Analysis
-
max time kernel
213s -
max time network
214s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07-08-2024 17:52
General
-
Target
https://drive.google.com/file/d/1Q8uEkCcr7RFJAgkUlqXatFH7sOEYzfjy/view?usp=sharing
Malware Config
Extracted
lumma
https://pieddfreedinsu.shop/api
https://celebratioopz.shop/api
https://writerospzm.shop/api
https://deallerospfosu.shop/api
https://bassizcellskz.shop/api
https://mennyudosirso.shop/api
https://languagedscie.shop/api
https://complaintsipzzx.shop/api
https://quialitsuzoxm.shop/api
https://tenntysjuxmz.shop/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Executes dropped EXE 13 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 13 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 26 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 42 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Q8uEkCcr7RFJAgkUlqXatFH7sOEYzfjy/view?usp=sharing1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3ab646f8,0x7ffd3ab64708,0x7ffd3ab647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6608 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3447526979549334231,13337740680036183496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap10111:78:7zEvent199541⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main\Instruction.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta88d4663hef4ch4882h9a0ahcf401a9593301⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd3ab646f8,0x7ffd3ab64708,0x7ffd3ab647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14013651398562419477,1198377020172315235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14013651398562419477,1198377020172315235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultcea48a53h247ch443bhae26h6acb3ff21a351⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd3ab646f8,0x7ffd3ab64708,0x7ffd3ab647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12034245966174309617,10677781995205002435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12034245966174309617,10677781995205002435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main\output.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x538 0x3041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main\proxy.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Main\Launch.exe"C:\Users\Admin\Downloads\Main\Launch.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD584cfdb4b995b1dbf543b26b86c863adc
SHA1d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5793d5df67dd2bdac5b13002fe6a56feb
SHA1d7c7e4fc13101e854103ae0d372f6920eb1e6da7
SHA256b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7
SHA5120dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7
-
Filesize
152B
MD5f86c4100387bf2641538dedb9e0d5b07
SHA1549e86ba24375ee618183f4323bcb73672052cb5
SHA25698b713daa29148ab8a183cba3772776e671b1a25b49be95f25b111cb97f24eef
SHA512d9aaaf619d3cf2715858c3d7299b59fc9603693cc71faa4477bd9c05aa628361e40bcb1106aeab44ca812d4f983cbf50a7af8bc2a5b67a851f8f08b94efa26a2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
4KB
MD52799cce519c13fd8c421c183f644635d
SHA13ad887c0714983e0f8a83f0026554daafa6ef787
SHA256733dfcf818241c34ad81f5acb5ef8aad7da59ff4aee49f5aee32ee0954eebded
SHA5124559e732029b569ad4b70144c611141c81084b85b70d94851e52debd157e3d772a081e84b05ebced5aaee17fc098095555a6c4e9d1f50c01f3e0404a1c2fc3d6
-
Filesize
408B
MD56658ba9bb736bdef1172e162cca16cef
SHA1a4ff6a518e62278b3b4f3b5ff0733b6bb85bb419
