Resubmissions
15-08-2024 11:42
240815-nt6pgsvcmj 715-08-2024 11:37
240815-nrkz1avbpj 1015-08-2024 11:36
240815-nqyjpsvbmq 1015-08-2024 11:33
240815-npbcsavbjm 10Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15-08-2024 11:37
Static task
static1
Behavioral task
behavioral1
Sample
ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
Resource
win7-20240704-en
General
-
Target
ae1265e9fe0ac39bbe970a3fa66c64b0N.exe
-
Size
282KB
-
MD5
ae1265e9fe0ac39bbe970a3fa66c64b0
-
SHA1
9239a5d795a2d97e72e7bd9b48b125d0e2459960
-
SHA256
87a574cbf6233e2fd7a3872da22451ae49f6248cca5c900dab49207e0f0135b0
-
SHA512
ff66d820fd16cc06ee99b995b1de7aa22d545da35518a1b02c5d5dee6a2d6c8670d3c3ba6934c0f0ebeaadb577c9de91dd9db8f8b27d1636f4f7514a6b4430a5
-
SSDEEP
6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfQ:boSeGUA5YZazpXUmZhZ6Sp
Malware Config
Extracted
nanocore
1.2.2.0
sysupdate24.ddns.net:45400
ae82ab7f-db07-49ee-9d2b-76075d76f37f
-
activate_away_mode
true
- backup_connection_host
- backup_dns_server
-
buffer_size
65535
-
build_time
2020-04-24T17:41:53.492468936Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
45400
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
ae82ab7f-db07-49ee-9d2b-76075d76f37f
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
sysupdate24.ddns.net
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
ae1265e9fe0ac39bbe970a3fa66c64b0N.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation ae1265e9fe0ac39bbe970a3fa66c64b0N.exe -
Executes dropped EXE 2 IoCs
Processes:
a1punf5t2of.exea1punf5t2of.exepid process 4500 a1punf5t2of.exe 4928 a1punf5t2of.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
ae1265e9fe0ac39bbe970a3fa66c64b0N.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b1b2dqljdx3 = "C:\\Users\\Admin\\AppData\\Roaming\\b1b2dqljdx3\\a1punf5t2of.exe" ae1265e9fe0ac39bbe970a3fa66c64b0N.exe -
Processes:
a1punf5t2of.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA a1punf5t2of.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
a1punf5t2of.exedescription pid process target process PID 4500 set thread context of 4928 4500 a1punf5t2of.exe a1punf5t2of.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
ae1265e9fe0ac39bbe970a3fa66c64b0N.exea1punf5t2of.exea1punf5t2of.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ae1265e9fe0ac39bbe970a3fa66c64b0N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a1punf5t2of.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a1punf5t2of.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{7B5D3EF0-1E8E-4D9B-9F0D-DDED31564FC9} msedge.exe -
Suspicious behavior: EnumeratesProcesses 48 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exea1punf5t2of.exemsedge.exemsedge.exepid process 3604 msedge.exe 3604 msedge.exe 2464 msedge.exe 2464 msedge.exe 1340 identity_helper.exe 1340 identity_helper.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 412 msedge.exe 412 msedge.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 6988 msedge.exe 6988 msedge.exe 6988 msedge.exe 6988 msedge.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe 4928 a1punf5t2of.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
a1punf5t2of.exepid process 4928 a1punf5t2of.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
a1punf5t2of.exeAUDIODG.EXEsvchost.exedescription pid process Token: SeDebugPrivilege 4928 a1punf5t2of.exe Token: 33 5420 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5420 AUDIODG.EXE Token: SeManageVolumePrivilege 2924 svchost.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exepid process 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
ae1265e9fe0ac39bbe970a3fa66c64b0N.exemsedge.exedescription pid process target process PID 4748 wrote to memory of 4500 4748 ae1265e9fe0ac39bbe970a3fa66c64b0N.exe a1punf5t2of.exe PID 4748 wrote to memory of 4500 4748 ae1265e9fe0ac39bbe970a3fa66c64b0N.exe a1punf5t2of.exe PID 4748 wrote to memory of 4500 4748 ae1265e9fe0ac39bbe970a3fa66c64b0N.exe a1punf5t2of.exe PID 2464 wrote to memory of 4232 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 4232 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 1784 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 3604 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 3604 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe PID 2464 wrote to memory of 644 2464 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe"C:\Users\Admin\AppData\Local\Temp\ae1265e9fe0ac39bbe970a3fa66c64b0N.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4748 -
