Analysis
-
max time kernel
1007s -
max time network
873s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 23:44
Static task
static1
Behavioral task
behavioral1
Sample
readme.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
tin-safety.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
tin.exe
Resource
win10v2004-20240226-en
Errors
General
-
Target
tin-safety.exe
-
Size
439KB
-
MD5
df2f4fe97492b1655354f2727648e083
-
SHA1
2d1835c7f35b04056a2f36412ca2ba398dcc4661
-
SHA256
7e1d01a3daa51e2a19e78890912a44fd0aa1446582531cc897771c675046f83d
-
SHA512
b53c369c7df267e0980e12dbfbea76b35069a192017bc5e8487a2500ac1e591b1a6857392bda47f57c1b2e565af1448c5f5f6cd8c4f693c780a415c701048e2c
-
SSDEEP
12288:Yvr0W7t5WoX0bhj3PtrqMhEUrekuyODf:YTxp5WzrqOr
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 192 raw.githubusercontent.com 193 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 tin.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{79862AEB-6338-467E-AA5D-47B0F8EE7E54} msedge.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2696 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1672 msedge.exe 1672 msedge.exe 1692 msedge.exe 1692 msedge.exe 2600 msedge.exe 2600 msedge.exe 2600 msedge.exe 2600 msedge.exe 3360 msedge.exe 3360 msedge.exe 3092 identity_helper.exe 3092 identity_helper.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: 33 5044 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5044 AUDIODG.EXE Token: 33 3748 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3748 AUDIODG.EXE Token: SeShutdownPrivilege 4872 tin.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4004 tin.exe 4872 tin.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1692 wrote to memory of 2176 1692 msedge.exe 123 PID 1692 wrote to memory of 2176 1692 msedge.exe 123 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1080 1692 msedge.exe 124 PID 1692 wrote to memory of 1672 1692 msedge.exe 125 PID 1692 wrote to memory of 1672 1692 msedge.exe 125 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126 PID 1692 wrote to memory of 1160 1692 msedge.exe 126
Processes
-
C:\Users\Admin\AppData\Local\Temp\tin-safety.exe"C:\Users\Admin\AppData\Local\Temp\tin-safety.exe"1⤵PID:4048
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x3101⤵
- Suspicious use of AdjustPrivilegeToken
PID:5044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffeea4346f8,0x7ffeea434708,0x7ffeea4347182⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4944 /prefetch:82⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2252 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:12⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1116 /prefetch:12⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6904 /prefetch:82⤵PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,17531743493100916052,8835777949613644365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2696
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x3101⤵
- Suspicious use of AdjustPrivilegeToken
PID:3748
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3240
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3192
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_tin.zip\readme.txt1⤵
- Opens file in notepad (likely ransom note)
PID:2696
-
C:\Users\Admin\Downloads\tin\tin.exe"C:\Users\Admin\Downloads\tin\tin.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4004
-
C:\Users\Admin\Downloads\tin\tin-safety.exe"C:\Users\Admin\Downloads\tin\tin-safety.exe"1⤵PID:1448
-
C:\Users\Admin\Downloads\tin\tin.exe"C:\Users\Admin\Downloads\tin\tin.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4872
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD530fea94c8ca6b31860f61ed2d1c18287
SHA125524d8d08afac2283919f0df0013909469bb260
SHA25666a811042a3c18614421b403fbdd7b91fad4e0db7688957c396de80062c5d44d
SHA512e64b394d2644b8dc377201246d9421e53b73e20c312ed70d6be48fd4b1708fdc2bfa03ed13f8b58a28ba5f9c39b69b16e3fad5a933acf6beb30412e9373506fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5f670391fb8f17875fe57d9742d872722
SHA1abc0278955c400d43ab365c97986508f1fb22844
SHA256a04cdbdece57c1f914d4cf0a0aaef5c36005acf1a2d6f84d3f926cf947cededc
SHA5129d2cd9382b8ec4c7ebff43cbfab023d72a2c69c461c57bf2a4ae489d0f37f70510c51e135493747f1c06aecab2cb50dc88a851891f71ef13404df7c526077cd3
-
Filesize
4KB
MD5ac8e460e634b59e99bbfd294472c9f91
SHA15153cdd61f7b610b7504aacdaa5b8f963ec1aebc
SHA256cfd5619d85474dc5cdd9907d16c36b712bf44d793fa691e311b0bf98d9f7d1e6
SHA51254c29ddbe2a8c2b4615f1f53627f46cd9b675f7920e5a70f52519b97074233e0bcb269e7237ec49ed02651060cf66d7364a4387972274609b4e06d53cd3f2d0c
-
Filesize
3KB
MD53d00d2c48a507111335129a1e10a9fa7
SHA135b3c02605054dceaaf5886f88170ee3cabcfb19
SHA256e633cd4f0afd2960d36dede7cb6ea091934501d614fb051a30a9726a700679a9
SHA5123254691244a51e80f83f7e21b3088bc8c10a5f3add5b163f3d91e4ded40b622c3e0ed7a7a144e449064f74f6727af3e4910794607f36fd7e856c1e1b29c86b5c
-
Filesize
6KB
MD591c33fa6674afbd1209fa06b2bbac09d
SHA1915ef905f975e26257064bc490d35585726828f1
SHA256a6470f7cabc76aca78671529eb6f1977f59393669111cced8396857d35952b5b
SHA512af9b494e14ed2c17dc57fff71d27a3ed952ee7020c71f3e48bee2af188d20cd0da8febf39757c5258922c6237e04b3d79b6b00a7f9c67c33b17e69edb5f21759
-
Filesize
7KB
MD583ef81c6a0482e43e5bc64b7ed802d09
SHA1c74cd1314d440a042f883619de888fb677f68289
SHA256e4882fdc67570ca6f9510f78025198cf968a03019af050c5e09cc605384d137d
SHA5126fdd9f0d89738c47b413d32b9a5b985581180da0a19a9328dc1a6938f26d344bd09b40c76e0d6f2ce0a1af6680a912df11ea70d017305a132570dd5b1bce2182
-
Filesize
8KB
MD5647f971b669d8e5d9ab9d4feca827b77
SHA1941c87fe4eba1bd95d3f51d5c71a64e7a07b8dfd
SHA25668ab97d8d20f8d97fa42a3d16c08e410d9f33599c49c650d23d2e2ad58a16eff
SHA512263797940451a710938b8c7bdca028c0dbd3582bf7880690113d6173daff6e87f964fc6724a3f6f813ebda8872b7cf923c260bc01cfcfee78ae87d340adec7d2
-
Filesize
8KB
MD5c8fa50d971d854225476551cfa4d23c3
SHA133d7e1186dd88e095dc9da9290ff4120ba43a18d
SHA256f5edeb1ddd834f23779fabdb883dccf236a602d26d910457019b278017ae41b5
SHA51227b751e24c6f57e8d7e06f4e2b3ab26020ca76ba992fbc3fe8a0705130c23594d425b6044467edbe3242160ea42e77ec60f3261ca279424e7ce3db6bb78286b2
-
Filesize
5KB
MD5b220d198bd9c34d367b885829ebc16dc
SHA1ded6fd41a5a9b70b28502a981d21dfee51306441
SHA256f213ba8eb05d05b65e49e1ab1b4a18c54692e0312560381f97e16b347898f5d4
SHA51225a35624c3374c50982df9890a22c94cf15610e6aebf01e5058a7a79cc75cd94b75cc77d35e5e2958bf8eb12461e3def23d4bf7daddf6bd1a792559b574e945c
-
Filesize
6KB
MD50d9f133b94bcb6e0fb20eda188a656d1
SHA10a83bc6a5226544d6c8ac094c58865f1ee929533
SHA2568a8490969f98b521e8d2422a9f01db668356934bf5aaa06bf41d4618e8f977b9
SHA512c3aee0ba9c5e78cb7d4fbc11ea83766f017be78d541c259c22e6395699b7c1eaf19603b655442fdb55f09309bc22390268777daef26d00b09cc9a47f308d766f
-
Filesize
6KB
MD518fd29e1816cfb6a3a2f28702dbd7cf5
SHA111d478ad69677116be62fa5d9084d9f1cc3a0777
SHA256e75965104c548a6b8894fb4bac3e5045f54058492076e43eea3c6a4dfc15628a
SHA512bfd5e5c9803968f40964b1be7e1a7ab840ba0bdffb1111a7a92da811611fbbf093bb54180156317339febb8b98c586422e2a4f08f54990e37621fda205beeb0e
