SHA15c6c21b3148fccdc5b61c833cbe51b02025bdf00
SHA2563b40decb1e9ade7ff20150b5499512f739a4f902bce2a46168b4451913d44b14
SHA51242f5294002c5aaf66fd8e59bb033cb91d7edcc55eb97526f5eb3dff4e0e557615b7a25269746501729df47226571e63bf24c1b60cde90b35662ad297109d8471
-
Filesize
1.2MB
MD5531e8afc358ac39878e620f2a06f6220
SHA18cccb5f789b6aece355b5268ff4e66495df501df
SHA2566a347b66ffe250a949fab8dce5e63293e10d95b4e251f02bfbf1fa24e6b570fb
SHA512556a3ceff649d4d06ddb4c280077475110ad2fa6538a5153a9a9edd8dbcc8c8f6a69b61390d8af5449cbbd1907610a1cc0f91038977e013f9b2b4fcadfa9cb5d
-
Filesize
1.2MB
MD5a035e1e078f0e20e2cecc78433c99302
SHA1b19a21fbb0a9fe95a0c9198ccdb09961b6d33e4c
SHA256ed12ae8e63adda051d02833bb5d96225fefb36854b32ace7e7a2500e1e0767f8
SHA512c3470c676269ca10cff84c0c88a7fcdccbac3c66ebf014e4de8d5ab0a60cb9464ada08a80bc894d3804a15349663415c26d9540f6b9f019d6a6f0156874b606e
-
Filesize
1.4MB
MD51fe6378440a351772583c6a91751ea92
SHA127a42e68967a3883b6a22b9c02495a4fbc69defd
SHA25643d17b6694d0140a7c7389ca16c9fd4a85c4449434f3ec76b75a16e7fc29e876
SHA512e17d7148a61b46b24cccd292219fc51f8f5f8bae5dab7b7d33f67de75f07f97bca05a34fda5d888044b38a702c14207527dab31c47c442ab5d38ca772e58b91b
-
Filesize
1.2MB
MD5909b0ee988dbd20b5ebf142175de8964
SHA18883c8d0320fd5d7837e2de5e1f0266cbe18471c
SHA256527a9b6668ddb44358a9ccf5ad0d527cb550868375b42fefc002eed714b140a1
SHA512416fe3a82d9dc2edf720712b120dcaab8b4261baa27c933b4ff9b1c3a23c9f7b68737a61d7477a74bb12b738cbfc3d6098d02b569a07aabac35e43c9fda19f03
-
Filesize
1.2MB
MD5dba9a7043fb6ff7c1ce109e3eb045f70
SHA16d9e04d1aa896e717ee59b0b9ded68ace110603a
SHA256bf0f9f76f591672d20f34532629ef4a15cf0ac5c30356c954094d672080ba930
SHA5121da8cd04053aa91573adda7390783af2b8f27fc30566fa35721b3ed5043df1c9934e59c103b1df9d98a9a903663ecf4fa073739a4e9e73e25cdd9fe52ca85aeb
-
Filesize
1.3MB
MD51148c1300c70a2a101cb15d3c8622a75
SHA101904e1286eda717ec516eae52fe683037063188
SHA2566b9dc25c49d08fed6815a3fccd0d1ea4436f244dc7162c5b78fb4e85b2be6ce8
SHA512b13795c3cfc1a0cb271f7deafe00dcb1dbec3a9cdb4cdda7693e1b700a8ec32a75eb9913db2a2633f18c55dfc5a9721355f93f279ae4e658cb2b223eb4105bd2
-
Filesize
1.2MB
MD5765eb117923d5988eb40801e8513009e
SHA11fa234482260a0f5024a50697b3eddfead597e23
SHA2565b8d5534bc255ba08d3e8e7ef6726032f2f26de100e648e0c358defa67875122
SHA512f2b640ae0ba99d68aad244fe14d68262069d494196817cf115409bf09549dc52f540411ec74bb5829ba5b12087f7e095998ea907cb3c44e9319b53450b0effe7
-
Filesize
1.2MB
MD5a3faaee003c8d89e25bf5af7eaa7c77f
SHA1f9bfa823cf90b2680e5a83b688d725072dd4baad
SHA256c1b070ae535b22826d7bc40a470134e5de086c3b23e2c05c11cae01234302a81
SHA5129ce3318f69fcdfb956f576ff887d937d2a669eddf1ce2a3c5b0177bf8d23b5d044557fb2521745161700fd988ed61b1d7d9e761ca7d78efe324dc8fe17d78fb5
-
Filesize
1.3MB
MD513ad93564d70fd394e739508a9c289d6
SHA16065e96e43260e3fbf09ebf2c27c6295dd62ec75
SHA25654b609228d979cfb6219c5ccd2834b0352459019bdfd170bd2e9458b9a888138
SHA5124a9c1f8b78d65ad6bf670595e709f4725768401944eccfc8a24af0090b036521a628b82d5249ea709183cedd47e347b6e2a6a12dc529d34c8b7f381611ef092b
-
Filesize
1.3MB
MD540bc0d45487acb217381fe35c5aa45aa