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4500 -
C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"C:\Users\Admin\AppData\Roaming\b1b2dqljdx3\a1punf5t2of.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4928
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\WatchUndo.svg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ff9884146f8,0x7ff988414708,0x7ff9884147182⤵PID:4232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:1784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4492
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:4880
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1340 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:2664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:60
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:1048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:5320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:5616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:5800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:5812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5740 /prefetch:82⤵PID:6136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:5420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:5424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:5444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:6104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:5968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:6124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15174039401862358681,15551363963386834939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6220 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3428
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x518 0x5281⤵
- Suspicious use of AdjustPrivilegeToken
PID:5420
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultadc26876h91d6h4c57h980bhe4cb6d7880861⤵PID:1704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ff9884146f8,0x7ff988414708,0x7ff9884147182⤵PID:4876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12894849926097766773,13913806534589897392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:5476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12894849926097766773,13913806534589897392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵PID:4556
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵PID:6260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5793d5df67dd2bdac5b13002fe6a56feb
SHA1d7c7e4fc13101e854103ae0d372f6920eb1e6da7
SHA256b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7
SHA5120dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD51a523d63ab209deb644e4bc7630f9c24
SHA112c12778b0bc16659c0b9e2bbf7fcc51383accbc
SHA25674495c8efb2a6b087b6fe747a871854967391273499ae6d20ab74c4d5ae748ab
SHA512618db296532b6e2e1eb3ca05a44bfd485067ea467b565f2402dd6e0b6580a8934494a6a4ec8e8317b6d90da5ad1264903d704d82838b842cff86ecde403a2724
-
Filesize
3KB
MD5b950259c47b4d7d5b270100729498a65
SHA1b8dab6060266b870e42eaa4771a89bd2e1a127a7
SHA256f3340c7793dd66ea0159358b4b347bfae832571b8e8dfd912d18bfee67312aeb
SHA512feea4314537a60c0bae88c411267ca65c02c3beeeeec24caac75f88434f7a2db5fd283c4b73fbba5c963933f2c755d3fae271f214a238419e46cf009127db3de
-
Filesize
5KB
MD5bab858bbc5241acafa29da55474d3982
SHA12d149a764de599dcfc2608f8f58ef36f4c778e92
SHA256c5842346cef8830fc0ad7cd035b984b23011c8bb6e5a91a6e8bb48d7d0c01561
SHA512ac2d396f40a967c5340d29756ccd72ba57c5f54b2f8c8648203eb67ee75ee5e0f71506a77ca5b6bc498a153de3a33ad8d30c4e923742e5577b4fbc06a8ef4e1f
-
Filesize
7KB
MD530f05ff2bcd733d701a4b56794ae1f6b
SHA1b245b01788ca7391c3017248c85cdf91a6bfacf7
SHA25644bbb35bcde87263998a8f0b381223c20e973fc8233dad84abd917aeca43bcd6
SHA512f0f79b18ef8040f25277f32ee050875eb86c5562908ee530d7ebad1c7f0f17746da902f71afc6dcf29d91f24f5f9290dccb5be9a4f4f8ec5ea9912297b366f9e
