Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
273s -
max time network
274s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
26/05/2024, 22:18
Errors
General
-
Target
crypted.exe
-
Size
519KB
-
MD5
1b1c7e6e96667a6a758b22d444de57a7
-
SHA1
3eafd122d0814ee5aeb35a9bce975805a8cf6744
-
SHA256
e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90
-
SHA512
2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7
-
SSDEEP
12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1
Malware Config
Extracted
lumma
https://employhabragaomlsp.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Windows directory 10 IoCs
-
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 24 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Modifies Internet Explorer settings 1 TTPs 53 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 64 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 30 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 53 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\crypted.exe"C:\Users\Admin\AppData\Local\Temp\crypted.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.0.2035257570\777390551" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf678022-eb6b-440a-931e-20431ff58cf2} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 1780 1c8e4d09e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.1.491467468\174627685" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b1d6e14-9586-40e4-9752-c51282e1c63d} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 2136 1c8e39fc258 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.2.1906896514\458316480" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2932 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2954d1d6-e168-41c0-bfc5-10e4e4b1dc0e} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 2948 1c8e7bc2e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.3.397247575\44802383" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dc99edc-e0c2-4fdc-b9a0-8f44f3a65f70} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 1012 1c8e6472e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.4.1526105092\1127565667" -childID 3 -isForBrowser -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2370f4e4-a2eb-4176-8d39-a97ce574c728} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 4392 1c8e9ccdb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.5.408839138\373176036" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f87a13-0879-4c33-9cc8-4ccd82714a19} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 4928 1c8ea1ed158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.6.2147125960\786683484" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13acd9e4-c25d-4c1c-991f-9279b733185e} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 5072 1c8ea1ed758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3408.7.1867170617\179074765" -childID 6 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0da60cea-bebb-49a9-bda1-f72d3c2428dd} 3408 "\\.\pipe\gecko-crash-server-pipe.3408" 5256 1c8ea1ef558 tab3⤵
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding1⤵
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding2⤵
-
-
C:\Windows\SysWOW64\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon2⤵
-
C:\Windows\System32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\FormatConvertFrom.xsl1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A20A5FB037E8F20D071DD39D1FB88FC --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B72690DEC9D3297A1A41C6AA673F55DE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B72690DEC9D3297A1A41C6AA673F55DE --renderer-client-id=2 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:13⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C2E095C2001485E0DF7C4F94E6840825 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C2E095C2001485E0DF7C4F94E6840825 --renderer-client-id=4 --mojo-platform-channel-handle=2220 --allow-no-sandbox-job /prefetch:13⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B18D866484CD5F1CA66BEA33AE332043 --mojo-platform-channel-handle=2356 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=13FE1CAECC7682F94C3F91E0C2049CA9 --mojo-platform-channel-handle=1900 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=378382B0F6278A853BFF06E66673C98B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=378382B0F6278A853BFF06E66673C98B --renderer-client-id=7 --mojo-platform-channel-handle=2096 --allow-no-sandbox-job /prefetch:13⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8A1E88CF1FE9AEA13604076F02A3CC2 --mojo-platform-channel-handle=2800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
