Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1030s -
max time network
1024s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
23/04/2024, 23:06
General
-
Target
http://blackmagicpartners.com
Malware Config
Extracted
lumma
https://surpriserangeloggypo.fun/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Executes dropped EXE 12 IoCs
-
Suspicious use of SetThreadContext 8 IoCs
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 11 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://blackmagicpartners.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c3846f8,0x7ffb7c384708,0x7ffb7c3847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3860 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4872 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 3723⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5380 -ip 53801⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.txt1⤵
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Document for partners.docx.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Resolve 18 Trailer.mp4.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cff358b013d6f9f633bc1587f6f54ffa
SHA16cb7852e096be24695ff1bc213abde42d35bb376
SHA25639205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9
SHA5128831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259
-
Filesize
152B
MD5dc629a750e345390344524fe0ea7dcd7
SHA15f9f00a358caaef0321707c4f6f38d52bd7e0399
SHA25638b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a
SHA5122a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902
-
Filesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
36KB
MD5541dbccc44626d3a427714ff8bf96ec0
SHA1a7a459e479cf7bb7d70b8a7b6c47fa7e83cccce4
SHA25647f186fb4d1790e744213506d89a1c3caea0e79231952c32ae53a451634762b4
SHA5120dd33e0908ad3ae9c31966bad65a7c199c579146230d4ef8b5a67e6e7090fe818454f616d4ebd989bd2f872cafcfaaff09798fe9bfe4303c9428878e9f35499c
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD51f557ae943b3a1e823b56cf9d410e7c3
SHA11340fc7fa2cf9fade7bebcc8b4dc62a1686aad54
SHA25640f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb
SHA51232d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169
-
Filesize
33KB
MD53cd0f2f60ab620c7be0c2c3dbf2cda97
SHA147fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA25629a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb
-
Filesize
75KB
MD5cf989be758e8dab43e0a5bc0798c71e0
SHA197537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7
-
Filesize
1KB
MD59ce80498a36f39e5e316470ba996bc85
SHA1fc876ada77c5ea2ec2b71d0715a00893e5268e8f
SHA256595b4bf9fe0152e1f43dc61fecaa373cb1d6ea223bf26afbae6975d8ad791bee
SHA512054e0cd0f4d398428b70923133cd23b286cb64158687bbf6ee9de8f119df9a6d4fe0d2b94cd22652d1a99b0afb32dc1bd82a749aaa6d2868ef45d12b76b67317
