Resubmissions
05-07-2024 16:51
240705-vcxhtavame 1005-07-2024 16:49
240705-vb7mdsvala 605-07-2024 11:12
240705-naxmgazcpg 10Analysis
-
max time kernel
217s -
max time network
218s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05-07-2024 11:12
Errors
General
-
Target
https://github.com/Endermanch/MalwareDatabase
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 7 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 4 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 47 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3948,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3920,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=1316 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4920,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5544,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6048,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5040,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5912,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6544,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6556,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=5900,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7008,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7fff76a60148,0x7fff76a60154,0x7fff76a601602⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2296,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1896,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2460,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4304,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4304,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4740,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=4828,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5140,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5564,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5608,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5712,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5552,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6472,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6476,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5624,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=6112,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=6324,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3656,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x238,0x23c,0x240,0x234,0x258,0x7fff76a60148,0x7fff76a60154,0x7fff76a601603⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1880,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:33⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2432,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4332,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4332,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4752,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5112,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1620,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=560,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5548,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5572,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5632,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5656,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5624,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"1⤵
- Drops startup file
- Sets desktop wallpaper using registry
-
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 252871720178172.bat2⤵
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs3⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- Views/modifies file attributes
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vttubpigefotq647" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vttubpigefotq647" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f3⤵
- Adds Run key to start application
- Modifies registry key
-
C:\Users\Admin\Desktop\@[email protected]"C:\Users\Admin\Desktop\@[email protected]"1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3925055 /state1:0x41c64e6d1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54050b28341710d81199706f62a3f2ada
SHA1c3e80830dc572062a36ac3cfee1ea27668068da0
SHA256e5d3703e7e3ba7bf8045aa0e8ebd90282d009a2caac1e2e8c0188939f35a8ac5
SHA512a4d5a2156dc8740a0ed64d119058d2b658d655c112d6193fee23f6e2d0051dc60848de036503a7f7de824f85f2e42764a41fd26960d66311724f6f068f1a6df9
-
Filesize
16KB
MD5cfab81b800edabacbf6cb61aa78d5258
SHA12730d4da1be7238d701dc84eb708a064b8d1cf27
SHA256452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f
SHA512ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6
-
Filesize
280B
MD575eedee0412946b856814bb73cc58c9c
SHA147129a93768db919b8eb42e5e6b53f623da02311
SHA25637ba82ed6c8e447e89e14c9fcc5c4f9e047b2f6b23f0867063ae95b2c5ea7f3d
SHA5122c768d76878467f12096eae85cac061c7c736f85fbc869d2f46bef035ef1872179a187eed93a807653116dd007ab4ff534732642588b7c9848583ad82efa44f2
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD55197052bdc0e3d8ddb2dfff3ad4b140d
SHA111fdcd6eae11430f2af56878e62cc678a709c9a2
SHA25619cb9f55831d28b7ca55d96785caaea8bf674ba63523c57d56b0e98516b00930
SHA512daf2a2697d02f53671e28b86427721917b8b2f5d6b731089ce0ea55fca2e678e007f22f0c9b1e65eaeb429077ba0c7a83ae0b235592b37bd0f34ffe393462654
-
Filesize
264KB
MD5767c6fc2637939e3b6b8234310b2b21a
SHA144595c3e8099986e7dbd9fe2a3918166561155f5
SHA256fe7e5c4719fedf8cb2a66d8cb7ce25a9bdd616b43b628d89297633efb9d30fe4
SHA512d3d7227a27b34b20d7bf2725a556387b1695aa4ba8b3b00f935de701fe110f04d6448d56d0617d8d6bf53761cf65572612fb1896811ec2cb3af9fae1493cb7d4
-
Filesize
1.0MB
MD5ddc703609b170372c810a7155925f94f
SHA15ead5e606a78dae6179c93fafe3b92321e8c1c09
SHA25624f500cbc7a07893160313ecf105057c792cd0561297f781228ca99564450849
SHA512e26ad5b418e5c861302f846c0c3ff490d2ad583b22296a0517870a44b49ca2a5b8d440277366595998150f8ed09e3ccd6a5864c58997a532fde05dfc51ef5c26
-
Filesize
4.0MB
MD5b99cde9240bf4f55ef5f5849a2682957
SHA111464ec4c0d0f3bc8a02a6b06dd635deb60f5034
SHA2569c6a3a9f512835bab2500d2dcce4a4f940996d93a5cf6b666dea39d6f592ca0f
SHA51231269be230e0e35ff8b01525d415f41f454e87c27b666f2e6c80fe2d5c5a2e428270f983f7171c37b8b999b73889a12607794aa22db64867e1dd1dc8c684f894
