Analysis
-
max time kernel
146s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2024 16:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.dropbox.com/scl/fi/6u29kv7ly5ag0e2mag4oh/CGDL_V2_Updated.rar?dl=0&e=1&rlkey=0eb8fpq3idfu39n4qbi2mgvdb&st=42ibvi5s
Resource
win10v2004-20241007-en
General
-
Target
https://www.dropbox.com/scl/fi/6u29kv7ly5ag0e2mag4oh/CGDL_V2_Updated.rar?dl=0&e=1&rlkey=0eb8fpq3idfu39n4qbi2mgvdb&st=42ibvi5s
Malware Config
Signatures
-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
ElysiumStealer Support DLL 1 IoCs
resource yara_rule behavioral1/files/0x0007000000023f86-1177.dat elysiumstealer_dll -
Executes dropped EXE 2 IoCs
pid Process 4748 CGTraderDownloader.exe 5856 CGTraderDownloader.exe -
Loads dropped DLL 2 IoCs
pid Process 4748 CGTraderDownloader.exe 5856 CGTraderDownloader.exe -
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs svchost.exe -
resource yara_rule behavioral1/memory/4748-1175-0x0000000002B20000-0x0000000002B3A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language CGTraderDownloader.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language CGTraderDownloader.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings mspaint.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 4616 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 1968 msedge.exe 1968 msedge.exe 4884 msedge.exe 3672 identity_helper.exe 3672 identity_helper.exe 5772 msedge.exe 5772 msedge.exe 5224 mspaint.exe 5224 mspaint.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe 5064 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5176 OpenWith.exe 3980 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeRestorePrivilege 4996 7zG.exe Token: 35 4996 7zG.exe Token: SeSecurityPrivilege 4996 7zG.exe Token: SeSecurityPrivilege 4996 7zG.exe Token: SeDebugPrivilege 4748 CGTraderDownloader.exe Token: SeDebugPrivilege 5856 CGTraderDownloader.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
pid Process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 4996 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe 1968 msedge.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 5176 OpenWith.exe 5176 OpenWith.exe 5176 OpenWith.exe 5176 OpenWith.exe 5176 OpenWith.exe 5176 OpenWith.exe 5176 OpenWith.exe 5224 mspaint.exe 3980 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1968 wrote to memory of 4464 1968 msedge.exe 85 PID 1968 wrote to memory of 4464 1968 msedge.exe 85 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2540 1968 msedge.exe 86 PID 1968 wrote to memory of 2536 1968 msedge.exe 87 PID 1968 wrote to memory of 2536 1968 msedge.exe 87 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88 PID 1968 wrote to memory of 1340 1968 