SHA11a5e795f0cfa7d0e84fd68f15367faaac6330f6c
SHA256209a910bff0780f740d231022fcafeb05f67ed440218fba64e72f8f4167125ee
SHA512292b69982dcea8e8b508e19b2e25b2ddac4cc63b2be091f987a932e7e96978693c2ab88cf2ee6980c87b59df54b788890ee2d0ae3278b83440581e0cfb25f4e1
-
Filesize
40B
MD54a0b907083f8afcc81fd894fb6c45d01
SHA17161d696223d3373ccce860cf81249d7f738a02f
SHA25687b0af1a5d48c9852603c2cd73097e27beb903aca92354231262ceba0e276e4c
SHA5129a917882b29ac03f6af556b1c4cfb99b5e8260a4bf9a179b91cb1a1ddf47c1cd5543b8d7f008d955320e567dd4fc0236e187717d4bda748289700b3fe920aca4
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
1KB
MD5c42eacc1c7e28d8c6e3e3d68491274de
SHA16c81c75944297285b7c9fc2724dc338e0dde897b
SHA2561de5dc7fc28485f01b0027dcbe8221a2a1108d4bc9df36416f0994226a1ebc6d
SHA5126d4e4fa2dd840e79e560d5853db81b9909d14ac3e045be23f72342ea5f9e828ba34cc7d5982181f134be084800cf5741ee70f32b1692eaef538ee8fcb58e47c4
-
Filesize
371B
MD5df352807120dfc5f93c6cbd363068171
SHA11e24a46d42de7ef37979907e66bc7ca4b0b0d52c
SHA256a297afbfbbef8c77e082d3a125af7d570c92842ee76e562c8ceb98a3af72602d
SHA512ce425e3ab7f9fdebd737314de42866197030e4c4048ba7f55020c2bbfe6c844a7905667f44ef7a7c8cedb208c2ec624b1e4e32f8ff6187f7d552e374e7fbc9b2
-
Filesize
4KB
MD58228f4fadea24e6104571adca96cb96a
SHA1f9486dd0dc574a6f488f4bd10dfe734dfd0ef0fd
SHA2561bb75d3e402ad3f9623ed834b3a75c953815c92b16493d9ec034cd8dd199b16b
SHA5127f2b584871b27e684697d4a7c660d7b327de35d9845733edd678d5d907c0f0532d3b905aef26b660eb87cf596f59a8e8dccef4594d3892ce24d9cf2d96c68079
-
Filesize
4KB
MD589adec6b4590869a1dcfd8a7a9579317
SHA1c9892efb112701767b28e9e4bee3cf0ef0c841ee
SHA25663b413ff6dbe2b54a68bee92c14f58e67fc07a43df828053ac0eaa6654463d25
SHA5129bc68ebeeed2f6f52529512f7aca17917d5635f7ceb8f269f81716966a7cff625455267269ac63237d454443075dd538f02492a0cbe3867f423ec96accf71aac
-
Filesize
4KB
MD502db362f43312278026e075a1ee51e3d
SHA189c4625d46b420aef5a9ef16d0d8926e3926f2ca
SHA256bf8007363dd08a3aa3ee563b6b66da0d2aee3fd52ad428bf41d8238f230c838a
SHA5122462db4e64773642ef5c3308b201d5f33115b4b9e0beaf69bd2b7bbf5a222d319a96326758a2042392ea2a20df535da0a9745d9330580c38969febab8b927c52
-
Filesize
2KB
MD552967a4cfc743203819fc0de12defcc1
SHA1ed45be1b5bfb7f0f05dd9c2f1dd03172f1e85649
SHA2567224846e2eeebb17ec177a55a26d93c9b4d4727770da01c1806be5575c241b02
SHA512bf06df623f6a3cf980d5e9e726dedf68f9caa16c77d24c28487bc190b789a729573d507c155f2d0852356e7c77e4008805cba276841354a5a0aa36337359367a
-
Filesize
15KB
MD5ca95b77c301d635319e3c584c617aff8
SHA1e51c8c0dad861c63099e4cf70d5516c68aaf38bf
SHA256e0d025462ce2506064ca5ba483af58787edde871693349460bb46eb75e38fa51
SHA512f92f51a116f3635d57640c1a0c2b8bb432f926acf994ee3bbb26213d7c3fcc482b2d4cea083290285cfc0612296d2e45758305622c5955f9dc8487b7aed0339f
-
Filesize
268KB
MD5cc7c07148b44b9ffa9bc8e8c1a359710
SHA1eb3cea3645c067606ee95758aba1d93d59eaf6bd
SHA256b67058fc7f72051f38d7eb023cd8ac5c517b513ad51c35c87df9e8b7a278b84a
SHA512e02719983b2932fa3a7b6385c8bd7116dba595ca7edb2f734dad4f254942da5af4a4f3fa36240375563f4195422d9707ee0791a9468e8f246835c1d2a6680935
-
Filesize
268KB
MD5317946ecda2e3bd62b07bbe4e7d31836
