wannacry | eca69364de89e1211f5d4f95de4757eda2ea713d0848868a75c59831195382bc

Analysis

max time kernel
0s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
Size

3.6MB
MD5

f4f5aace38ee2d634d1fb305153dc5f3
SHA1

8a57e7dcd86c5edad11212c5d64975e9bcceeec4
SHA256

eca69364de89e1211f5d4f95de4757eda2ea713d0848868a75c59831195382bc
SHA512

0a6aff552aeb6e1922743331ade30c0741da429d40de878b98abbfa2dc47d31c4106fdddcea4f7c4134c38835e2863bbb4ab4fda353436a1a0dbf3f22dd5e21f
SSDEEP

98304:wtqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:wtqPe1Cxcxk3ZAEUadzR8yc4gB

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Executes dropped EXE 1 IoCs

pid	Process
3884	tasksche.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3644	icacls.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\tasksche.exe	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4580	reg.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 3884	1596	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe	40
PID 1596 wrote to memory of 3884	1596	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe	40
PID 1596 wrote to memory of 3884	1596	2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe	40

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4404	attrib.exe
372	attrib.exe

C:\Users\Admin\AppData\Local\Temp\2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1596
- C:\WINDOWS\tasksche.exe
  C:\WINDOWS\tasksche.exe /i
  2⤵
  - Executes dropped EXE
  PID:3884

C:\Users\Admin\AppData\Local\Temp\2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-01_f4f5aace38ee2d634d1fb305153dc5f3_wannacry.exe -m security
1⤵
- Modifies data under HKEY_USERS
PID:4732

C:\ProgramData\xsnyluiav827\tasksche.exe
C:\ProgramData\xsnyluiav827\tasksche.exe
1⤵
PID:2172
- C:\ProgramData\xsnyluiav827\taskdl.exe
  taskdl.exe
  2⤵
  PID:3108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 285311704436540.bat
  2⤵
  PID:4260
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - Views/modifies file attributes
  PID:4404
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:3644
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:372
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:2708
- C:\ProgramData\xsnyluiav827\@[email protected]
  @[email protected] co
  2⤵
  PID:5016
- - C:\ProgramData\xsnyluiav827\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    PID:860
- C:\ProgramData\xsnyluiav827\taskdl.exe
  taskdl.exe
  2⤵
  PID:3608
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "xsnyluiav827" /t REG_SZ /d "\"C:\ProgramData\xsnyluiav827\tasksche.exe\"" /f
  2⤵
  PID:4864
- C:\ProgramData\xsnyluiav827\taskse.exe
  taskse.exe C:\ProgramData\xsnyluiav827\@[email protected]
  2⤵
  PID:2972
- C:\ProgramData\xsnyluiav827\taskse.exe
  taskse.exe C:\ProgramData\xsnyluiav827\@[email protected]
  2⤵
  PID:3468
- - C:\ProgramData\xsnyluiav827\@[email protected]
    "C:\ProgramData\xsnyluiav827\@[email protected]"
    3⤵
    PID:5076
- C:\ProgramData\xsnyluiav827\taskdl.exe
  taskdl.exe
  2⤵
  PID:3420
- C:\ProgramData\xsnyluiav827\taskse.exe
  taskse.exe C:\ProgramData\xsnyluiav827\@[email protected]
  2⤵
  PID:400
- - C:\ProgramData\xsnyluiav827\@[email protected]
    "C:\ProgramData\xsnyluiav827\@[email protected]"
    3⤵
    PID:1620
- C:\ProgramData\xsnyluiav827\taskdl.exe
  taskdl.exe
  2⤵
  PID:3832
- C:\ProgramData\xsnyluiav827\taskse.exe
  taskse.exe C:\ProgramData\xsnyluiav827\@[email protected]
  2⤵
  PID:4840
- - C:\ProgramData\xsnyluiav827\@[email protected]
    "C:\ProgramData\xsnyluiav827\@[email protected]"
    3⤵
    PID:1384
- C:\ProgramData\xsnyluiav827\taskdl.exe
  taskdl.exe
  2⤵
  PID:2016

C:\Windows\system32\cmd.exe
cmd.exe /c "C:\ProgramData\xsnyluiav827\tasksche.exe"
1⤵
PID:5092