SHA256d2ac22ca53077a116a86136598b19970eb15406b86f9b099c41a69c33ebbaede
SHA5125ce408e5390bab74149d5a7e051d95a0efff8e714863713674510e8dd7af69318d1697223062fe5bd70f106e09cad8fb0b7921aae3ac0ac86c5d2c376b6cbe85
-
Filesize
3KB
MD55e795cb65161d4e331a4b61c00ae30c0
SHA1d43bcf7e3c77c624fbb174b0cc232fedd15be589
SHA25621486bf626ae4709f928a2a27ddc1602bd6cf78d126141930fd37d763b36c9f4
SHA512cc506e18d329151abc26ff5a754711410e09876728263ebd7f0684cba612924c04b313365793cf2a8a9f2b94b33eec8eb5afcc8d2cfee143d7c104f7b10c6197
-
Filesize
3KB
MD5b3e992bea730b6798dd334deb2ce3c31
SHA195595ea9b69bb3bc83bbd77c6882ba2a858161fd
SHA25681c40e668b86e9781288b9ca38cf07f809ec33771774ecd7978eaa379a437270
SHA51251a682e340f3550284243855b5df9415732775cc41c9b30fe3b881e3276caf7a84cb626dbe9f392113219a7cc40be0dc91f32600ee8beb07dbd799b6807d61d4
-
Filesize
8KB
MD5ff92c760044eeb5d7cb5af95a11b9f96
SHA1151e655bcf3ce745cc8242e7950382a53edae0e0
SHA25697177889cd3804baa4264e06216588958bbfbdc48ded9b40cfe708dedc89f04c
SHA512e7acf6407a1381b79a92ffe52699b07ef22a00577f326a3b45a20ab5f5e7cc0a87429622522c0be67692b8eabc283a2a36482b2a4b288724ff0521509b666436
-
Filesize
6KB
MD5a2b7e44d89e016a49ebd38afaf12dcc7
SHA166d1527b7fd7e28ec0b805618cb6a3bedfb75d0a
SHA2564c5c53e6d880e389483dd3953898a8e78594822ffc0e23603c125b47acb5e017
SHA5123bfcec458b5e0250ddf0b2ac6aa37c9bd135b3ee08d54c8b6eed605d39fd17c9658a57384de75796e2be79e776f513b3593aa491c600f2da8bec88b87d0eaf1e
-
Filesize
7KB
MD54ff0d1611d3802aaf8e20e737a05db42
SHA1126c32cf0512437e82e29aaeba53a9b2e767d5c5
SHA256458e067977be180481904dbea05cc6bbbc49ebfe1c203063b081c405667868b8
SHA512af55b505b10bdb67fab157bbfdc7af1180173f497f651c43aad9ad0816d56899bb070ab550bcfe2c9a915d4836dbd7fb2aeed6028ebdec8e5ecef4a84ff5908d
-
Filesize
7KB
MD55ee2dd37d748061645fbfdd7abf9cb5b
SHA1945c3b1589c24a56eeac1db96f7bd99d8419394e
SHA256b696123dc2761854319076ef18e3c3c313da0aad83337d56fdf7d91001b9652a
SHA512d10d756b0390934f7bfabbbbc0671e7b46aa4bc5664a68cd157bc8d5f8c2aea1165c63b82c830e6cbdb3563a49568023b9f010b1fcd2b313ecbb0db1deea38d2
-
Filesize
6KB
MD554390fe8d0c849e1e6fc9dc04570341a
SHA16fbfab5c2a8694e5153513e37b2543e4eda44d0e
SHA2563276875e30595adea6c38e6cfd450788663109e652898cf948d35112d0b799be
SHA5126443e81f11830a2cbd88510299ec7500b0556aa85f3a3e4cbbe96868e9533f22fe01a1992d4112cc759ad1103a98e8965538a08d12138aa7fa76917848fecd5e
-
Filesize
10KB
MD5d1db42f297bceba368b57205e331e7a9
SHA125a0eddb1b53420616e3753e1f64dabc23ea819d
SHA256e19317bb46c77d64e07b6a72e2f9fdafa87932721dc5b9ec3bb184d40675991c
SHA512332ca9ffda6232c89c6ac8a414ee7460e047795ebb34ddfbe72a97fe2c28cfc172e28e0fc5ff0c935377284b0a873909f73a56ddaac1c47cf22fe13ed0001ebd
-
Filesize
6KB
MD59c83e0a9bc8d9755124fc26dba04f9b0
SHA116a2f8cb5c684b462a1694cabcaf36f054f0a38c
SHA256e9536bcfe99e7fbf365a29398f28044214c32a82f0035937f8fb51de05cbfba2
SHA5126745cef6f32c13b466e645b18a8cfcd7b26a50409babac6ab855e7a0e0b3551956e8c28de43c687706b5630d77af6487e944b5273526b61ef139d07fffce35af
-
Filesize
1KB
MD508585efb22de08d2f59defc1c36c5f1b
SHA1923e555d0de24fffce4f9bafe9de5df04b8eb7c3
SHA2564d94ae804816d0a84e589accffa795c5ec115fe65c8c97dee56f525af0f0b7cf
SHA512a5001ddfa6ea132f3f4b5a23cfc5570c6efdf32dd392cd6e3406326526a7046d91168df542418b43da2251b6449935abc6db102a8093df4e06244473764c44a3
-
Filesize
3KB
MD5c7cb6849bd11fc23595e3795aba7c3c2
SHA13e5c095a4292a97227bb1ce3a71ce19e0b9bd2fc
SHA25637089f21175ec09664308718c1475071c766c74dc80516f097685369c5ab4151
SHA512ce61a92e6643348b0a564466709350d4d5ec9ae89556ea997a3c7471770e8e10e86fe7861d0fe0397d72dd84083e1f2ce0d46ff5279c5649bb8cfd6ce0b99671