SHA19138400cb94b6479148784b538dcf160812333e2
SHA25694bd49fe0c4a06d7e72bd024c28ccdb074778eccd7f588e8e7a74b233e81a99d
SHA512067e9fe6eb435993aa80c7cedb5c16bbb93befa2358b0452b94c6072b58ea741dbac7ebc9c39bdd4c89f47d1a4fa6c204217c026d8b6943baa1e827d97fa34b0
-
Filesize
136KB
MD5f92c94374601a1d09bd60eabb257bb09
SHA105f139aa48ad967374d21b93e751329e0a18c197
SHA25650a0f9d6fd7256f464967f0c980f834343345a960da732e1445f6fa22ed204ec
SHA5122b65d7ce0c3d56388347c7adfdc68c29aa88336d31286f27ddd48b3c9a9c6ced3b66fbe53407e7ef505375dc6bfe7413d72527a917e5f79804e489a7dfb6a1a2
-
Filesize
287KB
MD54bb9f5e96614304356aed0d091b24715
SHA1691cbe1a9acac5019fe1794fcb27bb84dab836cf
SHA256db594220fea8c470c74d972146e90d39f11d35d9fe9cf62416c0a1a2b6e3eac9
SHA5127fa59fa2a2628b3c305b07527629de76409269e37170c326230db4227897ff1ae02d3042ad0837cf6d38ca9e413be9fcd850a81075300c36c20e2d2fafd2b1d9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
7KB
MD57b0e281ec747955fa3d30bb946e99c6e
SHA1c679fd5af1d6c36fbc786987952e025c37959da7
SHA256f8e2abf51b65f9f4ce84648e7e6f21832e7ccb32a7f6c848788295dcff2be31f
SHA5128baded2b09da55012d98fdf83e08619ad5533d623d7bb46fbd6fdec7238ad30143e336ac7272f73fee5c0e22ea43d71fc7eaac4dd645cbc44a8583dd39ec0497
-
Filesize
8KB
MD56011cd192daa8abe22a205c069fe591a
SHA1d417fe0469d9c7d871c0cd071ccb6fc35add258d
SHA25634fb5e1118b52ea408521fd976ddc376e0bd1a06ffd2f30e6204991d6b0007a3
SHA512a8f38c4a0b9dd67cf145f29c0847ae7d22cf12f67ae5c30aa6b83190e8a06a31e12755be2dc9888701e0e54fb600401cd263ea9b4cb3448c6557e44c60379b5c
-
Filesize
12KB
MD5c532ff2f582fe04623497930f088c56d
SHA117030c0cc1bfa2b154e7e258095a9b9b19bca7ad
SHA256bbd55e694c6100e6084d333293c0909cbb11b79cff91484415bf75454a21c16f
SHA5121ae201a3b1df050d1728ce50ffe84d740370052f77fd4e3906c530c3991b2dcd84be93706e9e511f229fb52e49ab4556921223d0b16466d2d8f4ba9b39e446d5
-
Filesize
1.3MB
MD58110fc846386fa9bbb5b671326332ef9
SHA1be82e421bcb12f6183bf9a3918f8c6aaa3be47de
SHA25686f90f09554e921957540ea22ff03448c54822d5760b9332bec809f2c3f583b7
SHA512b41a9f8a39d5d7fc440b35632be52afff4f190b93438c25d5806ca6542985d69319b81c7b7afbc1b5e37b5cd0815900d889e7b113d2ce2bf27e5b3d2c81735eb
-
Filesize
1.3MB
MD59dde21bdb1c614df06f33dc4f242c5fa
SHA1b58af293baf33522c72362b0fed91e4d544dc14c
SHA2563f6c596e09f9f233242b21033106c81de43eacae637c96dd2a2b98370ab1d666
SHA51243feb930e31167561a98f71840cb9fea4b77814782403950e9b3e5be93dc1f8896c8d9a987c7d74e7a97c541a10d0b094e80e0d6742d11b3370a37cd79008c65
-
Filesize
40B
MD5d2fbffbdedf5849cc29340ca0e6ea5f7
SHA1b15432d75827aebac414008bb69841e5c890b4a6
SHA25693c9e06f21a86a204d4214bc6f3980ed3eb2251465b94788dca2f4c60975fbc5
SHA5123a554fc6035aec077626485987905ad7adb2c5da2d74ab46486b6bde7f13ca997f8f55708e64583980083442765a22f4ad4e95472cd44833b12d5a6af69a200e
-
Filesize
1.3MB
MD521b36d4175e3a05e1bc3aa2d74e4675a
SHA175b33a2c123213726ad31b7c90eb2cb69cf84de7
SHA256001a0aeb250fb3ee780eed25cdb673f51695b0efff35391ec818b44d863ab9ad
SHA512c359df2bdf6f4a6a05fa932377ceae050ddfe0ffaa9733148a30e6e4be930154ae742332d347390310cc88da81de2dc065aed9369461063566dace05b5f37d13
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e