Resubmissions
11-12-2024 17:42
241211-v97eaaspes 1011-12-2024 17:40
241211-v9bbvaxleq 1001-10-2024 21:39
241001-1h1ejs1hkq 1029-08-2024 12:54
240829-p5n49avaqp 1017-08-2024 17:42
240817-v94y6a1cqp 1017-08-2024 09:57
240817-ly41casgkj 10Analysis
-
max time kernel
62s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-12-2024 17:40
Static task
static1
Behavioral task
behavioral1
Sample
66bddfcb52736_vidar.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
66bddfcb52736_vidar.exe
Resource
win10v2004-20241007-en
General
-
Target
66bddfcb52736_vidar.exe
-
Size
190KB
-
MD5
fedb687ed23f77925b35623027f799bb
-
SHA1
7f27d0290ecc2c81bf2b2d0fa1026f54fd687c81
-
SHA256
325396d5ffca8546730b9a56c2d0ed99238d48b5e1c3c49e7d027505ea13b8d1
-
SHA512
6d1fa39560f4d7ca57905bc57d615acf96b1ef69ca2a4d7c0353278e8d4466298ed87f514463c49d671cb0e3b6a269a78636a10a1e463dba5c83fe067dc5df18
-
SSDEEP
3072:XqsEJybpRHuJKKBardRei4UGvI96/ZO6RAkeOCeP9sZy28se:XqsMyNRHuKikUi42KZO6PffmZy2d
Malware Config
Extracted
vidar
10.7
877956da9963e0825aa43a159a358f24
https://steamcommunity.com/profiles/76561199751190313
https://t.me/pech0nk
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Signatures
-
Detect Vidar Stealer 5 IoCs
resource yara_rule behavioral2/memory/4624-4-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 behavioral2/memory/4624-9-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 behavioral2/memory/4624-10-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 behavioral2/memory/4624-13-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 behavioral2/memory/4624-14-0x0000000000400000-0x0000000000643000-memory.dmp family_vidar_v7 -
Vidar family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation RegAsm.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3896 set thread context of 4624 3896 66bddfcb52736_vidar.exe 83 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 66bddfcb52736_vidar.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegAsm.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language timeout.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 RegAsm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString RegAsm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Delays execution with timeout.exe 1 IoCs
pid Process 3672 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4624 RegAsm.exe 4624 RegAsm.exe 4624 RegAsm.exe 4624 RegAsm.exe 4624 RegAsm.exe 4624 RegAsm.exe 2288 msedge.exe 2288 msedge.exe 4792 msedge.exe 4792 msedge.exe 3180 identity_helper.exe 3180 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2040 firefox.exe Token: SeDebugPrivilege 2040 firefox.exe -
Suspicious use of FindShellTrayWindow 49 IoCs
pid Process 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe -
Suspicious use of SendNotifyMessage 46 IoCs
pid Process 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe 2040 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 3896 wrote to memory of 4624 3896 66bddfcb52736_vidar.exe 83 PID 4624 wrote to memory of 2964 4624 RegAsm.exe 87 PID 4624 wrote to memory of 2964 4624 RegAsm.exe 87 PID 4624 wrote to memory of 2964 4624 RegAsm.exe 87 PID 2964 wrote to memory of 3672 2964 cmd.exe 89 PID 2964 wrote to memory of 3672 2964 cmd.exe 89 PID 2964 wrote to memory of 3672 2964 cmd.exe 89 PID 4792 wrote to memory of 4044 4792 msedge.exe 94 PID 4792 wrote to memory of 4044 4792 msedge.exe 94 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2012 4792 msedge.exe 95 PID 4792 wrote to memory of 2288 4792 msedge.exe 96 PID 4792 wrote to memory of 2288 4792 msedge.exe 96 PID 4792 wrote to memory of 1496 4792 msedge.exe 97 PID 4792 wrote to memory of 1496 4792 msedge.exe 97 PID 4792 wrote to memory of 1496 4792 msedge.exe 97 PID 4792 wrote to memory of 1496 4792 msedge.exe 97 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\66bddfcb52736_vidar.exe"C:\Users\Admin\AppData\Local\Temp\66bddfcb52736_vidar.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3896 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4624 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" & rd /s /q "C:\ProgramData\KKKKEHJKFCFC" & exit3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Windows\SysWOW64\timeout.exetimeout /t 104⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
PID:3672
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffae37946f8,0x7ffae3794708,0x7ffae37947182⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:12⤵PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15003184274118368226,13532885243395909405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:692
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4900
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:4400
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2040 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a544aac1-57a4-41c8-afb8-c5a9f0b42634} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" gpu3⤵PID:4488
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81a47d10-48c3-41b5-bcb4-f705cbe30a98} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" socket3⤵PID:4076
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1616 -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3068 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d642985-3a92-481e-b47c-99beae6dfc22} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" tab3⤵PID:3236
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4220 -childID 2 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9a9d8e2-206e-462f-b215-fdcfdd1cc9c0} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" tab3⤵PID:2108
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e9ad8b-fb9b-425a-86a5-d7605496eeb8} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" utility3⤵
- Checks processor information in registry
PID:5492
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5236 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e0c3f38-0429-4ccb-a973-46426d9642ef} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" tab3⤵PID:5816
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5388 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {221b3687-6842-4235-b53c-8b9828a6f6a8} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" tab3⤵PID:5828
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5572 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a038df6-5404-470f-a835-450fba6bf4e4} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" tab3⤵PID:5840
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6112 -childID 6 -isForBrowser -prefsHandle 6136 -prefMapHandle 6132 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e4315b5-70f4-4ef6-a4a3-9957ae0a97de} 2040 "\\.\pipe\gecko-crash-server-pipe.2040" tab3⤵PID:8
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
68KB
MD57057bbea327b8a1ab91aa99426d71557
SHA1486262c0277d0a5ac74ba889722345488e817f3b
SHA256cb13a106b6efc6fc5121d233391f66545575660ea00c36009348671293677d3b
SHA5125b0a8bf662f0a9356ad08ad8832d82398ecaeac5464e20f6e760895b5f0898f85bc9d6f6a926b3d5284cd190214dc6868519cafb03a4ef2570298f87031a8633
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
70KB
MD5807dda2eb77b3df60f0d790fb1e4365e
SHA1e313de651b857963c9ab70154b0074edb0335ef4
SHA25675677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc
SHA51236578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5e3ae79474933599c1d3b06d94179574f
SHA13b64fc048d3d001a09a0041f51dcd822ae9ac072
SHA256f55f8d743ecbf7ef32ed063d7d9e708dd82816ad4321284cf83786d08fdf4584
SHA5129cebe283d0bc9d60334aadbb3395bea12d22092568feae2c599580ec64f8bd903e3c1b78834c3515db7cc19abec88c1e3884a1f6fd930909e72ee659aab20bda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize984B
MD50cace14b16b4a2e3cbdc251d4dc976e2
SHA12769e11813ef5811507cb26d6acac9be7cd8e090
SHA2566e65521633e53d8705a78ab72dca401f721bdfce5273e9895804f827411b00f0
SHA5124c9bc931ed2379e686f3d192fde01802dc3fc5cf306e2d966283fe96d31c28bf108a2031424abb4e6455894a14cd708495153237bb1c57fa033ccf6bc902d5cc
-
Filesize
545B
MD599ecb80bd8e2928d62b975ed1bc05820
SHA13753875717fa42c26c8a8c7907af8dbd8a6af474
SHA256c64f4f8fcec51b6bfeb210c3f02a26089f10ef51df965479950315486b617e9a
SHA51201e22dbdf1a7493dca2b312115a40c214998a42b31c3aa644e0dd904856d32a03f7e44cf4dc90df35353fd9e406d211f5ea30246bf5ebb8262191902bdf67012
-
Filesize
6KB
MD5f3e13d03e694b75e61ea54430ddb0db3
SHA12acf4df82fa9f32c3fc2701bcc58d9a8b323c232
SHA256dc15e15958ad125db1bdd1f08efac24bdf101100c4ff7191ed9415a75fed905f
SHA5126d4ae843fc8b6dd3e939c9e858f35f6ee4e9688d4d90a1f8f93d5e5b28ac5d9038f0468185ec1d5fb0fa192a9494d8f5aea3a0fd9a725c160cca6ae24e42e596
-
Filesize
5KB
MD5da361bf81bdcdb05ca2d221bc4885cac
SHA1287049fcf0260e970edc3f884677c1a422f53c00
SHA256b84d4d1d0a1aa673ae005ec55e3d70d82e22c2be06330668991ff9204b877b28
SHA512ef3f3a41ec65eecfbb92014f576dcd5799a34d57bf23fb77d4bb84e026ae0a97734d5c7a056b095acf1cf7b7610a3fe521098e923f517e1bf66a5ae83746adee
-
Filesize
6KB
MD57eefdcefd3692708a7a522a991e6c689
SHA1fe9fdab431c9ec462095839fb164529967cd9d06
SHA256e56f90962c914500eeee2b329079c81395d3243a8ec7069067938595f5423504
SHA512657ce882221eea5a104cde1eaadbf7eaa7425789bcfc5363770290c1249cb962f2fd52808c51a5e7b30c2516564a08c53787b98c828d4ffac0d869fea9681793
-
Filesize
538B
MD53e1c9b9c615c78820ecfc577614fc43e
SHA1e7c6f03e8cdb8080af24f4d54bec5afa0dd5b54a
SHA2564e1d5f8b9d0028cd0f3170446e20a9d719ced3ada5d08bd5014168ab0af5dd1b
SHA5125f6fe0019cad05493336a4111b2f4883aaca7bc42a53240807f155e0fddcc4049f9f153bf9147bbeef9588c1a1ce0482c3ba99baaef99c25bba632bc2837a764
-
Filesize
536B
MD5147f15667dc47c435890ff0e0b401b62
SHA1f596f45d3dda20263a88f4671409aedafc3d6138
SHA256e16b3a1dbf088afc3f18bb498798274fea5cd59c2487ee07bad5c8be70c4860d
SHA5121b4bec6cf6c0ea766670163b1718fa27ecd6218096599f340e07c9f9a97fb3bf2c03d90e4534cf2a3033e60be04e7e7836023da734635b15d7cb639ff49b8388
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c6fd321f7dd079a70ee31745b39ef7fc
SHA1954911df9e74218e9135f0c7fa8f0f6897e9a3f0
SHA256e6451fe5660e830a884a3868aa811fe8cf053d6e8398c6aaeb28809b159c615a
SHA512e4ac4403da0ade8e047e67f01f82e3d872e90f8b880a3c1a8ce526a12534e8753c1cbc6d67d4911eacd9abb9d69166b1a47412e428e1f1ed6a92ccbba949d144
-
Filesize
10KB
MD52e4f7ced81c961b598fd0cdd512942e2
SHA1560dc37cdaf57d2f6a1aa607a3839edbc4b0ea00
SHA256feddd7a94628deb78b75c86fa956969c89fa1e60fb6d539b32a412946fc151ef
SHA512333de191d705d9a0ca55d44aace7d4f1cd236fc6e0a9fa00ba785a0b82966101d782198280af962d61b05c8613ce4baf65db417ed44a48aef636834b89ca3190
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json
Filesize19KB
MD5c7520450e3939216a6107f29ee54573d
SHA1d853e096241b1608354eebe967135270c4222741
SHA256716fbd231072b02f4a8a35c9420e061d3fbd9df13db6bbdd7274f21376668c86
SHA5127d97bbf8c48a4619b521751e71fde3b3a88114f8db40d5274768478d7e6e7d20fad9bc64fa5e63cb5a31d65f910c5d773d512c65a3af317c753be86f7672aa52
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
Filesize6KB
MD513511f60d8fc649d396a899b1d3652dc
SHA1af138ba020c8350162f596b4d0f03cab6565a256
SHA256d95091c49b0021d3420b5b2b0af81929478ecf8edd89cb43a184b0c90bd8cd39
SHA51299768aa8ac7f8c3a0f559e4c2d7970df376b58de7f0bb507c7b221c9b502f72b71c6c71bb0bd8581ac8bd16e8b71d92e7ca0c3f63f0bba6f3881dd7765681460
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
Filesize8KB
MD51bc35a49f01e1a551829051f8ad3febd
SHA1a5661868d11f2aa3be79dd7ea686aba1732eedcd
SHA256a96c8242147c2e17e90c4390fb5c5a93e6c7ce41afe494293b59d4b2c64b0a96
SHA5121f1051ce8ed07143c488724d9df3f0858997210870ca707a5ab1a6284bd369c250e44bb4f62e0a811060349fea09263f0acf40b1259391645707805e9fc0125b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD57837263fbdde11e4bc7b50903d4d3956
SHA1b4630901d380bbab18744c5b3a9300f619a39ebe
SHA2567a81a13352fb6bbc5c4234caf669fdd43ed8511dd78413431a934c4f2e1bd961
SHA5127eeef5542a2a469fee833adb307f2a2bd655e02fc18e85cc2ff10ed2093e0dd3f0a93f5958d0e168b7101bf915e7df719823166ca0a5a6a514ca019bb3a79a34
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5671ae18be20e50826856ed99922d77b3
SHA1ad87c763e09ca42ffb4fe4bf70c0623e20396fad
SHA2562df1cfdef8e39d54ca0242d32d482ef5a753e86e7e03d3344157f38733d443ec
SHA512e7405699ef4446a90b4af76976a8252115d921651e77c4f21eb3c1ba1156643fac73254581cca18768dcc30d311674752f4eb2929d69b6cc95d5ec38573c9e92
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD521a8cb1822acecd244e2223389a6ddf6
SHA1dbd1eaa23589a29eb1ec9eb938c5f4b7b2898c29
SHA256686c12314eca88c68176fbf8bceeeac3cf017e0fbb37cb9a1ecd2d9d55a7422f
SHA5129660d4774c867b9f946a8bbd851f36a8f06f572d8e1d399fd35e26b1c9c774583d4494963b668030a177a8f7c43fa27d48c48862770a1f1fad38d29ff1a364e8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\5cbc3c1f-0c7e-4d38-b8a5-cadc1ea85604
Filesize26KB
MD55f6f7ae8a7a6651d53178174575d9029
SHA1ace2faa230600d549552e9fe4c9b441db786c3c6
SHA256a385a58bad657d23e8bc48e04d9d19a50ee03676b9577bd9f9912b7b6bead592
SHA512c5fb0ab5c04b0dc7bda55cf3e31263d2f87584180c7beafd9620586e841eae8f169c1522e0bdb2d236cb8d0a7f3a8c7aa587676def2ef274dff36a5c98dd6ed5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\cbc4a6a9-d7e3-4f8d-a2f9-f9f251297847
Filesize982B
MD555d7a2eb6bebae377694b59959cf8f7d
SHA10bac730bd357426d786eee29ad253ff8ac653b91
SHA256b0111143757aaf12d6d78bc0f14223bfb36f5344bdf50567bfac7e940b391bdf
SHA51233470e710e3951a6314c1a4580ac7b0a0719536327be5f45b36837e69378b6bea96a42e034c5d983f36f9c894a9a142f03938206201675d57f7eba1eaa001700
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\f73a6443-edec-4254-9a82-bdc24d014611
Filesize671B
MD564714619879faa563ed47df0ecf7bb0f
SHA1af9304ca2d8d8f12a00045ade5369136fea21bdb
SHA2568052e953136a2bd2744e8245cf3e0e6612062ddccffb6265579c4deed0c1d60c
SHA51284e9e4908f7cf5c6d9e294237d06d41022b3dc450ee29d1e54fe66c21b012c5a810a48cc65865246aa48353b23c4f683c8b653d03cfa5b3cd9f72ea6698c92f9
-
Filesize
10KB
MD564715d923826d0c2f10aa0df61aaee38
SHA16146a1c4a7a4fb87baeb2a752c4ea83ae59f651c
SHA256874752df2d47e2cfb2bb3b7b063140e81b3293b95844db1890d99e6a31d16ba9
SHA512d0331a8bfd94d0f54b5fbeb81f87365cfcf7007f7a981e1a9b546ffb29cca7fa8ddb790fb22e39b3be53b149e43abe88d8c6a7dcce11a825883e65ef5b7da6d6
-
Filesize
10KB
MD5b37b0376fc62963848ea8350d436b089
SHA1b4b5eb40164738121b58252f67d5f5506c46a7ee
SHA2562408556e87bcbfb8b819370b6b76d5a5e1c1c980f3455deeeeb2bfbd15e124c9
SHA51205784c0fa6127ee9160d564c90d67ce7edbae5d62ffa4be6d74438d368c180f272f3b1ca788a85e78bca6c88edd268a0e91701956cadfe364fdf823f57d105d1
-
Filesize
10KB
MD5b0fee71a449f044558561f608b2f32b8
SHA1cb6684ce03953b73a61346fd921d430f7f1d6ce1
SHA256dd869c8b301b22f7394f5b90e4d0f00353c09eef05e118771b69eaa7ba0d314f
SHA512c63588471043d682cc056b092fe8e47b55191bea5d89045549e029c7561543e8808fa650576992a9178f6ade8f5a945863de3b98740c11a1cbcf0e376730bab2