-
Filesize
6KB
MD528f3ca00a6cae544748f2792fef16c27
SHA191ddc35c5289b9e977bf702c95294c7c2ba2a154
SHA256ee7c6b687780f3153fc2d1c91d45c8892dbb860e6ba0b80796079851da1c72e8
SHA5120e2c779a9cacc52623178bdafdf8d0a79bd071cf3d31fef46dc80a1b621d293fdaed9bbabcaedd1060c84fcf7aaf7548156c7df30575e758a229b0eae8c584ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\491ba3f6-4c90-47b3-b450-88e26f3d8cbe\index-dir\the-real-index
Filesize576B
MD54fac78d512e3da8779b3db3b214e332e
SHA167f2f0ebd05ddd00d8f4dc2bd2418f1be526a3a5
SHA2568241044bac3f90366a82b47fe777a3eeabb89981af5963f3154fd5bba346d8ef
SHA512ff2fdbde7ecc0152c7f6b699b630ae61a2215c8d3c6878981883f28d2ca91ec174ab07819433240d83bc1a35bd9bb0f5ee0a6646533a0caeb02834b9ab78c084
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\491ba3f6-4c90-47b3-b450-88e26f3d8cbe\index-dir\the-real-index~RFe638b9c.TMP
Filesize48B
MD52234b3715f37bbe74ddc9be2b3d02a58
SHA134b251b91bd47c33321d669f5998ea2f248d28c8
SHA25652f0ee161e534243e54a1d9c4023026c04c2386608e2b6a9ff4f07e5f8bd3cf7
SHA512dc97df958c6ef4cfe14182f823db4be0e431a6ebc9cee7c5101f9ea96b7a9ce056d8cb3c4abdf4d0909aebbc777ecb64076d99ba6230b3ac972056fbfbf305f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\540746b0-a0c7-4de3-bec4-4ca418ef1efb\index-dir\the-real-index
Filesize2KB
MD5c21535786768a430210cd8f2b6934a78
SHA10fa7b6592b7adfd863554714f17cc9bd01d66892
SHA2563f444adb461822d34596a859deeedbd30c6e6cebd7a9ccdfb39ad9b1aa55425e
SHA512fdb77584b895720445f908cd5ea4206084d6071d035384f97fe16cee6d8a9af1eb6af53d6cc83df016af9bad5ece7fd1f81f70208709b6d8feee1b13b0745f70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\540746b0-a0c7-4de3-bec4-4ca418ef1efb\index-dir\the-real-index~RFe63acc0.TMP
Filesize48B
MD51a1d654d6550ba07ce83dc5765fbd2d2
SHA154f3a7d4ab4d4d16418ea9325e132a261610ecfd
SHA256d96170ca02fe77f738b6f71fd8280ba668eb7bc1486d0334cca41bcbb6b1d993
SHA512a9000a16f508ceec6e398d77cd465f5effe76f40b4dcd46fad7d9365c07099b3874f7e9e76e7e6488eb2487d811f8f7f5e939fed6ea0792976fbf99e141c25ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5dc427a6b25bb3ac8d2e07e508bacaaa2
SHA17ae397f742cd0a45762567c53975777aee04b61d
SHA256ebd50b726d63ced0c198cb6fdad6e43bfed52ecf231b4b5ccaa84fadc51cd9ac
SHA512f8787591f079de507f9842a9be36e1626bc5b9de2bb1b04a60efd076c127726832e159e2c52507ef8d7bd1dd6b657ee2d9f6c200b1723a6e83e01104192a7fc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD50589079e33b348ed34c08856971b96c8
SHA141e63113c23eab172aa09335da1d4a658df11710
SHA256cf1c0aaababeb3f758bda4ee9be3199559189d37da551e46f67db1da3a572046
SHA51245f0bdefcb66b4458e7541b8935b4987f16b9ead9a101bc2c8a81ccd6c95c577a8437c69d84f2307f70f317588531ae45d65603498dd015a2cd67ed0b904ef7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize155B
MD5dfa32a4f91fd46b0e307fd87a0a50eb3
SHA17e7a4a0ea0ccb3322ce6a53ff06f98362a841bde
SHA256c5d1a07e422824d8088612d6a1d13fceae86417a743c5e4a64dc87dfeaf4262c
SHA5126b8239589f508ef3f1afa7d045236563d4eb682af8e91ea82ca51edb2328e430b642063371d37e80e0c10b52d7eb13f79c4b3cb0cb3a5219d74626a55ca4c951
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize153B
MD584bfd891eeb9d72fd56e061beedb7c0f
SHA11212e197b8b510f84adfae30f6712dc22c720595
SHA256a10dbbc63b481eb1c35a0be4e275c39792bf6b0f1cf61b5224f9c5c5322e85ba
SHA51288717dd96bd5ba5029497648e9d8d5922754188e1b1b4fd7bc2bf5da6218357d16a219fed20c0342c9c0b96408430aa72a57a848406ca0c636b8c7061327116c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe632e68.TMP
Filesize89B
MD5fda2e1cd6e2bb661f5073afec7f5a29b
SHA16d5f0225ebf00046d96b3862cd1cece6ebcf04e2
SHA25642792f772a9111df31423728a0ea95bf0147213984e70aeb09b8c8f73e160d45
SHA51251cf237d17214f0664f2a30569c4c9102044a3f8c7e0ef8b731c981271f49b7d84e84b1794a8337ed40b21883f71dfa4837bc7ada031a59472ada9c124fff561
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5c9981885aa070b589b57bd644570456c
SHA1496a4cd5531d5b194675cf4f445810918d388815
SHA256686a5e45ab2b40878c6d7269e6a486e61a52f31309d1285bf03cecf5fbc7baee
SHA51205d42194c1e05a15a80772173b3142b4b8fd7d9700d76b86106319458fd9d4100d369419873ee8f854ca2000d61d8560fffd6906107a6c66e4b4e3e0d191a559
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe637de0.TMP
Filesize48B
MD5d8f234802d32a39251373674cc7e2e7b
SHA129900296a63c90e693bf6642008ce66fa0c71fd1
SHA25684bea45dc5b9ca8f5fdb9c90e3a59d69369ec53287cf4920d1f45c0669e46e8f
SHA512baba608fd21807088d2c6887f783a5aad393935547cb0b4ba673263dff523bedfb2097ad77dc60f8ec2d749a78ab217da33b568a21338fdbc226711f4237f6a3
-
Filesize
1KB
MD5e10c2cac21d53c8c2f7b907d7fd90520
SHA18df8d8f7e95ed08d4b26d3152b97caeadfed68f7
SHA256bc141733812bfe9ba9bb5c4d2578c026eecb8db323b5a79a349b84fe2b4f15f5
SHA5122cc7a46528ec1c4ac4908f946d2f73ffb184d7e49f5c4fc11abe265339f8171f27472bffef360c52dfd5a725c1ad96072b8f262a2818ac01a564c8cdf2a28189
-
Filesize
2KB
MD5e95b309e342c5698d4300d9852b45548
SHA1502f2e729e88f9ce621dd7d801c08d5b35e53d00
SHA256bb0996903926c3123e5607dbf3eb29dfbf26c994991717ae9e17773008f0df19
SHA512eea66da8032641077c81810ccb9e3075d10733b005a2f9cafe2771ed8b4b7380105e56525c045854299f8df786e925be412b0a27e22cf47059e1946be1ef15a8
-
Filesize
538B
MD56b973367738c7cb8e4cc6f98ce46b14c
SHA1ce6b8953967e987611083238291f44ae1320a2e9
SHA2563ce13b927e45f5d0962281c3d4933a61079a6928394647101304880d11f3d8f0
SHA5120e5ed32742550b9e30928ba00f33911f5d4ad3a7ea1dc132efb3d763baad76f835372026e2d43915d9d970ecc103d83778efb860f54677d23375fe2766c7c3c8
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5401390fdc3c94d226fd5308f8a4f029e
SHA1fc91ec66c2bd2834421ec9deefc8beca84e7707a
SHA256eddeee5348c55bb1095060b1f982caae3b6080def55781884c0ee4b0e4a5aada
SHA51276bb2e54f25a10ab2a34a8a4fe46298a3a574cb52811c55815ef6b9607af96b30a021dab66c9c2c23667a1a3d89d34c19022ac7afdd43132b585b93e84bed9cf
-
Filesize
11KB
MD5d0cb4fdada4d7a0cad299f9ddbf8f350
SHA1bedbd41c31609b9833f89d8fa74cd2786615c4b1
SHA25692504e927dfa0a90b586ada229aaf1cd65a32ffe79480949aeb77ec5e61edf55
SHA51286b4ef0575e7cd5118cdd22373452af11a778ad2db4b570b9013026f378a8940b2d29d84d889b6cbb67986c9e2a64e32e2a10e88c3c6d19676422ee9b4ed118d
-
Filesize
12KB
MD5e07d7b1b7da9efedfa57201b61783a6b
SHA1453a47dee3859ed7039dcd6a99bab5821eae79f5
SHA256e5ab462518b8797c261eb41b554406af552d0c1d9b6723faec602e1f14264e01
SHA512af6f41afd67fe90e5a53edc1e173116d0bc91be42cb6b85250ce8e8754e104a05f588787e20b97c4aaa8b1c11a0c456e977bb2e6744a789b67eb3ff272420903
-
Filesize
12KB
MD5f20c419e32855da7801b726c6a42edaa
SHA153927d3c41e2f13e8148ce80b02719877c7e5526
SHA256ca6486797b1c73793b014cfefd4a856196fc9b3eb07bc49309eec9218e2ec0ab
SHA512730f796f9b4cb50261bc47ac29e837df281581ca41b35d143f7350a615b1141f017e6eccf39410e288b285c0dd5cfde577bd28a4f4b423eaf52af3a6587060bc
-
Filesize
305KB
MD5152f7e0dca914dcd1bf8be3b5fc17be7
SHA167702bad91c3068bfa5e66e6d6c6119301f4cc1e
SHA25603342bbc76d065ff51aa005c1a4b54e80694c19b808dc0284f466f095b31b1b6
SHA5122cfd446cc218f4bdcfa0558cbf91aae7d653351fcb28c5cc25b4b7fda47d17e19b6ef2194bcab673d6f4ae27a71b65278899d90b67a3860688952ad5f1ecb462