-
Filesize
46KB
MD529065d1103867a21002252c6879ba310
SHA10f49d51281bc10ab79a68e2d939f9c2dc09f4bea
SHA256e9627725e613d6324634ead6b112937eed6c5429da940cef20d98748adf570f6
SHA51227e9fe36796e80a97c91e33fd8b04bb38b96e452bb9d68e1197d382c6414c83a6868ee6fcf1804409da67d08777ff1de94bb990b74e0bb6c7c756cf6fcfd7b82
-
Filesize
33KB
MD5c3befc7a937bcd0da82ddf90093d8094
SHA17ae5c02ed8dec73154ccb342d5baa8e96d746e99
SHA2567a9ce009e5165daee0a71e882a9ed9b1af0f6b08ca6790981cd74ac7905c0856
SHA5127bccdc6fbdf4cd65ce0b710d5b1f263bb5921d4c4ce1c6ba8c3d3c91913f2d76294e884af19391d85b0a61d52d91f90122c9ef404a6e80622e2662ac4a2a3cb8
-
Filesize
3KB
MD565b604514626be8e388b8fcc064c36a1
SHA13aee93fea5ee71dca002c89a0b5ec6c56281777c
SHA25676f7282db86332566cd230e3d223cb22b15ed32b1b46fdedb7084877f565e4be
SHA5124042557c7cb219425ef39a4d9e220243e217c01431658ede226e788504f8d759c83967dd4763fdc73139811f2f75b1efc91fda9f172ade850ae63f00da4f9268
-
Filesize
264KB
MD50c94fa254de01ba540f6236632f7f676
SHA15106e5f996f945888fa1ce933eefa7f5619ff11d
SHA2561da24fa8efdf1d72aa560d43281e0fada548e11c583508675ae20ce2b9a0526b
SHA512b8cbcb073280973780f20ac796795e6cbed1a468f0895755cd374d3ed1dff96c26f2f213c55b561887c8cfd3061502d0b9c49778113850921b26cee6420e9c32
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
142B
MD517a3b5d17d63462bfb0abecead1d16fd
SHA18a24f1631588a2c8ef414d64c3afc24cd899b977
SHA256605bb8304f914f0cface8889ec2803d44393f3f4d3567a5e6381279b0d9fa087
SHA5123148795298f2197a90ed184c4ab231bd77e52f5204b5dedf4d5e34faa5fe4df6ebf92c298a30f20a7ca71a03426c5342133231477ccefb9571e9043daba3a908
-
Filesize
507B
MD5763dde077bfc9b08f21307ef4ef05c42
SHA1a41e52edaa3c3741106aad4644c2639e020d5600
SHA256be2fd27f6d4e839198c518b676a60cddc2c480354ac5c51ef6c6b19c73a5d412
SHA5129beaa836726cc6a8a0617496fa3cf730aa7f41ab13ed484a0fda11a3b2628a6285fd85c8c0e478f2e92648aaaeef0045ddf90f56ae771ac680483b23c52a7728
-
Filesize
182B
MD54c454dc816063e7c565d2ca0ec37fd54
SHA1bd5b87344b299da254917c9541a4b072b8afdbfd
SHA256969429947a548a291101cd170d8100aa69b75e82c935a77ad705bb14c7ec9f90
SHA512ad89ae2cdcd98f39f893a956235d9ee9202ed48d99f93da0c58dbdcbf73cd611cbca334d66c14a86dd4456676c69a356335dc587d792c7eaf8b9a19e8855c71b
-
Filesize
32KB
MD558d59ca6392e7c050c196e8017adac02
SHA1b11341bafc5f13af3536d3bfbea4e32022e583a8
SHA256560bf28b9d15f428701949fae14ceabe6eadec4647754ad46e1f46df20612cc3
SHA5128503bb8102c3ae1106d92bae0aee95002f13461bea200637283746435786d6658627dbc542be2f44a0f7db37bd692559485c999620aac13fa477890a138c811b
-
Filesize
316B
MD524983e0591c254a3a77c9bdf5b966471
SHA1b8e9bcad72b4dc31d245a86c999f6059e61fd892
SHA256462517c91c4858c67a0005e4d64cc99f1082804d2706eb06c8b4a1e4c6778c32
SHA512f0a62f1ed5ccc3a38c5713c8799976f4f5e35fbd6d1a8b43c28a72287d4c24caac442491aadf6818d01890ae47aa3e1ea1726f17cdbf8c43d0880a0da63e0506
-
Filesize
192KB
MD5fda4fb887511a3e663f2a3947b0bcd6f
SHA1767e0b6becbab17b09c6b2c428923ddfded07e6d
SHA2566f84847a4bcab32f78ce2dbae1961ab4c890782993b6e930b6f7a27f04302660
SHA5120ba68348298b85922b44e8b9011be445127b6092374246a685f3fb92f02399f254e29ac59737de790d96093d04a776026f05fe56f70cfa50837892d7fb7119fb