-
Filesize
6KB
MD5f981104e029fde5df016ea6568ed4c76
SHA1a0a97babea9367e3b3ab04804a9ca3c4ed3fe2d4
SHA256437011ac7546787d6d64f50ee1a0881e45ba279d29321ec290ac059dc6b9f560
SHA512bd13c7a7db0eee6adae4e021ede6d9e9b008691f5410fb12b6692f79bc66393450931964789140e589003b2262a46f1482577df54cef08caf5734f581ea2d959
-
Filesize
8KB
MD5c1ebf20f1506d8cc0bcaa4692ff8fb85
SHA1f59d71545ccc3b6a20539a8f5b3075d2273f7a1b
SHA256e060b2ca107937d6a065c6a31b397826c1464ad548a2a5cc46c60dbe1c341d8e
SHA51249760b2a3faa021ffac0b57f244cbf39f06a311f0ff566c07ff8591a4343e8229314a4f325054f023d93dff8353564bceb63cafff2612898ca04928ac5640e74
-
Filesize
8KB
MD5dffa768c857f0317438b11c35e5cf65a
SHA1e3f5083984e33d296b77d2bb9089eaa82f472f1a
SHA25690bb6dc5408ac14eeb291dd69632e4d539e5730024439b05c00e1fda8cb49716
SHA5126d4d72d0a861359769fd742f44ddf3ed7bd3f8bd57d3c0b572fbb0d6e0e473a50933d0ef1e3fcefa588140648dbb497060c7b49fdad968dc28e115608977ba66
-
Filesize
8KB
MD5f10758162afc2c1b8cdd53770643b572
SHA12f5d6078fff062ae58919273f753004c6d63c2fb
SHA2560216dcea9cf777d600f990df94d1dc77bb5840822f92173c1a1d313f6e0035eb
SHA512523133b8ac8ba48118fdcec0cf9ad645c19f75cb599a211adf6a82aca66bf6daee6db1997256a2cd007af7fc96f406f5484aab505cf836ff77050aad2a92428c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD536b62ad2036b27e3439b4995e685573f
SHA1722202404722103628f8b743700b5000bb421bfb
SHA25698b9907bbf87fa7ac0420532e7e36bde4b25d5fa9c6bfac369abb5e13a36bc25
SHA512892828f5026fb1a23ce222d62a0b65f2ed2d7487830a56a0375dbd6784a709c20d03df3e2588ce96bf99a969a322f61c0bfe2efdd94f2a308bea322d7b742f41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58628d.TMP
Filesize48B
MD5dbf140dc7500197831f1b5185674aebb
SHA10e7b5dbd45fba327afd0e427b8d2153c613e5556
SHA25622047a4a3010004cf95fa64140ef0812e278117ca834721a67e4b80fd2fe8285
SHA51292549c6b3a79cc941e7f1d04b8ab93b9dac90dbba5cb7304e9b13c9a5a65f22e567c8b8daca4e4b89d53d5e785afe1a730e4cb587c481af9ea27475fdd26582b
-
Filesize
1KB
MD5372cb7623144a9357d32f81156b0126a
SHA184bf84342f9d0e21e7412368ebbc02b04bfc2eb7
SHA256d661ce3966020f3fba040d9bcb15e75f8d2c990e6b4adb1293d4aebb5343c3a4
SHA512e574f8effa2d07916e185e5649bc0f821d1b8271d6eec6353d857a8472d31a8fba55253f1bb984498e577b2d4ac26b7b1418405ead74e9c052f5210f3d7145c1
-
Filesize
1KB
MD5f6723060e1784c15f7f79efae2d4f4da
SHA103b7b38ab9edd3240b2ab254a58c292725bd67ea
SHA25645050335aa77e3211be9af0b907422f4c3e34e003c904a3edcb97b3554c9cba4
SHA512ad7569ea27271cc6f33909a88ee7c9a08b61baf6c791e5ad9575687bec3f98d9df9d69de32d528c9d35d4c491258cd1c8283e1fb51df816df0b648a5a5ebb750
-
Filesize
1KB
MD5c138c9192d39ab8c395358705a726528
SHA1b831c360c75059c7d559234388e85a5415ea4ea8
SHA256f6450c6550beaffc96ee76e82cbd881fd23867b2daf5167ecad5f41834864a7e
SHA512abe4a66aea269711d4f2f4a893db75d30b20f6551c5cd1d080e4dce98311a4f5736d1376723d3c3b88ac2471bf73de30d06d88cc9c4b9549d597493a782bf5a7
-
Filesize
872B
MD561a03c7be2fccf58d762a5f94b5fbee1
SHA17a2285af05c638a7b66742b1be81d6d22359731a
SHA2567e90b479bf9817768f3586fe08c153b3a8bda25568f13c4576c8eba4021bd897
SHA5124d9f63f6d187b5937744052dbe498ecca304b9efb24f0a5ab59e0624f74c30489ee2dc86a664935b1cef7c43c6614d4c7c5abca3633135c79173c955b6141cdc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f92bd1d98cfa885f6f4e941a8fa26687
SHA1c0a50146c4c1015463387efd8428dc79fd1397f9
SHA256e3e8b970734101c5d67726f7e86c03434c036dde1471e7e56b1231742b7fc60a
SHA512378c927edfbecf2d0c8c194d62832fab0de1f73cc5a83b62b60ad6dc8420eed4eb547fd838a29e698d803781647dce56b096f87f78dd27050e1306ad473807c0
-
Filesize
12KB
MD5d8ed75c8fc6c423b8b33496806673e47
SHA1bb8dda38c4dd1d7558c246ae62ecd81858e7ba97
SHA256fb74ca029a64f321f0269dc4f977edbe32424c698fb4fd62a718221552117eb3
SHA5126b992816d71118d6eda15a63d6d362765e79fbc31c46448363bddd0bedb0bcfa4576abc73578091775fb35656258d5c2005d3359b0e81b9d42adb23e4974a136
-
Filesize
282KB
MD597ec8b871da19336f05a0569c896b946
SHA1474e2a8efad159fd27d9a6d0faa8f040ddd6f320
SHA2568b07864a89e462ef8537ef8c89a2ef7dec44673f69a6a9cf93799283cb746e79
SHA51244d7141e4b9c1a1d6b694f9dce045c9295f1ba90e25ad5ea4f4b0f063df53f76d8239075d208afcfe43aee2fed592053c1a7629e47efbfff05b7bd641aa639cc
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e