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
1⤵
PID:4428

C:\ProgramData\xsnyluiav827\@[email protected]
@[email protected] vs
1⤵
PID:3288
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
  2⤵
  PID:1780

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
1⤵
PID:2292

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3880

C:\ProgramData\xsnyluiav827\@[email protected]
"C:\ProgramData\xsnyluiav827\@[email protected]"
1⤵
PID:4900

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "xsnyluiav827" /t REG_SZ /d "\"C:\ProgramData\xsnyluiav827\tasksche.exe\"" /f
1⤵
- Modifies registry key
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\xsnyluiav827\00000000.res

Filesize
136B

MD5
86555923a31f9c8c4cce34bfe6a9da8a

SHA1
8dcd6a577094acb80460b535a27b67329fa66bd6

SHA256
319540d78c6b6550ae7066dacdd14e435d4616d75f67fd72509403fc1eb5bd4d

SHA512
b18eb889eca8da925672d44fe22c5e83bedd71372fc0f16aa48de4538356344bd32b1539ad6796480781ecbec3c6721d699ce7d94562210cc5bc92474e01171f

Download Submit
C:\ProgramData\xsnyluiav827\@[email protected]

Filesize
1KB

MD5
ee45212a08090487925c26cf99443f09

SHA1
19a7e76d8a38c7cd0884348d8c8ceba611d53962

SHA256
d87a4454bfaab36dd73adfbc69f16906a78ad61fc7b0ded00b3a7af49c45fa70

SHA512
554b71b4014e7098c23f0ae92d48e3fe742a1f61f4380044986f2674a1f002ce9fada722f53a3902fca55b8acf6697126c21d619dc8fc5176843bc3e6da66897

Download Submit
C:\ProgramData\xsnyluiav827\@[email protected]

Filesize
53KB

MD5
95e301b73a1ebccf538c6ddebbbbf481

SHA1
92199d74335ee1d8ae0fe2c2361485dbb9869f22

SHA256
3235a1fa1cadfe99504aa2b26c1072f487adbd5b13f578ebe97c04507d9a9338

SHA512
26ed48fceb4d0b79a184efc27e76c4d56e7179e7b0d752684f267d1873e3d05c4e5220d4470aede51005ccc98fda353ce5f626fbfec1adf2ea89dd5459ecb6c0

Download Submit
C:\ProgramData\xsnyluiav827\@[email protected]

Filesize
7KB

MD5
1b0998d66284f2f2101fa79586c69a4e

SHA1
00767ea2e5970fb7995102dba636f56859750794

SHA256
3e0c1cea30e1d85d1273f134051ed43d1a497fa2314127f5163600c3ef4a314c

SHA512
87f79c210bc255bf87974a0096b0b928582c004ba99f8d57131629eaf915bc0c0e1286a7379cede94ad2525a488170926a65f15f5509e83bcf710b92e813bce7

Download Submit
C:\ProgramData\xsnyluiav827\@[email protected]

Filesize
749B

MD5
4f5560da7c635ae844ce18ce66323119

SHA1
3ae19a5672228bb82093ad005129e9538c2947b5

SHA256
03d292d116b989b3c743d7b9ed2e058443640f8a060a70ffc8190ea0d24eef68

SHA512
5688884820f21af794d53b413b5542e6e1a1ffb496a5fe5f5cfd407057b4beaa354057c5e5c4143c3d436c7bcb8e9f206ac2b2ae85171b76945017824399bcf2

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\LIBEAY32.dll

Filesize
59KB

MD5
de8315c83c7f503eae2babf199f97df3

SHA1
b277198d47d6ebac96a275d78b807282d1c2e0aa

SHA256
e748d67adadc577cbdbf0e0a773de7cf11faeda3762a43d701e179f35c5cc453

SHA512
71132095c0c41e27f751757f32fa65650fc85a1552f3d842993dc3eaea77e30b0ec84708cc117d9810d892f3bfe0b3d9e9b33179ca01f581ec6e4d5277042a84

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\SSLEAY32.dll

Filesize
77KB

MD5
07ea82de8f89615f3653817555ace773

SHA1
8a8eb82c45ea31805bee56d60fadb74bf4eb3dfc

SHA256
676fb97cce92c0da9315d192000d824c6383ba3a890160a7c3fb16861722ab60

SHA512
ef40536a26945d5282686aac0650595d5785162eb0c5a8c4b64a29e9cb7ef4de82987db197fe381b5d44318d4f7b468b9193014b70b4581f18c86fcff4d2545f