-
Filesize
331B
MD53a90703ada217fa8c048c1ab8542dc82
SHA1ea8f73eee5fa0ed6e2d43c1c03aacaca86c031c5
SHA256184c6e96d4451c7d84127aa146a9e0b1c3c81127e83620579fbba19449c758cd
SHA51294f24e3a1aea6f791b42fe567487631ede31be9e66578b6803308faf59266a82f8f159472dff3a19bf39480c4e3a1200854c8bf9564b02dfcb8603e5a88adaae
-
Filesize
20KB
MD5646bda10074079ef16131fced060d8f1
SHA15d988e1bcb9d05c2ec69088375c49a79c3d7e758
SHA256488a8a6cb927d2ce6362022e1a4ec0590298db5bf2c4bfe6414b8c2d4c104a93
SHA5123a9fc12ad775cb4bf6073e12a590a0d09b1f84f69609e30b88dcbbf21d954ade08f9fd6f1713fed6b08d4954e35def48bd608f0545a3d4103e5b0deed37651b9
-
Filesize
2KB
MD5c988d152593a0c7945af35f46c277887
SHA1ffeb268edecd02a604d50e93af6c04206b4f492f
SHA256167243bd70687857df0e608aae6bd22ca074c6761fcc6eddf27224f9c95d28ed
SHA5126977dd91485435c8d6517c40b33b345bc93a9bd63d87c5b9c2734d3d7be18f906ce549542d34e8939ea938c00bb15842f3f3ebc48ef5c7476578a3ad235ca708
-
Filesize
2KB
MD590a26c8e0167e3552c973da52a5eef3f
SHA15a264611e1d8ed2266d99582f77575e77eb05774
SHA256ff6fb5354416d4e75564425347fcb1e397f5e617a0a7f0eae9e2ba8aa335dc6f
SHA51223c5dbecaa766d10b367db017209bad232d7fe9e2778fce29154899c1eadb26ea3ddbe41b166bd90ec2bf2d2de70e541a3a48e3d957336fd3ddeb21c60b67103
-
Filesize
36KB
MD52c5e8c311187490cdc1e24f31f35d1fa
SHA171e6de6f33f965c59d001cca01e778286a77ee15
SHA2569b70e027ff644e15b9c36fa615981e9b56e3f5bb032a65c3bfdaf0468875a1f6
SHA5121fd9e2020a4fe0fb0b20f8648b8a75ca15922bcb6267999cc4e59ac68ff648121fb7c2f41766609a8eb0b6b25bfd66305f057a0317c2274f1d0d3f7c9d2848b9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
1KB
MD5fcb359434556beb2d3bdcde17ff39801
SHA1098c7efa32e61feaf4aaf07774495fa7d5298d26
SHA2563120f3708ffa4933c5972aca8c442295a1221164d50c5e1998e7a41a294be8ed
SHA512231d1719ff259efdcff086becf324828bdf486b1667734338847f810a5f18512699c6b267113a374434bff1d6e67786ac2686dc24f1f0afb4f578ca57d0bd83c
-
Filesize
1KB
MD5a0281835698b8c30edd55a417de122b0
SHA1952b60b2857aaa2feaacc0ee7d64b90494d4d124
SHA2564174a385348dbe9ca73a40ea917b220f2c5bbbf524bdd4defa7bff9d1e51692e
SHA512d3f8f0ef5bc354eeb5760e22bd693c55fac4857bc3339b944e14874dced7262eed8e6b5b189156e79bb52ef0fe201400fc5b1b5af5a34099d2012acf00134c7f
-
Filesize
1KB
MD5a3f7dd3dbea8d2433c48367396c38a14
SHA18f9aac525d0d3403cf027f557ee149892995b382
SHA2569ce49246a25beb656a01ac5452a1ae800753eb3d45518e2083f01e025a11c886
SHA512d799fce51dd59f0a8f77207796484c5e62e4b59ff5a378da3385b6dace925a45bde08363dd71e015aed956b2807f0103675e806c9019cf944c46772c6ef18450
-
Filesize
20KB
MD5bcf5d7089ad1e61d759a27a5e7edd055
SHA12881198f7c50c1167169ab13acc46e366f29117f
SHA256399e944d4f8254fba7ff853117b6e9da2831a7de411ce45c546c10782069699a
SHA512b9a499e775390b201abe303ade1fa990a6cfb4f23190246b459aa87aa317c969f669e177fd8525f086bcbbcb0291c22409266652155b62c9c9d38db67ee8c02e
-
Filesize
12KB
MD59ed2da9cca174612ebaf00c71e96347f
SHA1f16d99324147705ebe99c825ebd7868f89514456
SHA256bb9d7a3e07aed6b538cae252509a1c6456fdd82dda729cdd30bda149d4eda080
SHA51297da700f736c1c7423d0cffc96ec5a2b63c8d6dbdd3ad6c91c1f7c9984b87d536729a8cbeda5064bf03514529e2923c3d1e8c1f34ba32ec5ac54dc8859c63abe
-
Filesize
12KB
MD5da2b045421a1a61efdc863121b52cccd
SHA17c93a940e8c100874cfcfda54172e1f367ee01cc
SHA2566788c4c37964d1b2ce3cd50d74edf9f0e188212cc9d03d636fde54e782a75bbf
SHA51235427d0d2306d9910e06a37763ed0d8f0ff8ee3d1928f97ca2fc9fb68d9fe86389cd09938e889bcc7e244dc691981296acce93aa6790bc61d55ca690217b6969
-
Filesize
12KB
MD5fa6d4cbb4cb77075019acb264b2135f3
SHA1fef901ba514a6faae1d58dfc3232381fa8fcaa50
SHA256a2be24c9cc42946baeec358b200d35108119e66fea403c6c410375a0042d1a5c
SHA5123f8fea2395d35131a7b8e5eb78f00743030612a5fa2816920ec3b9ec67e25c9bf4d5602475b1e863eb7ad3c8ce29eae84871ecfa0f40dd52ff4ee7b40f494ae1
-
Filesize
12KB
MD5eaa3b58ea0536e23a369d5c0d3e55122
SHA10176f9765eccaf169b787559849a05d0906a208b
SHA256b7e6b3c44ed6867a953c0bcc9c709793b08c250a370e1594b2ba875c95208d02
SHA51239a2c090ce93324aa7e01e7f30775d6fc9e22febb07913f0ab380a1b61cc9f29c9ac2c48774ff543060d8d85085716aa1fa50b246808abb15fa48ae5052f1b99
-
Filesize
12KB
MD5fc5032d82697f4fd2573e7edfb369ac0
SHA165c8493166caa71b384a51d3fd9821764e83496a
SHA25676be5f5460d6b0a790c59d54c3bc2c54d045aef23253f7a213ed72c29b702bdd
SHA512898680d26cacdd51be6b59ba641b1d8faa3061a08c4baa2de682bb0b553cba0e81c3c94fac6afdfb89b447f7347f795be8f72f4d8512b636625a41b4eb804d98
-
Filesize
12KB
MD58409a850908ed58ae96361a53582d54c
SHA1d01944d09b84fd407f2f6f0e58a5f62519c4951d
SHA2568f243d83a3dd7ec1744af9fac2ed19ef80aff85c596b5de924a12dbbaa468da1
SHA512951ba205266d44fc096c15e7c3edbd9edb2ef38ab0e4734fe0e6121673e1abd7e08fb53fd7cf83d7399812d6f7b2e2d1c13ce2ab74183f4109d79bb5a513b2db
-
Filesize
331B
MD59bbbca5685c0c568c192b4f94fec7abe
SHA1bd89519bb21e865cfa83d38d6165ea8abe9bf2c3
SHA256ca146c211d1a372ccf67c6096d70960328a498acc47230bbbc4fb317018a9369
SHA5129555b995db37ff6663589ff7b8f931c66c625bfadae42f23a20d4434e0f1a57369ad8c472674f54c07a4ff99d6b2d56610033473c56feaf3f5e89f28381728a1
-
Filesize
347B
MD502afd0b94678a95133f7a09b2f69534b
SHA14a1f0b25651d5b8516e9d9c8d34f88fdfa0c14b2
SHA2564e576787ada87ee425c7c314481080f62eccd50862908181a0bc6bb2be762c72
SHA5120481e65e36047acd76dbb476fa8c30075c69bd41a8d85d4dfebf2ee8c4b8a3ed3a89f16b65989a133af22d0e09083bb29cfd0b3acac85a9fed4746f3f4377918
-
Filesize
320B
MD5b995edfca912e9c6731719efe5f60253
SHA1ab36643a65a016224fdd9af2ac39843cc8af6240
SHA2562e67899f713a9d2498cb38e53f4d7172793be560596316c18231beda50ab3b75
SHA51268ea74bb3a5f7d9c6cace307c33b3d1e8bb979ad6005103aa34303b5a8b2866ac8042ef059cca88d1371b1b35d62fd025c45cde8ef6ddef6fd40971529e2c20b
-
Filesize
28KB
MD52ab963a9d95973b9b2a2726616127e17
SHA18da5503720ffe3f1a928ed13ced1deafc4940388
SHA256be64bb3000369aae846965ee2ee80b8a6bd1067137434daab66ac5caebf86413
SHA5120f8b03998abce721d8baf0a3a6e02e1fad2dc0b6b5647f32d0d3a8e2ae64fd69279638eed892574fe7d0eccf9fe094772fce494b9203871c3b300e1793a2d7cc
-
Filesize
232KB
MD50a2e34e0093c31d6a09a4bc7f92fb6c4
SHA1212c8d3a8f50a9f4e3daafc9667c7a20dd0b9aab
SHA256ab78d897569373a2959de1b876e6e037bf2a8d2010e52402c62010123afe38b0
SHA512f2a2fb5e32f7ceeb6525d7e926c63bd7637deb0a40cede4f27e9931b68d0a73d7dd35ae5029b5ea7e1811656d52dc9e759b7b42ce29223acb904aa44fb72a619
-
Filesize
14KB
MD50022e7c22fb5ab43648bb06c71f3b200
SHA1d5dfb0240b230cc0d3d48572ea4840ca18d2f0bd
SHA256dba5b139091e12072bc11850db99153838055e207af65239f75da2f07768ec19
SHA512d34f8b820246dd54ef1aad14099e6414b373607f126f5ba0299b514df964fbde0aabb9c41764c5f71f016e927fd6b6638aec3148bb37fc3b0a954f979bfa3323
-
Filesize
11KB
MD5270849270327e981a44aa886afcf542e
SHA141e10b616d2f2d9f1ce40ab5b65fc0a676601322
SHA256ec83efdb268f396853abc79d7d0c8b2933bd610e7bdafd6fdef0d397ce715b57
SHA512b8bc9d322b46d79a665757e44b430ae2ddb85ca4e73217eb94ce737a61202cbe7b59177bc40bda5feb010756ba864c0cf47242579a757e7e6279959ed121ea51
-
Filesize
11KB
MD5e44e3b349871a63bcf9eed9aa687dd87
SHA11a5acd400c59f707bed1b59d7d6a4055376905c4
SHA256635c3463f756d80b26219721af4b00a6a8f4eb1a9046513125cf1f2270df60dd
SHA5123fc781c73d004638ab3702add2e1226e8872ba9587dcd686914895a195f3e9d7b5175cc1ddb16876658da9e55a7bfc84fe87f902e2c66ac17d1e3b5e19de6056
-
Filesize
319B
MD5a96ab0cf0131aeb963bb9adf2245d1d6
SHA161d0f8f538407dbb94c34d273ecb4e572fc624ae
SHA256ddc11bbe87005eaa2db418a8130c25482a3da4ee0eb4af91cfbfdd371a62ef78
SHA512962a711cf495b3f495b304521a8432abbca69b0b1f57f1897ec0d3cd4f9cd582aeba224567da192d2d371805169a16841a16136f3da3893e94ae3476039b6c50
-
Filesize
1KB
MD59cd3d4c5ff4e2c6739484335070f25da
SHA1a1a3bd68795aac0a47a74f3e292621333caaabcd
SHA2564bb0e2643e1ced608f1edfab0c45cf23fb88a8f7a37df0d8f85e486f5ff67305
SHA5122ceeb9ce810665176939ab245569e5573b0d320e01619e3bb4bd8b7fb3dc9865e1949a13a2774c4fd12021ee61f12875f1456223217f80ee44dfa2b18a54a149
-
Filesize
337B
MD5da00cc91c3c178abab41ecfdf1309eb0
SHA1576211a83132ecdc2dce3173bb23be92a8e499c8
SHA2562fb6f37cdba68043a23ba9d83d99a053e3fa4608f22e8bb0d91a597a2cacb6de
SHA512f05c426ef44de4c1de5790e73c3b60a221f3ade3e06226677aa97a1c4bb88dd8a9b0bd26b7b3d059e33f05ff9e7f10601557948a1d3762ecbb00df29a80143c0
-
Filesize
120B
MD5a397e5983d4a1619e36143b4d804b870
SHA1aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA2569c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA5124159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816
-
Filesize
13B
MD582ce47822609bd05d42b4384c1d1cf41
SHA14e10f07650d559c85c5daf939b545c8c14991a79
SHA256d06634eb76ccbd67eb252ab3846e0ccf28ba98ea6c51a94ea05807278341fc14
SHA5122636dd91d83d155a4f14f880ed58f2f7ad421a83c22a825767cb25f2a40189442dc2a4e55aab5cf11a691764cc6afcc0451305a6226d2596bdc256e94a1efb91
-
Filesize
66KB
MD59f1bf67911b927f83c14d4fa76eeaa82
SHA18808937aa1f06640c328f2955563894671c1db4e
SHA2560f08bbff5185685269fc141927959939694306ca1c8784a61847f183fb887cc9
SHA5125608f4adf67cc35bd5220a1cd37964fe68ad6835d1690573f8d4911ca1833b34672d335e372dc237ad7d6102dacef3d16793eefa81e80eeda76f4e06cd09721e
-
Filesize
70KB
MD5b5a6308aae6d909b0afd133892d4baa9
SHA1bb0d35678c29e1aad03b14862d1158fa5cdf7f38
SHA25685575c90ec72552eede6b297221a8ca7c11d3bd60480fdeeedfb6c37420ed1c6
SHA512bf23afe587f6f5456c9e1b2f17d8619af8e119c47aacab44c56d91df5f70ad90f4c9ac5e1423610f5cd9582552900d2ca9534753b576f6e2c148ae0ad4dd3574
-
Filesize
71KB
MD512eb7860763e7d43705f3f57fdc9c715
SHA1a9a23a51b30f284012467f28d129885a6a00aa40