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fi/6u29kv7ly5ag0e2mag4oh/CGDL_V2_Updated.rar?dl=0&e=1&rlkey=0eb8fpq3idfu39n4qbi2mgvdb&st=42ibvi5s1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff998d246f8,0x7ff998d24708,0x7ff998d247182⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5844 /prefetch:82⤵PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:5536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:5960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:5560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵PID:5456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6652 /prefetch:82⤵PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7257405462408754744,2945579171005701613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5064
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2900
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5964
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5176
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CGDL_V2_Updated\" -spe -an -ai#7zMap131:92:7zEvent83371⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4996
-
C:\Users\Admin\Downloads\CGDL_V2_Updated\CGTraderDownloader.exe"C:\Users\Admin\Downloads\CGDL_V2_Updated\CGTraderDownloader.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4748
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\CGDL_V2_Updated\downloads\tac_glove_039_viewer\thumbnail.jpg" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5224
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
PID:5216
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3980
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\CGDL_V2_Updated\Readme.txt1⤵
- Opens file in notepad (likely ransom note)
PID:4616
-
C:\Users\Admin\Downloads\CGDL_V2_Updated\CGTraderDownloader.exe"C:\Users\Admin\Downloads\CGDL_V2_Updated\CGTraderDownloader.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
847B
MD5f8ec7f563d06ccddddf6c96b8957e5c8
SHA173bdc49dcead32f8c29168645a0f080084132252
SHA25638ef57aec780edd2c8dab614a85ce87351188fce5896ffebc9f69328df2056ed
SHA5128830821ac9edb4cdf4d8a3d7bc30433987ae4c158cf81b705654f54aaeba366c5fa3509981aceae21e193dd4483f03b9d449bc0a32545927d3ca94b0f9367684
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
113KB
MD58d8ddd29a8bd31ba969f4ba6fa8ead01
SHA1fb73c3a9eab8a40fc42566d133e4c19236081db5
SHA256d3a6442c46ec396cc5848b3cfde6837d8dbff89a8be6601990bcec81987033b0
SHA512d3ad9d3b00b7cb8ca713a49f1f0abb32c364f16c25ff8608791ea40f19515dc57bfc51bebdfaeefeb7d5eb6ca6b04ce437f296256f72eff402b80715f1265ca4
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
85KB
MD5e4506b7856112042dd4c8408a2acdce6
SHA1d8d52a68c7981fe85b21a144907b4f893d52f30c
SHA256bb92cb73839e356b961e73108f8f6d62b7c41724dc6cb806f784df47e0b2db7e