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libeay32.dll

Filesize
99KB

MD5
d3f197381dc23ab495bafde3fd7c0515

SHA1
da8b2b0b4d9bf16ec4ecfab078ff020a0687cbff

SHA256
446f2d03c40d5432f03b5406589fb34a58fbf8e951c4a779ed78b2067472ac22

SHA512
fcdc1a7aaf1b081e951c3024101d43ea3e244558d1b99d6b83dda729b398153f3b8ae91ed3df62bed567477eb9dd9ef22795328bb335b844d3a1596ea62fa35f

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libeay32.dll

Filesize
71KB

MD5
35df268d9053dda6e740d33599807c67

SHA1
a02c44f6a226e946c47f3cbbff9e8bb63c4b01a1

SHA256
689fcbb89ddaa1c94622954572757b9fd8182acbcfe48acb28af051b5043b869

SHA512
79a67f21100e885e0d600329fae011bba85de982d4607ace748430b500ca0b7bba8d15dd5a49355d3617bd050d553a5647e28d8f30fbfc78161193cade631bf7

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libevent-2-0-5.dll

Filesize
17KB

MD5
c61433fb35029a77f61a39de79b5c5aa

SHA1
34b434a71342f076627ae0ba0833bc1ceed05523

SHA256
2606f914d7ebb899ca95acef4ae5b515e2bd0d6ceba8c3d5d823c5f6e9da71f2

SHA512
18ba890e08ed6b73850f1f131baed956a546f8da0b5bab3a0792101a66589cb8f2aa4c3a192a2db0779b3858abcfaa258afb32a9983335317ecee22f854461e7

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libevent-2-0-5.dll

Filesize
110KB

MD5
d61e44de0365e977d062f20b27c88467

SHA1
2812b490a9dc003563fc966c322cd7228c7615e7

SHA256
375913422fb862672f8bf6760b088af9e823408040d73395e53124de4426bda1

SHA512
48b2c3041f6fe4d43f779c4ad54a51edef290a74c4bc85011ee1a54f2094c8121f73171d9b85290a5bd0e89a9e70619154d23725579721136d8f3937ae2f2f88

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libgcc_s_sjlj-1.dll

Filesize
21KB

MD5
b8fc29a5839ddff26650e5d6baf147e8

SHA1
40c8b4fd9b62ccaa92c69b285a6f8a2927af1b92

SHA256
d6bf949e8c8b12eaa820f220f1d1effee661ebf687040d28247c91d4a450bca4

SHA512
4d307e2099af9837616eec0e4aa35c82d251ea7bf8e667c3247f9f9e427bba97c37495bc13ad9edd9524b86e0e887cba4038df30d565f401db666b4b69a58938

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libgcc_s_sjlj-1.dll

Filesize
47KB

MD5
4316e25985a5cae01b4831c3a6052fba

SHA1
851cf1217a50895cb7390c7bff2d636fbf16edf0

SHA256
ff65e4d162fd525f69311a3ab269a9e8c563f642aa6b5aee0fc80abcd16c0de6

SHA512
5ef0175ca67a6af76f288588c8c9c1430ab9826efa7078ec29128c0c0218cd27746b861f4a3d277107c1c84185aab43dbd7ab6a90adba5ec36316e8a3e24bc0d

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libgcc_s_sjlj-1.dll

Filesize
41KB

MD5
19bcaf8aa23769303498a79919a0b8ad

SHA1
0916a613fcc58d2a7174c0cecc333797430f5fb7

SHA256
90bc4e28fe28ec494736a08bbd854f34f94a3f576d3ec06962dd1f16bb06eb82

SHA512
30bdd1bbdbf51ed4f25ea3a89f33f15497bbfc3c008e1b1f6ceeb4accaa74d47986557f03ebaba6a3c1a2cb36aff63db312952de0f61abd7b1fdd71802b98fbb

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libssp-0.dll

Filesize
63KB

MD5
ee6cfaf357d688646177899ab3f4fbf8

SHA1
c66cfb68d1cc0fde875281ad882d90cc2f801ff7

SHA256
df1b7df93d2af38fb4d146020f4bc90e1bef853e537c49e31336a6fbb8f814f5

SHA512
53f1a47f43eb48f097d437563535c44eba77c9f906c0187535c26ae66da860ac703968a6c3c7f2d60faf8146f5be096bfeb057780d1925de55895e1bcc0cbca8

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\libssp-0.dll

Filesize
90KB

MD5
78581e243e2b41b17452da8d0b5b2a48

SHA1
eaefb59c31cf07e60a98af48c5348759586a61bb

SHA256
f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f

SHA512
332098113ce3f75cb20dc6e09f0d7ba03f13f5e26512d9f3bee3042c51fbb01a5e4426c5e9a5308f7f805b084efc94c28fc9426ce73ab8dfee16ab39b3efe02a

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\ssleay32.dll

Filesize
92KB

MD5
7a1785297af9e351a237342d6166bfd4

SHA1
9b5e65ad89e865272e193f3f9609ac5207b6f175

SHA256
28f9548fffe4b15fcccd5efa445eb45ba00591964c5e99fb674ac9cafd66a124

SHA512
a8105c3c069b219e9d409a88c2db26d71bdb53cd97b1ef271a954f98307b97928098cbb22b2665fab4d30d4bf9406507c66238897592f076b41426b5eb5f1ca7

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\taskhsvc.exe

Filesize
35KB

MD5
1672d4f4e4af61ae124eedf1e1759c97

SHA1
076460b6807892246097e939e0d48cf5c13aa0c3

SHA256
53c73e8ceed438d70c105241eeff35b2837890c95ad4fc2eaadee3577a718fe0

SHA512
36267a95fe8ee8fce5a2889f9b3bc4fe1c19490cbc4359173bf32da652d3fcb5f7bbe085bf263df13077941dadd8eaf773ce8e2a7ff5968be2a818fdde60769a

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\taskhsvc.exe

Filesize
25KB

MD5
cb9327d17664fd401fa76352368e719a

SHA1
6d4e518dd6c6e602984817930615aa1d575c3800

SHA256
0c4c4ab046d9b2a318757f0f7de781b85ba3d114893527342d08cbda191dd9a9

SHA512
84bdecfe224b3f4fc252e7f659f76a1bff187a20a773bc3d87b4fa573e8a830b3957a2ddbe5df4d3d532a47db46c461440e955fe67164e29d583fc4fdbca2617

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\zlib1.dll

Filesize
36KB

MD5
0e0bb442467e00a395061b85c87575f1

SHA1
67867313ebc221d5c319eab91f1182da3de0c8d0

SHA256
8ea167029d40efd46e38a3ec2bbb0c37d16740d1350770bf79061451de9d02b5

SHA512
06b120a19c2af79052ad41268ffa3805dc02450b94e7f5b3f084552a3edab40654eb8227b77452eb3a141d39e581bed488446d71d6625546eedbf08d0df4ae81

Download Submit
C:\ProgramData\xsnyluiav827\TaskData\Tor\zlib1.dll

Filesize
53KB

MD5
b6eb0087e0882fbd8ec72c8386f60ac1

SHA1
0a1518e7f5d450cff8c7387ad2965c4e9c3f3f47

SHA256
6fa9336a13d54af6ef31e70c495917b05520bc8b15761327cf34f827264199b3

SHA512
6ac071d8947011bec17fc0e54e59849dea87134ceec4a6737c6255228db9c42db4dcf5c16d43314d3affb7617e3ed9fb1f1d010a2c85d0b12271f871507b1f05

Download Submit
C:\ProgramData\xsnyluiav827\b.wnry

Filesize
2KB

MD5
a2e627e2a5bcdc3c5b9ae55ff68b9514

SHA1
f9c9caf3283139ffa30bf27b24a7afbc7fa64610

SHA256
5fbaf3eddbf1e374e87db8eb402b0b578f07b8624eaef1e1848f57b28ac3c9e9

SHA512
61422bf67a92485fd9b562068a09a58559c88fb9a8372792a3e5ac13487324940aee750fea634f9eed06b33c2f7f78d300d04af40337c7789d35b8f3540a4848

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_bulgarian.wnry

Filesize
1KB

MD5
b3c44b54acaf002e4582b946da1cc425

SHA1
d5b7662b3eec6399d59b718a14e8b897eaf5256b

SHA256
0220f37ca591882129282127cdc4d6e2b83906c6782b2168d2e0bf0dab1f59ac

SHA512
11222c134b6f515250665c030650a3072940d8c0ef295b1b9bda0f7443d4c992602fd236ccab69703973be994c1cdf85da261601650b23b0642bc5428b22249d

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_chinese (simplified).wnry

Filesize
50KB

MD5
a9cd5ab39ff017b3a686dcd7bb514226

SHA1
65d99812f6483e85a3aa5ef6713e7b2ab92a0277

SHA256
2b1f3396919617ee91ee7a964a6925f12531f32a5437e1a00ed3192459a6cde5

SHA512
25301029836a022ef26a36017112c074dfbc0cb20ff6ccc9e3051241a2a528202c648c9810e2daebe3d9cfea2d8925a9c35c17c3e87b7006439dfb0d71f6d2e3

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_chinese (traditional).wnry

Filesize
7KB

MD5
df3db78da6384387c61ccb39638b4f40

SHA1
69b694f950797532cda350ae68a10e0cb97b1f58

SHA256
df1ccfdf53ae24e6a29649161c614bd8ffef36214727c04717da4b002703e816

SHA512
885c4aaca1ab2e7fab2d7ff1b4df570ccb78276d1751ee76bd16ae5cb1e3a2eb43bce43d3b66bd59cc7597db6303d2e566e2e22010d0483be7eacc26af68ede2

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_czech.wnry

Filesize
7KB

MD5
e514e9c84daa72a86c3ca1d1f8cc1573

SHA1
93cf348321eec417c216b9b783aecc183133c183

SHA256
0962b5e2d8c81ffa92a3b5feb83be0edc04d14234de8ccacb40ac9f43ac06335

SHA512
68e6be3c35c23244533d7b65ca195e81627c89863aeaef10bd49e7ff000ad64ce377443dc66ddd777c7f5612716a457f012cf5537dc771ed00d5ee61b24c5e3a

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_dutch.wnry

Filesize
25KB

MD5
8fbee1949f9f321916b45f092285bb97

SHA1
fc80652003d5afb767e3e727a9dc3849ae672d0f

SHA256
e072de1313fd0defe8d79864bd7606f0b52c564c3c7be091f9abfa1bd4f482a0

SHA512
ca0eff01c77123fbceb854da405c8edd9633844cd46a75d01c28c1a284b29ce04bb07d25d2365eadf5e52c7969eebb2515294f6972bc5f8dddd5db0e2b8f210b

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_english.wnry

Filesize
29KB

MD5
162a5b4ebfa9714f30873b963023d17e

SHA1
f2536ffcdd40e372fca3c7feb90d4a8d3b62edb7

SHA256
6a7a55616c8015e828feca41b0f7795eb03b8932dec55933fa6f105712d339f2

SHA512
9a6371206a977396ea58a1c2efe47db85d50f750eb07369e18bd96a588982ef83a6d6b179b9c0f036f0f57f217527541e3b478343ff7b23391bac9903d468202

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_filipino.wnry

Filesize
15KB

MD5
a55090e3d1829c13d8cf945d189f8f44

SHA1
535ecc87995771a122dccc434f7731c8e6305961

SHA256
bacaf34c8b6c9e17880b488970b5010638afd7788ebd9bac21b18ef762a342a3

SHA512
42d2c2050a3f1c6fc8a79c598f59dbd673273ae7da6f52dbdb86adba1d7376832327d92319aea173bf243afc1a6995340e9c5725ade8de6b03f3eeb3322cec9e

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_finnish.wnry

Filesize
20KB

MD5
155d68b4a86f2a77ce2a96fde102532f

SHA1
4e25180f9bc5af24c258bff17a508dc2ee11c6b3

SHA256
ad159e6c7fe16b13ac42d5ed91953a54cebc7bfc9130a741a685fed787a4c32b

SHA512
823969bd8c636366e673619f548fd4066a639844fd79e2450fbc22e4b68581551e01812aef6c12531ed3cebe8cfd01e1cf8b2735564129352900a99d2856438e

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_finnish.wnry

Filesize
5KB

MD5
538f1668a5e4f2cb5be5c8c2dcf0b1e4

SHA1
2e7526efd0878fb0978c3a4c83cba37396c6997d

SHA256
17bb37157d5b1b4119a04bcbd6a2251c86718de9811a73687b51b43be5851420

SHA512
6b7767270f3b3f09c31f337182662a59e96bb549c4661704fcabe400c0999acf0acf3d20c09b053a4bc19e4ea483f17a334836979cfd3717480408e8c2862072

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_french.wnry

Filesize
9KB

MD5
61fd3aba179f3afb181728da6a3371d8

SHA1
922fcd3276d7bf2c189496ac4da1ccfeae87e1ca

SHA256
a1a92cc160f1e673180fd2432d3a137a860861b49a4810b96157e49f93738155

SHA512
a36db8a851fdca3fcaeee3af886bc62f4f15be5c66606cb04b53557debcbd49e3925715f2444c4afa588b7bbb0838695b4b85d20c7902ee3ddce0bd9bcd8591d

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_german.wnry

Filesize
26KB

MD5
7cc587f067ea4a82b1617a34fcbb9414

SHA1
43df6bb0ac718f23df49aaa65b385a47513f5412

SHA256
e994fa6b23bf206f77da3d47ec08594c0f97add685303ef8b9d5af386883c19e

SHA512
57dda1f4d593893ecb411f607b67c71c866c55cafb6375b9e9bc5547c8bf1ccd1deced0f77af650fd8a384d92e8313bef7fbe199d4a0624384a4a1f408818781

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_greek.wnry

Filesize
41KB

MD5
0d577b8615cc6ceadf28e1d70f616fd2

SHA1
b2ee4a32892940cb116e6d758b6c0e8a0f667569

SHA256
610e37ab8ff2a3d9bcde0084f1393892a8aa62bc9738cfa1e8da99df2a2fd361

SHA512
06bffb975fbff5e67f32e9de0b0b59caae445c32c34b7e901bffbf3e47a2d9e8c47f7fb029963a1f6ac197df0f249e43e15c4acae439334e65aecc54068b8910

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_indonesian.wnry

Filesize
30KB

MD5
e24a61a65c4116ff74013b3021a43168

SHA1
675a4dd51204cba01e06bcf07767911a9c9dcb53

SHA256
2afa52203b0c7f59da7ec4e0aa118c176dd29b88b334f58ca870dab6bff5bbdb

SHA512
cb03b3dffa1a4b0562ebe6ddffb6b742282939d77e5e39e5425226d9c1be7ff1f80b647671c391b52d8f0184fc722052acc6c2d7633655d2fe443210e1405197

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_italian.wnry

Filesize
27KB

MD5
46c6f8cb44ba40e3135f50d3074d2171

SHA1
07e006819745561fddae74dbfa432c872e802eb2

SHA256
f63cb1cf05e85418161f6967cd38b3f4c29710cabf72608491de718cad816800

SHA512
05a9ca99f74442fb9f30cf651089b08961a5da67ee0bab134395fb988f5ab0798ac8c55d249bd0da243acc4a8e8d57441514abf4b06d0ab149c56cadebac3cb9

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_japanese.wnry

Filesize
9KB

MD5
a63800a80fc6c1b9c954a986468b9460

SHA1
b445fc55ec7acaf11dc1a57ef7d5373d66353b53

SHA256
55ebcf5dec117a26cb73950075e78a76a889f1dea978f1697ff22544437f7958

SHA512
ebe35b9a17f7f218970cecf6e778b685dc331f920576f7dc920a883cfbf83390e1be3ae315b7c8973a112944a679fc361f8d20305482e5b4c7f0ff07fffd4f8e

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_korean.wnry

Filesize
12KB

MD5
7fab06622f79452c89043a0777a0c0b2

SHA1
78c21dfd38bc41afcfc1ec13c6f348a1863194de

SHA256
1645abf66b941461a97769ef92ffcf5f37f26a6907dc488fbb00b4b2d2f54b4e

SHA512
c6db9d4f41cad30941dc8faf3a9d22ec5d8af61bfe5ed7d6df8319a8ed56d7549cc0411427f1951691bfadfb73591f44af6dc84a66ece4e26b74bc1424d24dbb

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_latvian.wnry

Filesize
20KB

MD5
afa7b0d0b602748ff962e91c2ed332fa

SHA1
5a2dcf10ad4fda5c1acb473691d1787c652a84cd

SHA256
014782c2134802b26cd92aaa600d04505a2abf32af0c05f58331af8eecd055da

SHA512
aeb99059652d6fb146bb80146f79f45a3c5cd808d792cb4289f05a3d57acae3296bd9c12ee0e4f2dbe76be78f188ccd504604f892fd65b106bc7b852b0063819

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_norwegian.wnry

Filesize
15KB

MD5
ad48b3be73c7f0a9290e059246efd0b1

SHA1
d3356542a29844a252bef70dfa1e830eddb01d13

SHA256
2e947d828b90904df47f3e5998a4abc9ae6baa347cc253316840d879f55cc390

SHA512
2b2427bba17d2fc1a2a3c31bc80da069dbfc0e7ef712fea603ef555d9b75c68db493f8be67f3e8c5e2fd1ae43c59f61a87b12a028a56c52acdba1790d145d374

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_polish.wnry

Filesize
12KB

MD5
20f86d02e4a207379b1072d6db256ae6

SHA1
1dca8ea34ec1a1f5cf628e8cc22922514ebfaadc

SHA256
5b0b7712429c7bdae9c83d36f342e421a418abca550c1eb928097ae059f783e6

SHA512
b0c559cea10b756aad1b9aa64c1fcd31480a53d24ec9789566dc838dd838ef6ed192b3c0f4e6114aba617d6eb12c4127dc83d09dc97e62feba52685baa0b6fe0

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_portuguese.wnry

Filesize
14KB

MD5
03f423f0f82e0fcb507dc1ecd2af543a

SHA1
4231ba2e338f31c0fd46736bb20d45810e188633

SHA256
8ead0b90a83a977e599b63850562e68246ff0e6e99a80cd7f092db17fd2d5ec2

SHA512
4973ea819745586e0b9186f22f05cec3adce696a6387d6e146b25b8f043d1a2dcf5f1be14ce7dacf794077e58fbb0f0e4d97a3078331db48d840d0d8a1ac2046

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_romanian.wnry

Filesize
12KB

MD5
7ec814b596d92fac7d94e1bd8c212fc9

SHA1
d2b9c7ab14d53e3aa124d6af55844e032b5040df

SHA256
dd146dad5c916db4ba06e85d3558bfd019d0f0cdcb78ac6544b9fb82660ead3f

SHA512
a95c561784717baa69d03dd9afa682d5e5595912ba78ae0ba78be9da432147bfb8bd378440229f030edb566b1b8a70acee41f760ff58800da3fc18abbccc9afd

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_slovak.wnry

Filesize
16KB

MD5
6cca6687ea4c80e65b902974c102d089

SHA1
5f51de2d64d95d1d5a1a151657f8cd405382bbfa

SHA256
6c972ce570131ff194dfa8688ad1e49739fa38bd82d7de746aa16b018b6f8775

SHA512
42d367dea976036583820729bec1bc6e83c141d2444bcd3752214ae71c71fc3f93c2d8603e259068d388022b91f7a3e828f57029778f95032c29916eff0e27a1

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_swedish.wnry

Filesize
17KB

MD5
c56519adcf3982a88a240b9122feaa07

SHA1
41351ef55a02c6e03951fe1104876643c9db29aa

SHA256
6310c88f7d697fe1ac37f71b60e5346fee479a9965724b0e929067bd239c2757

SHA512
aead312ea26494d20acda20ffb35c91556117beca14cef01f6e9f7513e0f6196a327df41efeb2b9b9878e84a3141fcb79ca885a0ef030b675cae6a341f0e19e2

Download Submit
C:\ProgramData\xsnyluiav827\msg\m_vietnamese.wnry

Filesize
19KB

MD5
d964c6d016d9c77189034c56d3d0a144

SHA1
494cfa1ab04381168275dff91f684d815f6ae343

SHA256
b2a4a41fc4f4cc0c417b18571c70ea2232e14da2a8ad25ff26d96f3a9cd467fb

SHA512
e22c7cd6a1069d2fce89acd080a380828c20ca4e91f0d1bdb318f579bd18a6a2fb6dd858afa97d425c920edf2c08437d3d7fb2ac026f8171ac0c12aff366f317

Download Submit
C:\ProgramData\xsnyluiav827\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\ProgramData\xsnyluiav827\s.wnry

Filesize
25KB

MD5
1fa9ac112b0e19543b41111de3e7235f

SHA1
6d365989a4c1533dcbd2a487caeba5ee6ea8790d

SHA256
4d7747e321adb5d4884cead5ddc31fdbe04b4e5956e5a4234459b6c13f15722f

SHA512
4118f0c0ed4257472039e188a6bcedc58836f3284ac4b0d2ef5a3a3fb9b46d32196feb84872960f9a377d9c71c50cfdd7ee2c287c0127c00f620ef76ba1b97ee

Download Submit
C:\ProgramData\xsnyluiav827\taskdl.exe

Filesize
1KB

MD5
e7ee99407bc93477d3463a716db11372

SHA1
29cf47d5bdacbb13a09fffbdce599d730ffee028

SHA256
b7a3501376d56da4bd97d644b373b542930b71d1845091bb290c66e347c987a3

SHA512
d307ef40b5755c191224ce12c62c32fdf4adb4a04bae7095c99f5046ca6be5838845ad97c99952edf6347199ed023e861675542946434b83c62c13ea87322890

Download Submit
C:\ProgramData\xsnyluiav827\tasksche.exe

Filesize
5KB

MD5
2df828f1afbe70a45e81d86df372b8ca

SHA1
969454f4a876adc684923ac3c538435295e9c438

SHA256
5d5aca24887c9ada9090849681665d6daeb02ea5c4df815009b52d1a2ff1e126

SHA512
bd16a8a801f28a9005f14ec1a9dd0eb791426657ca5e5e05420fa62defe3bbd9865e9811f9705b41f0d35d9ba836d791e68d0b6b74e4665300b2d57a8a50628d

Download Submit
C:\WINDOWS\tasksche.exe

Filesize
24KB

MD5
3a0090a5755b7ef7777331567a5233e2

SHA1
b0133e6b58afee4940b546fc6e9315d69db0f1ba

SHA256
e3fac9436577dd52719e90da0184013a8238e9d59765879792a82b218d593c87

SHA512
c03fa078b7768286c45a0a820e2acaee095bb1085307ad1e3280c3a09a7e4509c3b68ece751c3f51a2faff9e060698bf5bd599ed5131f3c1a7faf5dc919731a4

Download Submit
C:\Windows\tasksche.exe

Filesize
1KB

MD5
3a4338494abd06fd96f5fe4c25ded322

SHA1
fc090e8c6dc8f414596fab3e023c648f30b9b0a4

SHA256
9e75d48121cbcae79ebc1d96acbb97fb7497dd5de487d025bf9612601df4802a

SHA512
73b0bbc1fb4f779b1ac9286a9f6fcf4394bd3ed99e90428aea8f0e9d6873bc2121af34eaf859263aa137cb454fcca563d31c992589320d56123c7ce99ec2d6fc

Download Submit
memory/860-1483-0x0000000074200000-0x0000000074282000-memory.dmp

Filesize
520KB

Download
memory/860-1494-0x00000000742B0000-0x0000000074332000-memory.dmp

Filesize
520KB

Download
memory/860-1484-0x00000000742B0000-0x0000000074332000-memory.dmp

Filesize
520KB

Download
memory/860-1485-0x00000000741D0000-0x00000000741F2000-memory.dmp

Filesize
136KB

Download
memory/860-1487-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1488-0x0000000074200000-0x0000000074282000-memory.dmp

Filesize
520KB

Download
memory/860-1489-0x00000000741D0000-0x00000000741F2000-memory.dmp

Filesize
136KB

Download
memory/860-1490-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1486-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1482-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1580-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1499-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1498-0x0000000074150000-0x00000000741C7000-memory.dmp

Filesize
476KB

Download
memory/860-1496-0x0000000074200000-0x0000000074282000-memory.dmp

Filesize
520KB

Download
memory/860-1495-0x0000000074290000-0x00000000742AC000-memory.dmp

Filesize
112KB

Download
memory/860-1481-0x00000000742B0000-0x0000000074332000-memory.dmp

Filesize
520KB

Download
memory/860-1493-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1501-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1504-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1510-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1511-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1512-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1518-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1526-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1520-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1556-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1562-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/860-1565-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1573-0x00000000002F0000-0x00000000005EE000-memory.dmp

Filesize
3.0MB

Download
memory/860-1579-0x0000000073F30000-0x000000007414C000-memory.dmp

Filesize
2.1MB

Download
memory/2172-52-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download