-
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\6816f5a5f097495b9cafb284c4dc85cf /t 1616 /p 10441⤵
-
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -nohome1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4376 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\AddUninstall.xltm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\TestResize.ps1"1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
-
C:\Windows\system32\shutdown.exe"C:\Windows\system32\shutdown.exe" -r2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.0.1588320918\1433622996" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {769a90e4-d226-4ec7-9086-1fd145658dc3} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 1768 1d50b6d4f58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.1.203206567\1587101324" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {708e32b5-1db3-4beb-bc8d-a8855f754b88} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 2148 1d50ae41758 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.2.1747300744\827735707" -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dba2ae6-00c5-48c2-8e62-694b1cef16a3} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 3184 1d50fdebb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.3.1463073370\2136425463" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40df0cc2-9761-4f48-a504-dbafe2eb38e6} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 2808 1d50e3fa358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.4.2088003206\687852109" -childID 3 -isForBrowser -prefsHandle 4472 -prefMapHandle 4468 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2af72730-fb9d-4eb0-a8bd-d112c0d277a8} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 4484 1d51204b158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.5.1650933854\1511052927" -childID 4 -isForBrowser -prefsHandle 4664 -prefMapHandle 4844 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8499e5-94e6-42ac-9895-ae8e856a327b} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 4656 1d510d99a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.6.1577063360\2094212645" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9497341-c9fd-44b4-acb7-2e1522e21f19} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 4952 1d510d98b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4212.7.1930171033\1337044978" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41fbf373-d241-43d5-9618-5dce027d2fab} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" 5168 1d510d9a058 tab3⤵
-
-
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3a43855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5b370a8fbfda6390c1e23dfbbfad7ac6c
SHA141a42106d4f3e28556f48f5d733590f8079b6f32
SHA2561f61ee5395758d944d09f02b2d2fce1e00a54e96b7eca2a38daae9461f721055
SHA5121fed76997931b26b1b829c138fe74b6e2cd3915d6726d2bca91f45e8ce32f8182c84c3c583d9f3243b60b54b27bf3064045a99882b96302b3f4353075f2973ed
-
Filesize
4KB
MD57a2406cdb2d7b5ea4e2321223e521703
SHA16b1a72834ecaaac173e90d76fcd41dde833458d2
SHA256130cd50147e92c5a502d638eded396efbcb010080418a10b1826d9941d370fdf
SHA512c7c529137435c5f85f46a57d76b44f893d8dc41f935212a5f1fc1c56f1399954ffed1ae5740a81bc760f41bd1de04462bf1541431002c13f9d3f9333334f32a3
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
384KB
MD5d6519ef748c0c750f6c0dda76b8078bd
SHA1dbb05586f742d1877db55f2a8aa640cd369c23fc
SHA2560a7f771e6194fd964df5638c3d97a007df99defd00a5dba8d9e78f475874aa65
SHA5125286e5dfd9732789f7392b874da234983184301a75d0c47c81b012d2d8dd763be61752070a082a2988f099ef95056159827d34cd82a013dbed7e8011b1fde73b
-
Filesize
21B
MD5f1b59332b953b3c99b3c95a44249c0d2
SHA11b16a2ca32bf8481e18ff8b7365229b598908991
SHA256138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA5123c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4
-
Filesize
14B
MD56ca4960355e4951c72aa5f6364e459d5
SHA12fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA25688301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA5128544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d
-
Filesize
161KB
MD5a8ae81e47473941e4d11ff00a7973c36
SHA14610ada638520f0c0805e31a67a88711a63a7c5d
SHA25669ef97bc21a8e01ea2fd55ce29802c46ef196543433e0617d7f4c2886cdca100
SHA5121f42f0f9e2d89f1c81adbb5ebf80579c175c73974885fa18def9592cb1903a18f3516a47e30d2f886bb6753fd836317d99ac17df4570a04ac793a847e5858873
-
Filesize
2KB
MD560a7a3ce0963dfe1af17363b54cf3fbf
SHA1cc78a0f5d08106085e26b1582504343ad6a22dba
SHA2566be8d2825ed9a29b027d7b3f4e1bdf19f1ef47663aec685b1e86490b537ab71d
SHA512c66da03b6dd761adbcbc2bf6a4933e2e9722c66e4d30470b50c871a1c2298986b62d34bd50ea75610402312b7ab3e0f4ba99655ce92e6e041cb0eb06efc728fe
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
171KB
MD530ec43ce86e297c1ee42df6209f5b18f
SHA1fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA2568ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA51219e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae
-
Filesize
2KB
MD5b8da5aac926bbaec818b15f56bb5d7f6
SHA12b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA2565be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436
-
Filesize
9KB
MD5cb6e7e48ad4638e6047a4cfdf09907ce
SHA151f8571dacc354e14dda854f8eea322c82736815
SHA2565166d397efe632a6410d8d15daaa07c0294cbdd2980599b4a24a3ae037894d04
SHA5126a248574b09547d44a32c92c3106c7c91a3f79d04398d8b9e96d8f635f452257a0047db8c92d3b2a75cf0e601bcd83758c393485b27fb010be3b02a165fd31d2
-
Filesize
11KB
MD5b3db37a7460c54850c2cfdaac6f692f0
SHA18a2de449d319254b4c2650b8df0929a457bbebb5
SHA256dabe9b87a368888e027b4529f7bd30218eb23f33a43a466ed72652aa04d333dd
SHA5123a9bb53e88c1cda6b464cde0ddd862e3c9f032632ad514d27bb18e86a6c756033a503c9f027197d6c548f2ff0236dcb37e2ca014ed1ad394e7a3bfeead1cb4d2
-
Filesize
464KB
MD5b1c0b3951a7abee30fb0ab72941beba3
SHA13d996cedee1d6eb87d144f8e220d41740978247e
SHA25641edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f
SHA512dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f
-
Filesize
2KB
MD5098f635d6d8d9b6eb167a2a3a832fc99
SHA112163efae3f650ab3d75b70c98887b5118dfbf62
SHA256b501582c8cb4a5f568df38be335c9b3d46f975562bd2785511861a2fd6445d48
SHA5125dbbc21a7a5f4fa14c67975e564dcfe19d5bad1475e0979a688576b8285ee2b7785747e7d19284bb33dae3ff1fe2fa46c71fba6bf0d4c66680f24aa0e89f98fc
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
1KB
MD58e39f067cc4f41898ef342843171d58a
SHA1ab19e81ce8ccb35b81bf2600d85c659e78e5c880
SHA256872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd
SHA51247cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890
-
Filesize
16KB
MD5bec535d57b7e37249e3873b8074ad927
SHA12dad13968948b0c91ddc16d63bf92bf4909eb307
SHA256b23a16b6797f0516b0e6adaf1eef9527231e6af5aa3c96533cc048aee3d5479c
SHA512d9c74e9be6f20d62a18d098ce16ec577eeacd920269a630ab70c3dcf2e7c8196ddd404dceabe2847eec32169d96c22cfc2cbb900a4066488286c05c3ee2df362
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
Filesize
546B
MD5df03e65b8e082f24dab09c57bc9c6241
SHA16b0dacbf38744c9a381830e6a5dc4c71bd7cedbf
SHA256155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba
SHA512ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99
-
Filesize
1KB
MD537ca4e13485519c88b0f65088036ca47
SHA1526f9df23c3265bf9864556e077060764d1eae0c
SHA25626810035a24eb40cf394260ae76a2818272beb2c2db9fa7bd0fb16939e6ce43b
SHA5121d8041b8da3aa4169c9835a646727eb721c618915bb9ae7585061ad79f3af0bf8cd94d43658ec09c8e79663aec5f19fd79f6aa11bbf3618eb9a874a561210217
-
Filesize
163B
MD5d372339c516f740f8006cad5c65a9098
SHA15c8cf1fc87b0821b70cbdbdb5405bb2424446b5e
SHA256c77fe25fd80aba77d6ab20a76716233886698da81b2b096fa3c8b75f8a2dd379
SHA512635a68f5658a96fa2c5721e71f61bd6f833f7b021f75497401ed40332a2173bec8bfef98429b714013e185c57a7de5c1c64dd70d79304eb2f979b4c753720c73
-
Filesize
324B
MD56a2c92e6e05bd12632771a9294139984
SHA15ba650c5cc0120a67b3e28e53a9e23335c1eb3e8
SHA256ad1eb827fcb255592c0e46245ebb290f3fc405e765dbb297aada2491f2273db6
SHA512f5717f9278f44e040491c411122feb9d15cc3d67dccbd01915c63fcef985c3d7ce269e6aea7fa4dd013210270891409ffdd103ec0c4b5085759a669fc9c54450
-
Filesize
4KB
MD546673667a948117e327fee01d958ea79
SHA1ed949588b0ba9253f7365ceb9f6e6849c0ba6c18
SHA256b8608b0c06ab1baf4fe66aa9a30484eee2da31a6081536d0ec97e8710d54f287
SHA512cd11173cae72fe36c592bdb26f1f3fe774a51ede4ca24713105528aafc2d0c81450b75353f4be70f83888f08dc6fe59285b42804c16c8dc606c689df87fae7a5
-
Filesize
2KB
MD5957110e4d24bbcab3db0b0ed4c557f0f
SHA1542951bb98023bc6b8dfd391549ad8e5eea6bd26
SHA256c7f466c92c6ab7cb82cfb32588bc60840c426c049c3a14e5d68665fe49169106
SHA5128664627a3710444ebd7ee89fb282c0e76e2f2a566768dfd43bd9f617020e85c3308dc6f51fd779d03960ef150e34a1dcd1cbae91aebb7ff2eecf8b0485258b4c
-
Filesize