SHA512103f86d240eaeb6233c29d07efee1f7471b44a5179f1d1343bf6a23f09172707b6222bdb4bf141575149b2f4efab6bc10693565118476cfe33a291d925e58daa
-
Filesize
57KB
MD523fc98cb43cabc9635a22a5325915d20
SHA109ccbeba29d8f6f07dd0574a83fcb420ca3fa94b
SHA256dcb645d979ac7fa559665e4856c10d14ceb25bd50d8467685fbec519f96b16a7
SHA51219a8b48a6b9efc1cae392fc1620e57d573ebeb12c81141c4addc3ad9b759227fd7a20b478bb201467db6d3f6181ab627cfe5fb72fff7ea512312164233fa560f
-
Filesize
106KB
MD5f49f5ff909db7c838f8c4b18b66f92a2
SHA18b1abb1a1e54d4767335976b2da78ad06fce211e
SHA2568b5ad282febb2ad14db3ebd8f0cbd484c2db40899f4ddbbdabc6a7a8648a567d
SHA512d6cf60b709907deb2b18dbca8c57a4231169d31b54163718540d4630bf342064959d1897507cae69884ca135fc1673dd28615f57d9b6996281bf22560f1f8c6b
-
Filesize
113KB
MD5b21b6e8c68f03a09ba2d6c9f84a5219b
SHA17888bcb564d6672c0de9d5acca7ac1749f66b83a
SHA2569c37cab0fe4a5819941dd27d44a9027c91e673b00cf2a208c8ba5ead45e2e2d6
SHA512c7a4e7a916b60f4b262090b5469a44082c722d39853fd6f643fb68e2fb4a0a2cdeee1faccb2bc932a650c4bbfb21e7447d273cdaf198aa4dde6f325ed959c287
-
Filesize
55KB
MD5dec0c1b6789c165b6cb6404022b9d8ab
SHA1f7ea4683e536846b30413f51ace75f4d4100cf99
SHA256199f0d0985bd3150a0e04a4326d70acde490b15f7e493da2195cd3cdb212a225
SHA512e5a22a538d8506aeb86582cfe7a90004a4f24225c166cf4c7f971f653aa9544291c2ca85db054324a967b15ea79f0dbdf3e20422991c783d5239a970c68559a9
-
Filesize
18KB
MD50b4ca9d95b2c6c50b7b3ca4fafe36b74
SHA1953847f7a4dbfbe1107f99c5593fb5c8d0169600
SHA256a37760cf1e81445eaf068c5ccbd23cfa58bbbccb6a11cf0c1acc9886318882e2
SHA51291bbdccf411c0ffed59b89974be14b670af4f803bc74139406a9d66984049b0b041d170c0d5d017eb56e0c68a6cc7ace2a1fd8627d465eea54a9d17e3dd61af7
-
Filesize
24KB
MD5c3115b9d64c504eed5bcff4e38548b60
SHA1193cea6052e1991c7083f3f8934f23bf500a2d8d
SHA256c5d4d12a19be48b9d8c49ec82d710005ffbf24d5620534059261eb3fae0c263a
SHA512c6d7d851ee5c3994cc01b6ae91a605853a35905c2c836729c5082e7931232c75a74ba47cd42c4d03cb98345dbda58e450577bcd4a5a740f34ff8e34c58931560
-
Filesize
25KB
MD5b0411a6860f7bb77044a34d14bfd9d90
SHA1160822a547a4facccb275fd22560b8116c96f76d
SHA256fbb9de12de8c1331bf44c311600319cc478ba8250cce88fc95515990e0c543ce
SHA512fe8800383e4e4e71d1f2108b0560d563779dcaa3537ff2cc03a259edc4d894e9226c46b71e69b404d694399e9058381c4005dd13db5af6b321781321b2b96381
-
Filesize
40KB
MD567371d8f8dc3cab72990cc9bcd99feb1
SHA10e40d698f1248cff0939964d01633fe3e8497311
SHA2561bbda0f7641bb1e47e4f33166533318640b20e06f614325d4fe659ba45bd4bde
SHA512e4a77321120b53c9538dce2a990a11fc9d5dafdcb24f632e4efc4066203e77f563908c7a926b0942a1b8c5f525af41c2e8ce2f1e7a708f45929f7bd48ae9e7bb
-
Filesize
45KB
MD51d7b76230af93d43837bd4c8c88dfebf
SHA1f79765fbbdeb5f6cab9938779c969443016dae1c
SHA2563b2d1f512638b60a318c6223ab7c5a494c026cec0581c1c70777d797500cd061
SHA512bfb20b469e2c66987fb64d7d676e2bf25b48d957a0ff9c1a177d9aea9735645e2238278dfb67b88c20c474f6fc4a2b4022bd2999f1f7691551dd1064c3f7ee93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD53ee698c9faa704ef735a3620aced1e70
SHA17924adbf5b86f3d15bd0ff49bd6c2ec2a69c226d
SHA256531df1a5e38be6617ead73a89a3de2151073a89b327e65422a478521c2aa9d52
SHA512c15992d1d1aa78076a888e571c7993d7cc085b6aa41cb4241893e01a2bec579ab4fd147c5bb6c88083d0ab9cbcf7bd2863d96324a156f901900702d3e93c666c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD56fb7c5598aaa936b07329731e4c3f718
SHA1688441ea82db0f96ed4d54455b3b11986759afdb
SHA2569e49fcf1e79d34654dae0aa7cc2ef80a8ef38dfbb9c9f7dcc5ad08fce3f11dc5
SHA5120c3694f962705d04dd449e87f7538879e542122c0750fb84b5f705db11888a95eb9b26215ec8eddaad44a4b84dc6097ac7aa8fedaced6e2157d73413d92cc3a9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD5f24738396a68699aeb225c4657c5f9ed
SHA16d0887bba9eee35da1467eceea8887761206464d
SHA2568ecfb0c656a074063596e262b97238a31370c1662ba07e45ddf31f981ad72e3f
SHA512ec129be0146cf5e6810761faaf1dac2a8b26db07a08913fa6f4597305a0bdeef7fc6c1de82e80cc11c0c55417a07a5733f4799110aa3af00e7b2c5544fe5a4d9
-
Filesize
3KB
MD5edae76a49b1b6e43bde1fa6db86e9470
SHA18817a89d0639328906b415cb7442730c40e015a0
SHA2565d297508bfc2f7b6a8053cedb180436c0dd33f8edaecf1e2283e16d30e7522d4
SHA512b52f9c1a279a3ef893df81d260a8a6431a903b3b54b99f4b7e5505f8db362807fedb1c1f3886d5d56dacf5563432690460cffce57199c8550c0d68693e1d9ab1
-
Filesize
5KB
MD59419d37538bde7d4fa65e8d191050712
SHA1ef8e31952477aa1277de856362fcb2702cfee17b
SHA25657c593d0cb0fc8e338ccff36f5cbfb424b898d6bb1f92e4bea368658b2a47dd3
SHA512cfd5e2a8c1b07f0a68035bd1a97aa3ec882ffbc58a9a1ce05af06a1ca35a9f4a50d5487fce06158b8a6504709cdd4ab54e9a43c576a79ca111907b44c6bfc3d4
-
Filesize
6KB
MD563f1d2559f685dbe54d20cbd7c6e432d
SHA130a87b3c629eab40265d3cdb1911dd1e247bd53f
SHA256f3296c68703bcb0fd587c9b7e02aefaef02d73ac53293ef82ba0b3a6938d322a
SHA512728363eb06e5de49cd8b65f19600d9134fab9e70b6f8a17b8ab1d5f0c1380482d9c9fcbd7b34c5445c45710e9b86b38c4f251619b62d834198967a9b9f0dca07
-
Filesize
8KB
MD5b940640b71225005a5cd9f7964fa8a48
SHA16fd12aa709d600650e0c34b78d16aff9f4c6db31
SHA256aa3d38a94fb005556328adcd2bb7d98caf7ecfe20bb50a9f87d9cddac8772ad3
SHA512a0d125a7963b65f6cb1ada67dd675e7e3d6c7cff0c7602fb7a24171d264834cd07f65814b1c9113d9bc8b26e708c9e8ff12c090db60971b3d66837b7cc183710
-
Filesize
8KB
MD530b11ba628e5872de86f5a629b92d9b1
SHA105c49b90a1cbeae5b7777dc2cec6f521e20116d7
SHA256956716c718ba42dbd545dee76dbf7490b6823929b73ffbbc0779e45530e9c4ee
SHA512b5207f0671ff647b429db193c20c5a0852595f631c8752863420d7a2fbaa3f03b87dbe5e164f2012c5b1ae508884b5501ee95e9d9bd1f733b442645100b1f19e
-
Filesize
6KB
MD5f6d6215ef2f5e2d73df07127eddebbb1
SHA1f5c881bcd5dbc87917a68c19e566bffdbdd82193
SHA2562f0dfb66686ed3de143b521cab9ddfdfeef0de586b3d5d2b8898f897703bad6d
SHA512fc316361fefc49fca060a353cf37fd5b792be0c57a55158351229e0f15b026f1ddd72f983cc43fbf9dca5fa0c822c7c63a1a55df4758e240b87e84fd7589c769
-
Filesize
7KB
MD5a59d55e38f828ae71dc0ab183fb52f8d
SHA1a9e73101f76f511a68d64852776bfd075cdb79d1
SHA2560d7f739a02378a9df5221ac63c03da2b5c9e6fc3eed17d925700072c8e308c6c
SHA512ab9f8378f0d6259dc7cd73152101e01c558fd821fa2b3ef7c5094dfaa49ceee0771821dc3ebf85c9d586706bda56d5020aeec76123121b88ace147464b091ad2
-
Filesize
705B
MD57b39d45e2a471081087c6b5106efdc21
SHA1d52d58da30aae99167cc329c5b4b4ee3ab5b514d
SHA2566520fda042da206faa3fb74daa9f117cc8da5a0515f56be56a92aa1157cb11b1
SHA512bbe11a1a9b15123498e9aee216c655e141621f478ff9e1b30577e3065766934144c0ee92765c0f020f6f51c51b4f07258a04e900141864de1253a27cc642bcae
-
Filesize
705B
MD50fd775998709756532d1f7d429be3e48
SHA1b932b081be9dd1f80744e3dfc026719b582ed034
SHA256296d658a35f2330b137d5c073452d5b39a6abf01a73c21db0902352ff589175b
SHA5125e36a05259f19f055050476fa609c3a27632772d5f9ee6c0084be3b5f307d2cfbb784d3570ed038f96d70febb472c1a3a75ac965d76d45d5720fcdd1a29bdb9c
-
Filesize
705B
MD5ab6c644e27262dfbdf0878444d07c32e
SHA1e64e2101770185c96d226641196d0332472bd534
SHA256352bbad18446f713d7852295375117531437ac37b3164bf5f503c5f4e90edeca
SHA51261134de9199032ad4920bf746a97c872f79135c499ceedea3cce38344ac0626e2fdb979b983cf13e0001a603dc1cebbe49f34727e9dc6718d28163c0ec950907
-
Filesize
2KB
MD5180a66dafff0232d31bdbf33140e330e
SHA1137f04122de27759eca30f9c9b21cd4d87d241fa
SHA256974710d38166a16898e2c6813d3f73a8f2d89fc5b56a0ca151e1fc934afba7b0
SHA5123facce9459e9dbf1a66d9ea0054c973f9c677d923edd935e98204858c4134f5639440ceba404b9dcf7de814f626b2190d4a644c95273b8deb3e72e48cef708b8
-
Filesize
705B
MD5d73547a941361f68b5258ac870dd80cc
SHA1ed26a9f4a3db4b51429be9ee2b1213c4ac89feb4
SHA256bb1e71dc0847e0d6f5937488dca6f2254bdbcfb1e2338f655c5c95ec3566c23a
SHA512592a011c33c48281448be64aac6e8acbc0aebc6a7c573d5c1fd7c5abca668ed0630cdec74bcf5bc37ab3cfcb41931e596b871e73dc68ab55657d350ea9a75c0a
-
Filesize
2KB
MD508b8c134b6a6ac0d26382cc78225c489
SHA1a8edac197a57fc032520fea9ba6b681d9d59e73f
SHA25636b142e1dc584066589b00f2064ba7d9508342bcaaa66a583f26918d71636e01
SHA51244f1bdc090b464aba8faea478ee4feddd0fe606ee14d4f03aae09f2af053b9a5629822f9a6e26dba4aa4b131e625c23c13947e63749b6b970b93f88572088c9b
-
Filesize
2KB
MD5f84c97b1cb09c47eba9d8fda823e5a2d
SHA14eeb69675460559b23fc4d2f7deae01e9f12e3a2
SHA25658395ed9738171436e0fce116651dbc80f2ebeb8312626dae843a2b230c3301d
SHA51212f9e23071b3f619d4bbad7e6576dff1af0ff3e4c5219af4462380e71b190df1df418c56257d9e99cb01761e6a74b9afc1619780f9d5b3d8be1d923cd42dd720
-
Filesize
2KB
MD5db3dc841514b43a09520327870eceded
SHA1e7f0307152a398eb3ed0710189a6e923ce935542
SHA2561d8f411a5cee76973daee6480c7485d05f751c899d9f52a2ea43731b41795104
SHA512844cfa3f894d4760cb9aa07f72b9754fdc5398e6155d8944bfc9874bbd513ab0edba7c7b02344c9fb327de31ee1e8018e497567f5b3b166db9f729dc201165ea
-
Filesize
1KB
MD5e0f0c569f1377d07aff0be3c24c70c8f
SHA1f3f67e032c899fa9278fe301c7e4de58ad0e8db6
SHA2564e309ea6626cc860e91616dbfb8a2d9d8a0634b9c3d187e8404c70b52bd748db
SHA512fab9ede1230edcdfdf916fa74e533542c3d53b2f928917248cb0c983f203e3ab86b9f0ea8b1ed948fee5488139a85f35642edb9cc762d7c6426257c4343712f1
-
Filesize
705B
MD5a09a460630b778080e30da49b0938255
SHA1e025c31a034ea697ec646b3c2267af5c01994cf9
SHA2567baabb26c462d79c37d5d8f0389b6c6812a14f01018972f14253aca21aac71d8
SHA512b427a700ea5d0a12eac06671fc152f6b9d7aaed2a5a71a0af2b80ea33a7f0abed41ae42a4a21bf3661d9527b34563477fbabd6457079a40d41d7274e12140f92
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56e018f484139bc8a2d835569b385be26
SHA1111c5aef82feae95f11488e131f1d99f4d9eb980
SHA2561a687321d9587d8ad5ee201d87f46457b5f6b19c7c5c15d882b26f51212a06d2
SHA512654754b887f9b68d85fdcd2c8672994c55c014c2038833a3ced69c751ac36aeada40e8f69c909168197a89ea20a8f380ed9252f056c6d181fba183ba4589860c
-
Filesize
11KB
MD5ba4324fb53df33b5d88599cd99edd70c
SHA1d139ba6f822abbd3e5fed5147f790dbce2d47991
SHA25688eeb5bc526401b71c4ee2c8f79cd88187170b1d29fc9a78a3c3dd66c2105ee6
SHA512ba3bdfc9c7638a839b4b90866f67c154f203b012669e85402b38feec9a10c23e7e20edd07774c9931f4a107b046d5932c26ad283457206c39b1a58ce615278e4
-
Filesize
12KB
MD5ef0638b2b6953bfc2d2ab191f8666e22
SHA192d23bb0cb5e2ebf39d484ae10d116285f409152
SHA25663f2e4cf8d2ed5c1146c659e91d2fc1ae79f84d883fc5cc30a98e3ae86e43b74
SHA5123834873997fe6bbce609b29b8b2b93a6c49464d727ff6ae60a6bae3e4199df8f1ab3ffd711b7fc72932decd0750ccd51fafbe934cd5836f487a39ef4ba7807ec
-
Filesize
40KB
MD5f22c056c1acb6249583c8f2d757e7017
SHA112e77a7ba226f94d26dd4c0e9ac7e6117e420f09
SHA2568f47a492db289ef0972d09f91cc24e7545bcfa59ccf60d3e3acc429e3e870e09
SHA512d9e3c48def37b3a6f8c8d899ebe297aa5170fdb8e3dad520624dc81df316884c9479708a25db79cdec7834ced2ef91ac75786e1b3c78c559b6ea9b92dcce9e78
-
Filesize
412KB
MD5e7b03bff6bb01d817da8a797062885f5
SHA177e6eba3bf335481db9fc877e8e65e18f2af360d
SHA25688a2c53b2f1160151cb4353d6c3e2c5adc60ebae25584987f48f0aba48bd7079
SHA512354f62db3220f2c49cbd401d30c7d80c98ece519f9ab1f44c4045349fdeddca1e805dad05997741b499be81c06f909f7b6053fa1b0448f6e97546e9f01e2e06c
-
Filesize
68B
MD573ab19b5384a8b11a9e724e2b845a6c7
SHA176fbf21ee48d47216a159afead0a748f6cf855ae
SHA25622691776e945e9b12e156041bcc2cbdfa970a1984eef5b3e3cbcce7879edb805
SHA512ac920810176ce26f6498c983810b5cabd42372318e11106b6686f271b3b4f807041acdcb2bbcb40dc234879ce2765f3154c7e40403b01c01f33649b4d80233a4
-
Filesize
14KB
MD56c07818ff3050e72c7ab6dd6478e79ce
SHA1e4b6e80c2fc5cf5ed24d9086f33e854720cfd78a
SHA25675ded08013c6529c14fa98f31b951c258f50554e3ae93d511c102fec26a8e52a
SHA512f29437a29f6d4954d8f6b43a2071eeee5b69f7af0ebca18590be75533f057ff12ebea875230e53fb75c672eb80064bc4a798fe4d02529833acf6e6093fe504c1