-
Filesize
3KB
MD58dadc68edc316719c63fdae66bb455a0
SHA1ff9867b92e69a485fcd7a4d17df310a1f2c2e47f
SHA25604fcfed6c8e2ff7faec60e4d00384d9fe4c3215e8501707cc3683c702cf24125
SHA51213e36dcc4632c78638bb78e39ad902d8d23f1110aa4c95eb2513ca4392d39295daa3d5ed7ba3db5bc6a15eb3682f760c11743847e3ae54ad0765966a691e9ed4
-
Filesize
1KB
MD5ecaf5c3b072fd24f23aed2bb9f32e0d6
SHA183d271128676bb865812de3d3f4e51eb3b8632aa
SHA25671c22988c469b964a8464c0794e7fc51f70f51916855ed78cd7e54ace17113a7
SHA512408df521f34ff77e4886f4da07e04d4dd0bbfabed4319ab8a98caf36044be57d8e0c1bc4b77c21a92bc4b523e9fed47f27c161a12f8ed12847cdc882cd07bfc7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5546f9956160b28cb521cf2c89e8c0bcc
SHA195b3d94cff3aa05f3c505b602a36f0dbae77b5e6
SHA256dc006643d8f174e95405057879efb83c1e5553a6dbf833a949c557cb2566934a
SHA512f184aa5b669ecaf82e79655de6f44e015936c36efd41eb0c0a38c9472a76b5d7ec2e0b3f58539a6a8587ded2012eff0d20f1d7ae9c536e4bf53909cfe38e4e91
-
Filesize
11KB
MD5b66bb1f5816ff75c4327bd103095c4ab
SHA1f68223f0a814137cbcb36439331a5e9b84a80944
SHA256daecec0fc2248c9d62f07861abfb72947ae6c8ff9dae034b50277af42947083d
SHA512eef9c228f71eb86417d6e2e14ad68fc2b5c6ee86fe58d444b3eedc01873c976f8c092d75b6ec0ca6082ea8bc46ba83d5e2b9028c22827ce5fff1f2aa4e4c35c3
-
Filesize
11KB
MD596b2784d6fd59bcd3c217d805b70ee04
SHA11c3ed57edd530f56ee8f59e20e5f01c8fb15b4c4
SHA2567c5097cb3241d9899f7bfcc92e474ab6b06899c4f2554e6dd90b476965ed8a36
SHA512ed14007bb3598497677ded037bf3afea7437324d6f11e9d15bed3e0c5382513929e981b0a71803c388104ffae71dccbc736d4e4e9c24797b3b4dc624e29e9348
-
Filesize
11KB
MD53a363e197bb17f230c4cf5d67cdea1d5
SHA1986f64cae7eed5855990f1203b8f70b2202bc03e
SHA256230df8dce9d7743d4588712a7c65920f93cf92dd00520ba8ee3033f263f8c427
SHA5128907852bce6b8529b3f876833d305026c328aa10d775261f4050581725fe769c318068320269cbb795b764c4c86199072cd8237a6182052e3714293363b021cc
-
Filesize
11KB
MD505fa8852b2c757d77cbf54002d4e2726
SHA1bfa6e30c0584191b81d27b75893482e43972a632
SHA256921977895f4b0957d1380b7dca2f0da291586db2f0e249a61c2e9d81870df15d
SHA5126f3902bf1fe892ca7fe5371ba78aafdc541f3bc7746e795cbc3a0f7c141e6edfce7d6cdcfe65e2b30e21be5abea78701bde38fd9089836e242160860062a3e83
-
Filesize
11KB
MD53de4ec13d2af50728fb6e670539b9fb2
SHA1990fe58fcdc02393aac1d407d789100b7f618352
SHA256d5f590d35dc8d7fe6c336be3d849704393ea3a8ef5e1214f3f1aa4948a9bf746
SHA512975b1c1c4c5d542270644106960db003fc924a83c8086bc4aac63de612dd14de0d91976d0cabe605594f0fef7b304ff761162a9b997fb9776a3f2f4954b24e2e
-
Filesize
100B
MD5f522459d2215a8dcc24b660201c0c3e2
SHA11e87432e98abd29ed715a201c6a57e313d3baead
SHA256d937c82a9991a6c593826c32b170db21c8ed73af1e5d5935b6d5c59d23a4e436
SHA5123bb11e3c38284b4bbdf2e384ba9347913b88898e4fa0f2419db07997d30c02759e19dba889a7e51b4a370e59c91aeccb067079793d174581cc61c4592e6476b1
-
Filesize
380KB
MD56cec63a9ea41b5cbdc4f3952aaef9e3e
SHA1bac9879e871e45182a613d036cc24959fb9d2b2b
SHA256e84cc00d547f3c70c94c28825680d30050dc1ef35f1db2a8b5302c0c28f5a602
SHA51259e8e4081780ae0f3eeebd6a872d431876686e36afa413b6cabdf688e772211b2f5779c27f10a5941016f47868971eb5626e4d2986fd0807dd42cc3de65964ca
-
Filesize
376KB
MD530f51bfcbd521bec4fc73d53431896e9
SHA14c4db9def98b39d05ccaa679e488e62f58c1bf25
SHA2560249556c11fbdcea7e71587a9e081ea6398ace17b6fc497edc37d23b9dde6f46
SHA512e7cf84f38916e3d16ddecdc1b4dc704f918848a586c9dfd30ebc86c876f746cec0ccbd644cd56d16e3c9dbdc23f4d13ac5f9c9587d618a47115bff8694106a1d
-
Filesize
408KB
-
Filesize
352KB
-
Filesize
352KB