10KB
MD59a697a70d5942f0ad085f232b139b102
SHA12814467c72ca9b893b7677da1f5c29a65ce6e198
SHA25681bb10a997528aa1894bf03e70295cbfe10d7a2bf62b7bae5710a66d4fcc6792
SHA512078874ee848250779808845f32c5a24040622ec0c1b011e9f8c6127f02e8bc2209b67568f9e150bf5380f74f5cc7f624743e7da967ea08d7e37ea0ba0c170acd
-
Filesize
657B
MD5406ac4184976e679c2c0abef65215f14
SHA121b59f470054d697420e50dc0d687abc8081d820
SHA256e636dd8077d80fc63c338d9bc714adb3710caf67271e51201adc3d1e00ab9bc4
SHA5128bb09abdc0f6e7e36bdc41902d9cebf2c453a0586004e2d5c5da258c38e5ae3eea8b78961b2c1f0d155d3361ff5bfcbc589a42665ed8b22c9301f5e6666f34d1
-
Filesize
746B
MD50fd3131c04b4f090dfcbefb17a374339
SHA17b4f491f34aaadd6b77d883c00f3e6aee4721a2f
SHA256f89ac066a737a33ceea3a022a20f62d3e57361aea7be771420f0b1c72d0b5baf
SHA512e96754d4bc3c3a0591cbe9f7f26a3dacb0758de465291c7a97a7e158383f9a9c3b39a29417090507ee2afc1aaaa4773b717d62391e67f31201685613f42a6fa6
-
Filesize
6KB
MD50981fcede0bb660301bc4cd137cf2a9b
SHA1c5796dabaecf4f8f27398b25636c4ee541c58418
SHA256b9cc888583c78fa2aeb11f0d66133ae64f06cd493643fca930c0146930ebfcc0
SHA512b837f18a7af591381f75a410cbb1e1f4cd0c7214ee6a7333b4a17b9eba234aa8920b14c843f345aee7b51cb3e3f6ed28bea5475f98ea9a4a03e9e7919950b778
-
Filesize
6KB
MD5a39307fcf5b1367d63ca5ec21c1ebbe1
SHA1dc47ded26985dcb1e2e85aefe174fccbc2f8aa11
SHA256eb2b2a9ea244685b6cd2cc7a90752f4b60d004ff6c9f71e1bac349831731e8cf
SHA5123c923700dbf51db6b408eec88d087765b6f92de3f34db4fe7430d22b970028a05fdf956087cd405422a6a56bc155cffd63ea938ada20fdb229b0e9a231ca872a
-
Filesize
6KB
MD52a4781a35ab7dff2868235ff7ad4c82f
SHA13ab7fbb463fc07aebf70cdde03484547695ecb92
SHA256a7fe445c427df5958eaf64297e583591399dd3436c3d79c0c1fe9b3d06b0fe9a
SHA5125c0222b7ee91f378a03265cffa58b1900b5b53f65737be7cbbdf02ab480cebd819dacc861348617abee0e749b7c9e8bb19421b178ecd86afdf997da33535c96c
-
Filesize
64KB
MD5deeced8825e857ead7ba3784966be7be
SHA1e72a09807d97d0aeb8baedd537f2489306e25490
SHA256b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA51201d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e
-
Filesize
288B
MD5362985746d24dbb2b166089f30cd1bb7
SHA16520fc33381879a120165ede6a0f8aadf9013d3b
SHA256b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA5120e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61
-
Filesize
53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
259B
MD5c8dc58eff0c029d381a67f5dca34a913
SHA13576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA2564c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4
-
Filesize
122B
MD599601438ae1349b653fcd00278943f90
SHA18958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA25672d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55
-
Filesize
1KB
MD58ee2b167522f116e65ffb915bc5ad206
SHA154d59836202cf1f928eb315b966b32660629046c
SHA256f318fef418984139e7d362065d3521dc66ae2b2c5a3aa8d0e68927beddd115dc
SHA512a2e342293d2b9ccdf7312aef306d0b050c18affcd83005aa6417d2197d2d2e0117470adc17480163490d0a0e04c3516f70969ad955646804747512324e6cccc5
-
Filesize
883B
MD52f3bf814852e30f11b75e4664cad2b6d
SHA1c3a5dc9173810b7e0ff0594aae7d67d22e2d66cc
SHA25617af2a6206615e3cff98942ad9205d87bbec33805611d8feecf41dbc61c41070
SHA51235384ba6090212275afcc5e0eb20da9e6f81cc3d20b8c8c7820c2f2d94fc414aeb00e38770a4ab1b610aae36dfa44a91311112f7b1df6020acca7bd0014d0749
-
Filesize
855B
MD55ead7f9645866ea22e9f409c227dd005
SHA1d7888772202d310963884e5e7a47e4d164564a6d
SHA256e4a171b0a267518ac03a0eb2caa88249984a982724f99e182f8fcea99d2eb2e7
SHA512438966b90ed48d8bf8029890cc047877bd218ef002ad1ad5f1eecbef95fe4f9879131f839955e82053b6b431c200c1ddce3ccc81f68b29da0b35e1b3df77a008
-
Filesize
48KB
MD5dd389b83d6d32ab25b246944121a3f99
SHA1761c83d4108a8c4df5b64a9d877b9963f74ecd0b
SHA25615d8e02d6213c9488443bab798498807b8358ba07656ea6e3c7d9b5cb009561e
SHA512d36be2a9582a03513bd65a6ebbfa50f4ea5bc5582d77c72303dc87a09cade79bb3666bad22ebc98b669b796426677529a5d9380365741ca36ad7af7b6489b2cf
-
Filesize
184KB
MD57f868e557b098795d645df9ea302427f
SHA1001f3306144559b4049a8ab139b4139f51e59c0e
SHA256b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5
SHA51256fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a
-
Filesize
120B
MD505e1ddb4298be4c948c3ae839859c3e9
SHA1ea9195602eeed8d06644026809e07b3ad29335e5
SHA2561c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA5123177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
472KB
-
Filesize
240KB
-
Filesize
136KB
-
Filesize
8KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB