Analysis
-
max time kernel
331s -
max time network
394s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-fr -
resource tags
-
submitted
22-04-2024 13:19
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry.exe
Malware Config
Extracted
C:\Users\Admin\Downloads\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Signatures
-
CryptoLocker
Ransomware family with multiple variants.
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Manipulates Digital Signatures 1 TTPs 33 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 11 IoCs
-
Modifies system executable filetype association 2 TTPs 54 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Modifies WinLogon 2 TTPs 4 IoCs
-
Drops file in System32 directory 64 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 64 IoCs
-
Kills process with taskkill 4 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 61 IoCs
-
NTFS ADS 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 49 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff828a46f8,0x7fff828a4708,0x7fff828a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3328 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=1332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5768 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵
-
-
C:\Users\Admin\Downloads\WinNuke.98.exe"C:\Users\Admin\Downloads\WinNuke.98.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --lang=fr --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Fagot.a.exe"C:\Users\Admin\Downloads\Fagot.a.exe"2⤵
- Modifies WinLogon for persistence
- Manipulates Digital Signatures
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Fagot.a.exe"C:\Users\Admin\Downloads\Fagot.a.exe"2⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,2073330925399255712,11701049226358323797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2784 /prefetch:22⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\CryptoLocker.exe"C:\Users\Admin\Downloads\CryptoLocker.exe"1⤵
- Executes dropped EXE
- NTFS ADS
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000021C3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Downloads\WannaCry.exe"C:\Users\Admin\Downloads\WannaCry.exe"1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 289821713792109.bat2⤵
-
C:\Windows\SysWOW64\cscript.execscript //nologo c.vbs3⤵
-
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe f2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im MSExchange*2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im Microsoft.Exchange.*2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlserver.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlwriter.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe c2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b !WannaDecryptor!.exe v2⤵
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe v3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD56676897fc5ba24d1f26d3e320f85f4e4
SHA169bd1f5a35ac69aedcddb28ab5894c3c91e1a200
SHA256f0e9f9967361a587883912df4f46e3e7e5d76f8a551967061eaef88455c01793
SHA5122ded4e2d64392de4010bafc8a0655f2b9ce23b5150db43e7903c48d325901ef782f7d792ca3c01e6174cc2d61c5b87e5faf8e5ea3a7e0c2f98bad1ba6c1b7b31
-
Filesize
825KB
MD56473b6a852beff09d64b0af7cd0f4c28
SHA15fd5ae3230946f3bfdfab9c9c6498e60f9160fcf
SHA25657c7ea06cd564b4ce4fc630ef9fb34c3f80a446018fb89ecbc81c0296e5ef375
SHA512118c6f2b4126fc7565582a4efaccf0ecc989388077e4df26715c328eda0299767877cff1e61a5ef49e62c7f473df32692da6b17994bf9ed81a2508ab1f1ce477
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5ddc105a95fd1f83f7270b748012bc227
SHA183f4ecc13745063bdf06c09a21fff6bf85be45af
SHA256e9b1e2e8a10e8970df6f8094854bd0715ac7002bc1eaecaabecf20ea97d4b3ed
SHA51226b1f201ddd6b91cd6208b8585706dee334907833ae54905c8dcdc502ec6e8002ae94d3244b12bcbdd6a970b22273f3f1b2e17f637584f8353ce519a163a6018
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
6KB
MD5f195fea51e0de3d1a64c26f556260cbd
SHA1074d48ec2ef67c638130d205ce7b6fd80de669cc
SHA2562709fdc3eaa99afc0254257d903e88fc270562b680af130f81cbaae3f4522fea
SHA5127ff788fa2495c12fdaa9bc64299503b8b1092c98d5559bd0d00f6760f7aa13d93a874ca2f4f13e76535738d0b623804d29de1e29f2fdfe0edfc0570f920cf356
-
Filesize
1KB
MD5a5578e4da6102dda9bcbcb439ec7c530
SHA1507fbf9b57321babb8c4a3360a2845119b3779bf
SHA256bbb53f42bff7f68045eb6626f3f60fd000b8e06fdaa63dc32b08ba7112382160
SHA5123d374f6d56ff486672156242b58a4407e17ad892ff57d78a763cfed6d0d0ae19c42c3a06ee2309f3cef51e942c3f4be4bcd3d48f52e7dc9632ff8d5e7c83076e
-
Filesize
579B
MD5f1aefd0d378eb603196ab91261dab17e
SHA1bd87d469300da02a13972d7038d9f68b06b3ac41
SHA256fab58f793101ef8ffcce1094e85f8db9c126361c1fcd6d7356c0e896c18b530a
SHA512cc9c9dd5362ed164e52cd018c1cd53a0b51f7a3df4e99f930d5a05038ebada6cb5ef5b76e7665938d139637fcfa512f6ad806e5d470ae44c3c15963b12c85cac
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
579B
MD5478eefb5888180b1fcec047af1f299a2
SHA1512f766aac529c32996c26d25f58725db459c895
SHA25642d66e2c9d9e7a886eae663c39ed171a2a87e6056d9c23221586ec6040d4ffa3
SHA51212e4cff3869ee379d65921f674b0d4f9e5a40be16031eedd3bc13a7eab245e6d6293c701c8de6839300e5a427cb867627d43a0fda6ed98b4eb6b9ebec47d8607
-
Filesize
7KB
MD5815302c0f78eca39477ccc2235dc9a4a
SHA12ac252834833970a6854823080192ad00f016099
SHA25677ba7b6dc22a28e0d26bdc2f6e2be44f27b8d52d62a196963f9af02a5fcdb6b3
SHA512d692d801189a235f69027cbb0c8143ed0c81c595044af37cd447f90e7a724811bfda8c7f02a3a81ac1b1f3ef25a3494426c1300b4a414a83f9341ee8284d3853
-
Filesize
6KB
MD501226b370850c182c1fddecc29fba856
SHA19a9c2d2a82efda30c971628fa5b07e5d430a871b
SHA2560e3b4fc5fd8da28dd06abcab5c841fe9992ea170acaecdace7da55f23c51f168
SHA512164b185446976e0575c5cf7a11a40f133c5297adada6d40663ab422f9272f39e6645aff328ec40485ff7e0aa629bbe143fe0bf217278b5b6340edd43670a1bf3
-
Filesize
1KB
MD5e871e17a4393e41333433d041c8190de
SHA1e0377a69c6e7fe08aee05fa05c9b66c36d0e82bd
SHA2561157bb7607c26e19d542aec76f6e69bce5aa31da4279d8fa56630489cd16ce60
SHA5128325aab5fb64b7ee0d4926a77ea55aacf8e505f7a5266eb22c23a409fa9656f11fb8d7a653e482f3d0749f5a1c82d8c63b73cf820b36c4c4ee46adfda69d2367
-
Filesize
1KB
MD5288c7bf16b8874110158b9eb690d2d38
SHA1207fe6e2d0e7946e7947d9f8a39667c93235efda
SHA256a6f9d88f24f997057e365c915adea7cd0ea2692eb2d018265e43824a47a794c2
SHA512b74bebd870c465dc41bab3730599eb775433051a15a07e5df7ee9f9aeadf030aff7dcd0fd1693cebecf10dd82e46bda4cd953bf4a9635ce53af87db2d7c2bcd1
-
Filesize
1KB
MD581d57a72a2431244761f6084e7229e37
SHA1cc6226c4b48810533459522e53a07a0aa01d3564
SHA2561a648e693c7188ba34096238e33e146ad228df8eeee09b256ee11647acb2bfc8
SHA5123f7eb6a76a5e0be7c5e25977fe55a4099f0c757fe4af8f98fede126eb3c23321cc80db137beabbe974f8d33b9f538962f26dfc08fa29f0e0d33381cc31790a40
-
Filesize
1KB
MD59bbd6e8b5a68bf5408f2e0e698e70ac6
SHA1f6b463f27a091d71e890fae9da3d2976a4869d99
SHA2566aae87305bc355feda97440d120ff73377e32678220cbb618af1b71617a33bcd
SHA5121b9abac8be5f07fa381dc0e6f6020e75498f929c198ffcfe1fe1a14ff42883b351a67a1502c065ee06ad9cd84b6d76c3adab3f60cf0754d87f2da66fdc200ec8
-
Filesize
1KB
MD57f1fe809f66d74b9c746742175c1aef7
SHA10579a89bb8839f128715c507789597abb9d0c80a
SHA256b77fa0b637ca1b72de016d39a4778262ee9bcae754d9247002e659a82f1e8b61
SHA5129442c4c8d14832ef6d22d6431c01d342ec63b2a1b483f83d9a2734fbbd408df35ab951cefc31e363988ce497acbd7184011a4b52398020c713eab21e5ad646ab
-
Filesize
1KB
MD56c134f55be00a8920f9da35d7f324033
SHA1b56580464af3683ada679b52eb79ca487f56c1d9
SHA256ede56b702793fcc1fb07ba43d5f44a1823fd3c3595148bc1f4aac100f803746e
SHA51218b2f942f75751ca81de4f74b0a6af6526c421d79ba1ae444559997f5802c743d429485c8caf1b726256067cd821fdf1510d8bd0c72053d0349b1eee5ef79ab6
-
Filesize
874B
MD55874d13e2bc19ff4aac5614a697185e6
SHA1f30af4864ff48b95c8a07c6bfce11d93b3e57c28
SHA2560b1bdabbeb7ecdb1b5e81c04963fd60aaa38a0c791f0733bb2cee8f8db523222
SHA51255b854aeafb10e5fa192c839efeb3bce7335eaf3af33d68dcd3ec4b0c25934a168335179da7bdfee1e7d692c21f0b88a09776441f54a4aa1b4f12a370e68d007
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16KB
MD59e02552124890dc7e040ce55841d75a4
SHA1f4179e9e3c00378fa4ad61c94527602c70aa0ad9
SHA2567b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77
SHA5123e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd
-
Filesize
12KB
MD5ae9df069677f291bec1df41065cfb02f
SHA152dd2ddec57661117685fd2597495255ca85d8db
SHA2566bf9b229e3a7e00593bd5e20c1c5fa768748019af5ea1e00b280c511cdc9da99
SHA5128dab5cccbbe30c361f814c6a076a9206e2c0ebd6fb6df457bfb065d54b5fcc47c44e1aedd413946c2505a8bf18d8c94cdb81d6f67a36fc2ec359bc4253b246fd
-
Filesize
12KB
MD5c4243a4c811dc19d02c9d54b63a12793
SHA1fd2f280b8b780726a14e84e82a8e985a8245fac3
SHA256415eb104d18c300887e63a3ede9280334c6a97c78802fa71760f4e8f1c6521f4
SHA512a5711a6a0cd1ecd9c8d2e959f1aa9af71749f06317a006b6ba0b2e373474e3999529321633cb0ac419f8a9a50b80d6c207e8acc2c40821d1e0d9dc076257bfb1
-
Filesize
11KB
MD55ce4eea2d9d735964aa07aeab1d48871
SHA170b6479e52b0608d1c3a7165c2e9a850ea5f6827
SHA2564305446f062f8ff04d3e62a68257caa9beeebea84d45ec59b027d3a3b8a204b8
SHA5124ef27c35247c07a5618179261349e9a9ba50cefe3e13500168cd01332eb3c0fd713155a556d466b766e40819b3182bb8d502aba1c7edd69f1576fc1ebafe5c9d
-
Filesize
12KB
MD5f2eb87bd6740fc80bcd3c4042ea765a0
SHA1d8f06aa7a37af518a182e04d44c9dd887ca066ee
SHA256d792233cbe6ba16929b3feb6f4e019d273ab765c6c7f4ea844ef01b21f170819
SHA512468f203a7224be7755f515d61e7ff03db0f7493c006859c88405b154286346d79fec165cd507474cc2a088126b23fb1d9a3ffe88aaa53e7954da2156ff355921
-
Filesize
12KB
MD5e26357cb30b9e18c1c80c4ab5fc6450e
SHA1ce7a755cbf21e89544e5984e36bf7d723f634dbd
SHA25694efc2fd9c4ec2efcfe3cc699c77ce0be053a487e27b1bab93f47c9b3fc86808
SHA5120bfbc7e70862afdb1cfac6e7227186c318f1f4ae06f9e2b6c723e5fc5089bc74a1eb9a764f9d25f09a0f59d1eb81cd72e92c8dc112fc85b03fbdc07ee08910f4
-
Filesize
12KB
MD574e03c0859ed3f36721cd32db231a12f
SHA193dcb7457f1d72a295adb81c78f0f5a4c95ca5e5
SHA2568bd7b040a3a0ad98cc5f336dc8c5e11a968d1eeda398cd1d2568a11a33628f6f
SHA5121ff5f38e0b647f48da5d5ad54a589c3569fb3e885922da2b3268ec938ea1b52735eb4bb47b56fcad063f2f2c181983a4f9eb6bb91e00214c91b6f24b15419332
-
Filesize
12KB
MD59c45c7289c0b259a954984781100580c
SHA1054d9a58d05cfbc014531af483f1a78523a3a847
SHA2562f93690217ec91ec12ee34bd3ca02d70b75a98e0bc61e7664326acba1e039055
SHA512bcecb3d9f6db60faca3e40675c8483a183e02520e7eff44df35d98c0b9f68506d28a8715b851346b46a1886404cfa69e3b4175b951900ab8407164ef4fef8987
-
Filesize
264KB
MD55624394f64a99fb355a46e175d66cdc0
SHA1af1e6f1661138905522213b4e4c1e058a58f2c5d
SHA256271abcae08a5ad5882dfe0bbc3c01d1a1d45e166b7e50a5bc24b933a9b49d340
SHA5122584328548b952ab765162f331ddb41754cc836d457f9ab9ab504490b7ef6432621f6d60eb114fe81b43ab31ac18b88e2dd8e1a8dcf7b70035b9f79338537d83
-
Filesize
48KB
MD55eca128caad04c545082973e5a103db5
SHA1afd60623c1787b6120a0a29492e3d96f8783daf4
SHA256759d53de5b8a71e26724f192c6264c3a1babd999cc5779ff6bf4ca29f6aea537
SHA5124f43df630647ef263eb69456da9eacec82f4a7ed5425fbda79f9341044e70dc176414ae78749763604706c342446c4603f35ee2c38a28677db9f6e58c1f6eaac
-
Filesize
797B
MD5afa18cf4aa2660392111763fb93a8c3d
SHA1c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA5124161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b
-
Filesize
236KB
MD5cf1416074cd7791ab80a18f9e7e219d9
SHA1276d2ec82c518d887a8a3608e51c56fa28716ded
SHA25678e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA5120bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5
-
Filesize
590B
MD5f297ae29d8d2ac9a4b33fc0e9828efb6
SHA15201a4c6a4595e4c640c0d78e7f24738003cbf5b
SHA256668e584a7cda2edef477ae8cf23086ab509b1b8e23e7f644be5d4f59ad08da58
SHA512a374c22e917a71fcf4e80b962841e1e1a3e53060f904036af62a6bc3ef106d05060dca1577736eb961289ac072f49a4e3ba29463779a57e6cc7782c00c8fb5a1
-
Filesize
1KB
MD549b5334c5c6cfd776c210ec6dea64576
SHA1c4f4453eac70326c7f7a8542f46e84519b7ac2a5
SHA2569d83740c9b7b64616ca58d4a7082409161037f36c38ae665bc736132aef66a23
SHA512e69b403b34b0aa6d74c058773d3d3146ee15269919be18d994f3a52f55c7d67ede0c85991ac55760b765f9b8814beee969f48a2681d01bc35e5b0aaf46fcef3b
-
Filesize
136B
MD55f635018b2bdcd2b7db5ec978b21d8a1
SHA1ee9ddfc2e4816c4d18218ada923a53dbf6d676b5
SHA256624c7a396199c95f145343aecc87528f0631e2748cbf6ef4447f2492f7f8eb76
SHA512755f165066b2fa38f57e3af3b07b8c3dc8eac740ee0d7d6298c33d2b03498472aa98f6c908407b548ce5749c37d3ef448654951db66ba1144d652e3b0c31a3c8
-
Filesize
136B
MD50fde03ed9c58ba7e0be5e851d3a18f4e
SHA1fe3a2253a66cd2d70b89b06c40663a7420760214
SHA2569c2ebd8bd9990ee21a08cf52b8fa6b1b749524defe0a3c8022d568d7145ce670
SHA51265f9eb41cc2ce0302c49219472e764204585d45ff562d23c5ed6e6084bdefb9cdb5070272c0f7eba3c8015e0b52b82720139efff7ffa04fe6a5cea444ef05dfc
-
Filesize
136B
MD566e7dbcb4a090d3b3f939531eac92084
SHA160f19ae8ead5233b5f379b881db5c7e7ae8c7a25
SHA2563dca94044fcf5b9ca68abe02b26c3e6d5f494e76f32434ffb735d1c60d56a791
SHA5122e596c0cda85a41a4ad92adff7a4467766e276dfbb2433abcca88600bf33921d7c77d8f2a4d445df33715acef10481af0c7cfc581c742010433deaa9faa0a43e
-
Filesize
318B
MD5a261428b490a45438c0d55781a9c6e75
SHA1e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e
SHA2564288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44
SHA512304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40
-
Filesize
224KB
MD55c7fb0927db37372da25f270708103a2
SHA1120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206
-
Filesize
373KB
MD530cdab5cf1d607ee7b34f44ab38e9190
SHA1d4823f90d14eba0801653e8c970f47d54f655d36
SHA2561517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
SHA512b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3
-
Filesize
2KB
MD5a56d479405b23976f162f3a4a74e48aa
SHA1f4f433b3f56315e1d469148bdfd835469526262f
SHA25617d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
-
Filesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
Filesize
32KB
MD5eb9324121994e5e41f1738b5af8944b1
SHA1aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA2562f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA5127f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2
-
Filesize
338KB
MD504fb36199787f2e3e2135611a38321eb
SHA165559245709fe98052eb284577f1fd61c01ad20d
SHA256d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
SHA512533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444
-
Filesize
201B
MD502b937ceef5da308c5689fcdb3fb12e9
SHA1fa5490ea513c1b0ee01038c18cb641a51f459507
SHA2565d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1
SHA512843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653
-
Filesize
628B
MD530e2f44f8f4dc838206597f5365e5513
SHA112d059059364e0341f865f65fbce4c08f3f471cc
SHA256dfbe4de07a45ba0c0da46692f0ce661eaa456055b117b0a62eed85de61d23b0b
SHA512cf50fabf6ed78dedced5bffde85366343cd2d1d077e51156b9d6ab6f4021dff60659647ed5fa7d0ec77b6ae335bd5f9b58c55675a484d3a2b247223985bc213a
-
Filesize
309B
MD5b637abae7ea72736c91068b749581fe3
SHA1a452a76fe451911e91277cbe1dbe229bb1c5d719
SHA256e02e78e2be6e0c60697d2d1d5c576e8839b6e42aa100bdf12f521f14b6fe50cf
SHA512058af96b0aaebe52dc8b1dc725705fe3047d946217020db59b63d00974634b85f4a18937051fad9a9409a434a746c193320dd33c0d582c8ae77e6818369c55c0
-
Filesize
42KB
MD5980b08bac152aff3f9b0136b616affa5
SHA12a9c9601ea038f790cc29379c79407356a3d25a3
SHA256402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496
-
Filesize
6KB
MD57e162b43d8a3061ec5757cd58f804ada
SHA1f3f94e008ee68836c4b09c9c4c521424598cc845
SHA256437207f18ab2647553b36036c625c2c2b939fc195eee2822ecce9d2018fb7086
SHA5120644b4c6c1ab3d923066616b967db9dbffb2e710bb03358a8d56be0a9f8a231a98bb2da4ae89fb11681798c402911da1a1464d32cd08189a4fcc8aafa45173df
-
Filesize
4KB
-
Filesize
396KB
-
Filesize
396KB
-
Filesize
4KB
-
Filesize
396KB
-
Filesize
396KB
-
Filesize
4KB
-
Filesize
396KB
-
Filesize
72KB