SHA25697598088476760d4b1d418f821c1469b7e6a6c0c5bbca5de814e5bff5305b0d0
SHA512a95024ac8017e16f74833b44195bdc7ae8729ef5e829f1c1dab76269db94c84d62e9aa06a5b9bef43954274b3d4a2799fcbbd3c08eeeb832bb1a9c4498a7719d
-
Filesize
20KB
MD5db901c9b19d5f0f93a7750193aa55c58
SHA19062b2a68b7a9a37da6ae6bf5b0dbca3e213eef9
SHA256299884b78fb5407a42f78719751fbac4e26b7665cc02971985140d1fe1a6b2ac
SHA512bfd0e422332e05a9edd0bc443acc16dc6f863eab8647a9107b9bb5cb0c060a3a04dad5efce9bf3b9586f78de4820286fca6b6994e0fc0531dcdd7fb3ae27d684
-
Filesize
264KB
MD50d3ccf6d7d455856606cbcd136903ae1
SHA1646860c6a3a6ad509988757d6d4e3e0721b100e5
SHA256205170104c472de225d58550bc58f648bcbcf2c26e646ff32eaa00b8a9404af2
SHA51215233cc3f11b92c09b8f69b7dc32710b5c4bd715d41689b4f5ecb7a8a4d85b18a875bf33daa0c0927014d34e19b844c470c39db33084ec3d0c63613833089db6
-
Filesize
9B
MD5b6f7a6b03164d4bf8e3531a5cf721d30
SHA1a2134120d4712c7c629cdceef9de6d6e48ca13fa
SHA2563d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39
SHA5124b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63
-
Filesize
1KB
MD5b75206bdb15e6b70d0eea1d4358aed01
SHA1e627ea8e46ed38393f61d9e5d7daf5795c3ae668
SHA256a10c6a8d65fc1d5dc1ea74fd7bc6559932b6fdd8f7fb7f6fd34d5f43c43a117b
SHA512cc0ffebe2373032bb2e94fddabfe03463534a7cccc97df6ba65a4935d2d9aefaa385ed7d9c3a530a2d5e6177cebcd89f425d4b29f42b16621d650086952270f0
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
Filesize
2KB
MD59aeebc21d89fcf316436b9f87d57a061
SHA18c3531aefb4632a527d30a9b8fe6725458d3d76c
SHA256f88de31b57740bf096749d60bd9c2cdae043585158afdd037a1f5e7fb0da833e
SHA5126332226e785ecbfa92f93db09127adf2109f633d5007e0902401926b09fc2aa4b5db49aea2756bdbf9656a40419f24f022a68789cd10894ada4140fbc3f02ebf
-
Filesize
933B
MD5f97d2e6f8d820dbd3b66f21137de4f09
SHA1596799b75b5d60aa9cd45646f68e9c0bd06df252
SHA2560e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a
SHA512efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0
-
Filesize
240KB
MD57bf2b57f2a205768755c07f238fb32cc
SHA145356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA51291a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
-
Filesize
3.0MB
MD5fe7eb54691ad6e6af77f8a9a0b6de26d
SHA153912d33bec3375153b7e4e68b78d66dab62671a
SHA256e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA5128ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f
-
Filesize
37KB
MD535c2f97eea8819b1caebd23fee732d8f
SHA1e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA2561adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
-
Filesize
1KB
MD5f2671c887cb6b76672eece8bf9b84102
SHA1a8e5bdbc868315ade174c1d26492e86beb628275
SHA25612522fa78a8c54eb8b65b4ae67453eebdab1ec2258b1e4151eec29382346518a
SHA5125fa83a6633067cb19b6ee95a0ceff6a3c87bdc22cab3f10cc221edb57295ca021d2e36cce6936f8dfd18b88110d6196696d062cbedd75019091444bb5c4d1edf
-
Filesize
1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
64KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
520KB
-
Filesize
476KB
-
Filesize
136KB
-
Filesize
112KB
-
Filesize
3.0MB
-
Filesize
136KB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
520KB