-
Filesize
3KB
MD5c1595759b7166a9ae98d3cec473d3907
SHA15bcb6aa32b22335983d9b2880d782746700a0427
SHA25695ad90392013cf4cb31f2449b18f85fff0bdf07a9aa675ed7a6b6950494f0626
SHA5125b33c84c61ad79f047b003b853ff8f4571d2036c8d54f21b2d8ff59b7d28b62f2ba70dc393fb60dc474053cc15295705b5764dba04a9e654b00b670dbdaa35ca
-
Filesize
5KB
MD5977c1e6b604460c8a837a40c653e8918
SHA1c01c6339be3beed113ea1b2ec46b47d6d2fd416a
SHA2564c86f1a74d695bc5895851a0b03b573eeb6822661be329b3855f80ac3daeec52
SHA51218eb96a86f55167014b1aa669307d04df4a89c0eed336487ca91a1ba6a4cb7d69e48eed7d1067d86852f95e06fbca9e126c522fe9d1c6b4d1dcc9fbe7980e286
-
Filesize
262B
MD5ee60c8ba8d4ad17c73cda9f8ca332b31
SHA15ffd31db98a295188f838343362d7e15b4b40942
SHA25688aa74e782b76e684cff8721872b05191bd05053a98fdc1b12e17ee455bbef34
SHA512f0023a04be628a3089bcdc2b67f1227dc3d2f438969b99d8c68da745adc5497124de38644d91d78220223547f9d5ff394ef19d505f011d98b7b352185af99989
-
Filesize
1KB
MD5520e7516ebfc2f4bee7148383e68cecc
SHA17a8fc1d138a479c29f5b9f46ac1b91169808ab1d
SHA2569ddacba1337ba114272c94b9e39a2a2d9887b3ff9df4bab5e0ac8dbf9d4cf13b
SHA51272045609f3b08323101bc2a99e2a30f88b0fa295a454fa52dc69b1668606946ff77acca356978e20c176b2659c2575b97ad28f20d7a8500b9a437f0d749c4bb2
-
Filesize
336B
MD5c01b74022df8cba1e3c61ddc72ffb6ae
SHA18b49b3ca2909c386de0e56c3a0b4281aa642e335
SHA256fcc2ba9d6d64206c21366dd1c70c2ec55c97ea43952a8af667d2ffd6cb403379
SHA512b40aaa39b132d2da6882bdbf021014a4b4ea1ca2c39476c1dc86e4bde0d3bcd33cd2a5f195d4f07be495528b9db0fd87f7f093cdbb7fbb08679da10bc7c3fffa
-
Filesize
2KB
MD57a34df8c4610d5fa5b07ce5fa16247e8
SHA154476bc10d112a8ca47efcfb6f73444e2a7a6f86
SHA256290d2d86839b74d3006749f5b612c230d200383c0f59f0be72462a5c649d26ae
SHA512e8384d9982b3e0625645c51e03045c1ba2ad2fffd385123c715622503d611915bf2c69670a95c042bcd3062363eb8c2ddd02504959c594ec5b49f4539bf8e3f1
-
Filesize
1KB
MD5a263e3962cc1a485775a7cf3d889ee16
SHA1162d97bfa8125eee6b30cb23644321b149e1a9cb
SHA256f54fbea99cfa71b50b11be28fbb229e7f4b5dad8097c358d5f018b5710dc7335
SHA5128fffc9067570313ca359d7393fce0975419ef03b5c57fb0feb8f307f39259156f6bb759f3a660f8dcf35584faed666846aef3fd3819aa8fde8218c70ceac9997
-
Filesize
2KB
MD59736c68416d36ba5c5226d8c7eeb9057
SHA19bab59368888786894c5064fe675fb024ab7e8dd
SHA25676a219f3a55ff4400277bf9109868b75f51bb7c0c5a68d1b59e755243548a9f2
SHA512806a976e60a07a02d362eb72b4d3e71a12b12be6b1047273d228c8f23c9d17e9a2012f8c4d544649b883f4e6df09b36fa9b354bd7a1b4be33bd677e63c5d9250
-
Filesize
2KB
MD5c669d19d4d68a4fe2ae11c895165e76e
SHA147a96e8ba60f6102d1112482e99cd33a68ea490b
SHA25666bcb46583ef91c11ea1e6bf5f5148f445b0e88dd2361efbef15e2115640803c
SHA51251b3d78cf59191e1b0ea6c27b4f404b4ac558518612507623fd221aff3b032b73292da36d6382448e2676119d87b288f2b41e2696bc5f0ec8d4e0ed8e3e50a83
-
Filesize
2KB
MD553a6b6a75b79ed1e2e4e5be2409be0f8
SHA1a124fd83b126619d00a9b5f95e4a6d9a5c4bd9c5
SHA25651ff9885dd0543e95e4db41fe7d9c2d17181e757f183723683d8234f76653997
SHA5128523d37aac0ef9b6ce6fa0436f7ade351d5d16db20ffbfe409175317d0f349e92f3f390efb1047369e99282c41fea6b8bc10b3bc44643717c54839e44881a5fd
-
Filesize
1KB
MD580dcad2ec8d4c7e1ba901326cf66d7d0
SHA1e84da026246312229c79ef90af57214ab4aa3d11
SHA256cf3a799baf0a2279bc17ddb153eff929e67a63b688a2b252bfe460ea0256a341
SHA512b08fa244d2f2bd998b8bbf5f5904d233f7223bf674065a1aa106764f3ef99f44942f27ec3802391c9d7fa93428ffa03fd68302a8a6df89c17d24b4fd4d9ed4b4
-
Filesize
1KB
MD56f43e06d90dca42e176c60124da68935
SHA180c4ec73c006eb91498255759848f6891f3cf3f1
SHA256e19a1b450b3296fc749e7c27c4096d8bcda008371080630096e353f5ddae87ef
SHA51235030039d14e2816cbc544241e1b52699947a91297340d40168f23469219dbc56345a58d3b2831b9b66111ef136597a1065a27b11677fe72afe97d63262edd6a
-
Filesize
1KB
MD57368479857c658977c27bd3853b21a8f
SHA114f0213d5d452cae612f69c013a2a0ca604c9104
SHA256b7a26b56eac4b67d12acebbdaf511510252aef2ad91cbbd765cd2354ea946ba2
SHA512eac31d43e6db285f1c66a293f789c069b6b7162eb8299b59b7aeb500533e97ca6e4cc42d9bb2a380516aab9d900f98d16636c8cf8a8bb2a767f7c53c27080932
-
Filesize
7KB
MD5fed96a66c04df46b8c85fc9a80dfb8a6
SHA1d3b7a76e8787bea72e53ea17d4f8011082679860
SHA25689b8ae3c85795b59a9cf8ca822440e687c57c89618895bf8925a4d00a26d52d3
SHA5125a5d5710a2bab4d7dd9a3267cd5342fac7fc223f349dac28f0b220a904180572325c2c300305c8e319219b04b72ebf4e0250fcbe3bcd0901821f653dab2acaad
-
Filesize
6KB
MD544d0ae6d9a8ad21eeb3ec088250987ae
SHA17680676d07ebce735dd55819c177b2ed8d12b8ab
SHA256fee70da0b40f0d8cc80ab692e9d143dac685e1fe0692ef1017edd420e8fbd2b8
SHA512c2699514812ca7bce37965a5b99e54eff572caf3e2c2d796a47460eb50aec1e430f0cf585a9362e7bcad85ea7d2fe144fea507775b16c754a78cf82e2abb5fff
-
Filesize
6KB
MD59b943aabcf073c5068b4324016d7fbd7
SHA1a15c5825049f999a59d60c0a4f2a40ce4aef2ae7
SHA25656f202e4d4de8c7f9dd76ec53b70d029ae3eca0c37168a61f3e19c0b9ba1998a
SHA512125a53231cfe699f8b249122803aaab93e087514da378b50f2826ec246d72e93f511ede64448b537780f14ddf074621ebc6e9ffab0db9ea7328f3cbb2e05be81
-
Filesize
7KB
MD511eb920863a069173f2ed29df0ac11fa
SHA10b091cf1c190819ed199087fdc7ee864425da597
SHA2567ed47a96678e8da6cf5cab30f4cfd2067008f404b27b8c78826ce832852f3360
SHA5121cfbfc13ea7e17b615109ccc68b05764b65824130248f81ed6d923a648e03643551fa1c11ce2d16033b630a2684a9ffa9968f5e20e726c92e513aebdcf2e39da
-
Filesize
7KB
MD531af62040d09ed52499dac69a33369e2
SHA1c19e244366db1a2a3aeb7999d732e3ab8fc14792
SHA256647664a51f43813ba41446a17956461c774a367baa2935331fc3ddddd8b6a0a9
SHA51204bb474d3d762408a617c6294234ce1717db576aabf589c162e8ffe3d17e7ef76d5fbdd236b76f9e76a5d6ee88e7e19e02ee1254a4acac906d31c98158e993d8
-
Filesize
7KB
MD52d7cf284db948d5c6df7825c0d3b55e4
SHA1b0a8b287c7ff2aa9c7a90cff2703d0c6c8d54847
SHA25686c1dea0f05847e5c9b4a719be3a3efdcaadfcdf1ee414a8019a8f7236400214
SHA51226d04f5ab2420f00f9632c469851d296a0cbbd62faa40115c44909c0a65cbb73b195e166c2d1e2774a131209873b89adf19b83ca0da753cecf3e63ea85e70397
-
Filesize
6KB
MD57e8756f7607956b629f4f5aed9fc0149
SHA1c864914424a8eef881afb4603daf785a629420cb
SHA256dfcfcfb313cc8d2b3b8815ccc5d8350974e77e1565d81f6dba6369b54f86466d
SHA512da38ee78811ee75cb04d2e39cbcf6ab8061d4a6eaa67c9262c50ba99b37f18333bff0b58e3ee00264c3426675fad600584f75738f1cb1d7e275b4e51c8ae844b
-
Filesize
7KB
MD516f5b8b173358850d9d69a97c046fd25
SHA1f550dd1af180b292750c71651cec42434bbb8b1e
SHA256264790b1c62d7544d8546c0dfdb935b8ec2dbd23eed460d952847e1e57360ca9
SHA512175185b63ea6ab94182f85deacc5d74307379c1510a9ea0d576c91dc150a7907a9e06290ec310b8456476cef2303b3c49f2c0bf7a7e3687c953a7eb534c97d65
-
Filesize
7KB
MD5d0d8c526f41e4440bc6a4bca532ab65f
SHA15fd11daa75808c595295e840d464cb27d22af271
SHA25643889ce42984aa1606d1a3a2c8df2a6780aa1e44374954b76e0c493dfddb5104
SHA5127a2cbe0b176841d881c6f62791c58557df6f8ed926fa594c1faa2b2e1117f3aec5ea855c2a9b62d0b33266b81cc4c09fea1c409a79c9b5ee864065fe0d82af61
-
Filesize
7KB
MD589ec68abc6a22fa342fc7d2f83501e16
SHA1abf35401f9b1fe404a2b04a48a7219bc45918e9f
SHA256d461e2ee54e7c9b257681b712a51e3101533b2b4b3b07c1e8c9c8d7759509b66
SHA5123d3d884fcbf6f16b3e45853d76f6eb7fd585f872809289df1f678fd8beda99cfeb8fe073993417dd979a0171bf1a8b7562408227ea6d86b003a049aa45bb0d86
-
Filesize
7KB
MD528a7ad9d784d0cb987ebdcb9155e38c8
SHA114bc6e8b7988f5077cdb6d54e66186021f6710a3
SHA25698cf7b8b0ff066f8606ac4b9acb69ba40f987a402f71688143d5960901629d01
SHA512ebc04a9c901adf5f00678af83b93c08ce81008a8d7f1f433964e24d94e8803c6733937028570acda8be5cd9303faa4c53e6675e641d30f9e9d53e60788ce57f9
-
Filesize
7KB
MD5a91f1e0949a68cf13b43fa9e3b122d50
SHA1695de39bcf0cc819ec4b20987dac1f4aa2e2af44
SHA256b9df84f77a897c319ac6ebfdd79e95f129cadc25ca8ee52e8b0711b7cbecae6f
SHA512de0615c1fe9007feb89551d398c31fb2b0a4139cbdf442680717e99440dc0ab7fb8cf1f81138be27226f0349f9695caf00659bcaffb6b30d007cd0f465eb04ce
-
Filesize
7KB
MD5d44910d9e4824ae0408796219ae014c4
SHA1c981187e6a45e4f601233a09b0204956841cc6fb
SHA2561db82a1f3945da4a8f5b4e6982282e7dbb8f0bc30708b06a86be5a4e2c454caa
SHA512e8f49426471f1381fd326ee735d1ec45920adfbaa8c9e879ab6a99b746dc0cf53c3680776e1666105521548772fd33462440d19295711afccca3b906864dff7a
-
Filesize
7KB
MD5580eb2eeea8460cb399c2d918880da6d
SHA16c98e6bb1bfd739812e1bb550ba02c3406955dd6
SHA2566fd26c02dd7df0efe9b42340b8a90206ea2beea66e294d69278e806882cad7fe
SHA512e6c182cbd18a3a12ff855470fc360163771d1bc823ee81ed621aaf24f099383c5088363b2faa388af10a14447c16f6f54e7fd1f9df5ccfcae9ade376d93aeed5
-
Filesize
1KB
MD5415a2ab45724f8403e9808bdea37b9a6
SHA1b9b6e279252e3e7a142e5ffcd564fe2ae18c2df2
SHA256b690322fe09db16420a6d7e169299c61533f65758d513f62a72e6bd0edff14e7
SHA512069f0827df9679e6e947b077d5cd2f2241a992eef58c44a924fc4dc47e580eb6689d58b84b70b38aa2c111373a6eaeb42dac11f410d2925091f95a2524fb07df
-
Filesize
1KB
MD5fbb6c184db7fb7f87509058638aa2951
SHA17b805bf8b49073e2ea1629f11d130060a267f093
SHA256e748707979fe0d846599c2e112683c096cdf16a382dfd6db4fe5913b07f33838
SHA51225fbb3e484999dd1a2dfcb3498361b225a5bb5cf5e886854e800bac95197bc489d4127a67ad5c9316a7ec4220a5173c661c23dc5b4adb2c473d5e6dfeb16dc5c
-
Filesize
1KB
MD56a97c7a884f5379b61100ee08b39a459
SHA163fd049e8fbe85b5ade6967b4b57818bdc76554b
SHA25645c90055c71700c26ff4784a1ad81a5abf6b49993cff6ca2aa99edbef61393c4
SHA51260d3a4d0f9457c218103c3f40c202c61916319d5029c4d977a06f2cd2835d55ccef76a1b4ed39fec9bbc759f49cc6c3d1bd727cd8da23094df63424cb6173e86
-
Filesize
1KB
MD5328a380facfb72e4010e047dfd4f95df
SHA1fc27aa729b9f9150b26f9355c89885463bacad92
SHA2563aa11d3a7cb5c8d59915f97959214bc99d398bb96f53e7b29e78b6742242e9e6
SHA51261de1d3ae5315e7cf1fab33f982bd60989bc85d50f60743d9f11f3e5ac325859c9685f5690e8dd4207b176eda8f0b30e7ddf6f21ab43a17bbfccfa62f053ef53
-
Filesize
1KB
MD575caf2f8d83cf490125ca64f70dc7505
SHA118a6b46bf7282ff03a79b1d80aa58d18fb6b323c
SHA256709a8207ab023bca7b3bbc8d083ac648857595294a0ed4852d44530fe717fd44
SHA512b7d5a7a9271b319392d5fb1c8373f01ce3f921b21424861f8e0428217306afd5feebe4e422fce00f7ad7a8d1369b9955dc3d9b832cbd36e951ff939d2ba972bb
-
Filesize
1KB
MD514897dbf0d174d2a7caf2f4e4a019248
SHA10d66ab959800647167a5149d5f43b52e310d68cb
SHA2566d59969171fcbc783990aea0b744b25ff530d948c63da715bfac5410a97e0ee5
SHA5129aad13f41c862a74b9b9fba04dfd58b9d0d615ed38df813e00fca4120946b1adca2a233b8c37b0668dde9e0759ad6e218c80f4d1a1f802670348a2b34892fe35
-
Filesize
1KB
MD59c8b951961dea620c7eb1984ddd92474
SHA1942e745c8b2bec20772541a40250f7e13252f75f
SHA256bba25963614684932233968707d86d32f30c22ff88d0b107beed0b0da923be90
SHA5126fcc95a8ef737a45fe12c85b2799ebd41d75121b0f0099e88dcffd4b0c7b9504c18ce565f5c23bb0a25075e5b6dddb73049531550e91cf03675946698774dac1
-
Filesize
1KB
MD5c01e6f42e9519aefe80632309fbf2aac
SHA197837021c92909fd31717cf8631a00d73af013b0
SHA256708d60238ddbc9ef495010b6116800d20afdf88abb4183d2e3fbc7546c61b614
SHA5124fffbf34389bc751f0cca2ff3927294921b3aa658118d02ab687cfd0c32ec77a27c6a6012879c5cf3bfba7434c5c92e2eb8d09e49a6783c2f7faf0318c7aed00
-
Filesize
1KB
MD5366c2a587e977b7c12871bed894c0012
SHA1dbeac894e85ecd1fb395dcae1ce541db2210a2de
SHA25681ede5c780f95f9c7efd839099a2f2d87b83cda62acba79dbb015291ed0b7ab3
SHA51292a033c8cc4f6c3b04c90055f4f8eea635db2f4a8b6c09e780eb32b294c821ada2ab12837d043835a91d1bf840dc2615e5a941fdc43a30536844f0cc3a174b8d
-
Filesize
1KB
MD53df6f149eff9cb3d701bc05d2aa78bd6
SHA1880133f55a488d7989e81092934f5dd072353bf0
SHA2561fee19f75a4d1b17646d2811371bdf1ca26487c3a5a22c73d776aeeb48e7df7b
SHA5122b4dc1438739093964a5c8364ec622f7eb8a1137c131fbd0f9e13793cd1446e005106cc690c1370691c5a47342fc0655dc79bf06200a3b9641367c46a61b8426
-
Filesize
370B
MD54a17187352cf9f39cf5323945b8c2df4
SHA1a1e6a675ae9fc063e4f8d8827ae148aa729cb347
SHA2565ec60191ea5b9d526a43ae1ab56a625d914e967f73cb112a1b25d01f35da598c
SHA512c1e02226c1e479c1e2a0694f41bc279793f205761fddeec6d3832944e49bc17743495629dbcd2c1d2c09c408d62d1f7365223029717033998ae4a266320f1d16
-
Filesize
1KB
MD542988c236b1224a3a38f89029ab1acda
SHA1e3f42c43ed90b967fd574b20fd2d5a3da016958e
SHA2566111adf0494e6a80f7230258f62d76b46384bc8d5bca7614655a2563e83fd420
SHA51210129b9bc8c53f74717e6ab4452916d97470aef3bde7494a324d530988582f55d4422e8bb183be7832db80c14ac737e60c778d0aae2eaa469a904eb935970d02
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD504e377dcac1e3ccd9d2e3159105607c8
SHA1edf0a24252f6f81a7f94316dadd34e1589239fd8
SHA2563549e574d8b515ae2017fcb34b7807355b0d7857e8e3f22c253aa57022e59764
SHA5129c1a7fe7254ef28fe6eea829c021beba2406f7db7b8da6982f79d539581f199f54f12110ff9f2784050a1d81283888fa719d1593119c4ecf018c10baec9f75ec
-
Filesize
12KB
MD524321f9f0ce764b2cd8c8e236506f9a3
SHA18d6c56f0b4824de5a4f9db6316dc3bdacd904529
SHA2562c2011da076ce7861e4383d63aabd162211a6b3efcc64eb689202a0c6113df1b
SHA5125b8773d2a0eb88a89c0c04838e992d2861f1de2d347a1bd902b5c6640219ea6aa96184b43e4d59f883962984dce469972b6665b240c1e67296766876062d248e
-
Filesize
12KB
MD5b2bbc5d7ec00c50542f452c645f6f578
SHA1f47ffb6c0bcce194e056eb069f772c851d2c11d9
SHA25672f1772d4619359c5032699d7b6ee1644252467c0790904b7d2d175ea03f11dd
SHA512d7678f40f4d18636c54dd6ad20c813bb668d25b589fdc10dfc7adb689a88280a2ba218e27961b955eaaf606d4e945ae1582ca743b835a5bc4c32afa8ad615e76
-
Filesize
11KB
MD5bccecae141bcac5a2fc97b8ea8f84a96
SHA1b6c8974f22ebe2900d80d76c895f83e22b806597
SHA2564866468cae6dea77f3072425f68052a3631a6ba05bc88830f7399add2b9fbb39
SHA5126f5c7f7ca9ac18c1494e18a915feeaf6845e878666eadefce9f67ee4141b9510da7072202b214a1a2a714d791e975e541b249536f6147bb194ff22c20abba6b0
-
Filesize
12KB
MD5bee4450c41f725b70e0129b033691134
SHA13a4db9b789eec1406e4067553d0515fcc49ac7bb
SHA25699b4b8624f69d463cf784f6097a439a27ff158d8b20315786e26208ea80ae945
SHA5123fa857d71649b22c3fea40b55b8b1001acb5a924069275729f73939cd2be9aa482cc7bee77b60ca40b7619ffae6296f902ad0a9c7790259cfb01596a711ce3da
-
Filesize
12KB
MD5ab64d010ab322430e018331f11938a2d
SHA144b09288e1f101789b68db075e7db898ba4d6e40
SHA2569b2ccec9ceb0973998b624cbd8019d2160888fc5bfa51335489ba252f83f66c6
SHA512b885a2db9798f4ddeefe181edeb452a7b9e4b037d41d0d276f026a55bff422702f0b8503bb625d74d0d22b1304d1a619fdb330dc8fe6a8a3faa45c2fa5d92914
-
Filesize
12KB
MD5011bfb38028d4d30f9c2923a83681407
SHA1b243bc9c2f17a61dd0ee9ca5e10d64f703b360d5
SHA256b9534fc7c9273c81231cfc8849522eeff0e34d5682b42e1a75a74ea3b3b9afd5
SHA512fb5e7a394e8c8579b26047e22d5cab09d87173f18762642fc1e11c6f0d04eb4cc467d411e3107bf3b50caa1589b3b34cef2c2114a0b93e84165af320a97ccc5d
-
Filesize
12KB
MD556be5efbd66fd2d515c85b5b5a6e7d4e
SHA18946f39f9206fc939ce73e5f408d69d9dbc8d2b7
SHA256aed2c895bf5106ce33f3386f90ca64dfb1fffb545a53941d181039e7b4784850
SHA512ffe87fcc502c4ae05583d9d2d30160c467d965aca673125063096053c002c6d4166fbc488c0876a8d551087dcc026806df890444b18720373786d58d7e020c34
-
Filesize
12KB
MD53fc3f9c62648b08f674f6af8fa455b16
SHA1d8668123a20f6c0b457786c3da8b21c48d911d12
SHA25605048ec728eccfc325ab431e3b445415feae5c49efae4aba18776ff72935780e
SHA512734d74d3f135321a3f21db30a7c81cef9897707f28586cec7189a67253fd6f806241dc775cb3f4faf9d130ac1af94b7e0e64687f0fd3a8b190ef5eb097783339
-
Filesize
4KB
MD5fecf7ae21c6acbfb205af37c1a618e09
SHA153168be368b69b75090bc82dcc08f0bc010c636c
SHA256200f3a35e48fd3ff3168205f4bb67f0b43de03746c059c514f20a057f9639441
SHA5124e8f8c9c7ccb6f8281438b04e478a6e68f6b094bd0019f7769d02af4d860ece4fe676d14d45125ed2cf1885aeaf4f1ca49f8d15c56af3502cedc352d644eaa1d
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
38KB
MD53992f464696b0eeff236aef93b1fdbd5
SHA18dddabaea6b342efc4f5b244420a0af055ae691e
SHA2560d1a8457014f2eb2563a91d1509dba38f6c418fedf5f241d8579d15a93e40e14
SHA51227a63b43dc50faf4d9b06e10daa15e83dfb3f3be1bd3af83ea6990bd8ae6d3a6a7fc2f928822db972aaf1305970f4587d768d68cd7e1124bc8f710c1d3ee19a6
-
Filesize
261B
MD5400895b083f950f7fe7b72a4bc624a46
SHA1bd4fde6d0c75be33f309dab4e965f4d5ab6219a0
SHA256bf224d33d257cb7e269693b2e0fc85a2c21a9af31c7c6508ed612f6007c55278
SHA5125e0100ff463604c52d3067936eafeddc6f56711235a11c224230f7e4fa812b8603fc43c61afccee26468575d6761ade17770c9ee287573ee5c2abb6bbe2c988e
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
4KB
MD57aff00e9e6b76e7658bbb1562d5ba986
SHA140e451a2090e0f71aba895fcaff8b9e277beed78
SHA256bfd5239d9d16f861fc48140a38a82d9de45c9eadb3c6c9d421a8875065a6c1b7
SHA512914e0ea162fe3675b97ce9df782f90575ab8df2e8c9e501caf574afbaba95f1f05796da4d86399ca33d1a856ae1f2c8fba8fcd13da0d61bad1d4f4f0d0ef0c4c
-
Filesize
3KB
MD5313dc738ad4df189259f3b54d43aee75
SHA1113067b483ef592cfd4a27662c27d42f3d5bd34d
SHA2567083bf0af770db74487efc2dddaf9151559d8d8e67cc582e0d913553b92f9007
SHA51277d104196e5edaa3313d5712cb096d889e7d53ac46718f54245376c914e4dee29918fe90fc56fea1ee25e798785e464e4fbe6f1acab1a12f9ca5d4008ecc0b30
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
312KB
-
Filesize
2.0MB
-
Filesize
68KB
-
Filesize
208KB
-
Filesize
2.7MB
-
Filesize
96KB
-
Filesize
16.7MB
-
Filesize
132KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
992KB
-
Filesize
68KB
-
Filesize
108KB
-
Filesize
260KB
-
Filesize
116KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
192KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
312KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB