Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
15/07/2024, 05:50
240715-gj2jfstfng 1015/07/2024, 05:49
240715-gjjnms1clk 1015/07/2024, 05:46
240715-ggp3mstenf 1015/07/2024, 05:45
240715-gfpeqatekc 1015/07/2024, 05:34
240715-f9qzzatblb 10Analysis
-
max time kernel
68s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 05:50
Static task
static1
Behavioral task
behavioral1
Sample
486f3b0c2d9fc55d6069c0f76c7d741e_JaffaCakes118.dll
Resource
win10v2004-20240709-en
General
-
Target
486f3b0c2d9fc55d6069c0f76c7d741e_JaffaCakes118.dll
-
Size
5.0MB
-
MD5
486f3b0c2d9fc55d6069c0f76c7d741e
-
SHA1
dc32bd56935cb12c458cd2cb0aa0456c43c4e521
-
SHA256
74609a495eeaae9953d8c5cb66bd8ac3c8b955e005506252eabf4d3e4dbc422f
-
SHA512
2829527cf90924fec17e9145b665a6fb9c7f24699c45fbc122f49ec6f59cc8abb7f09deddfcee461a70ee5464ccee9c334acea953f2dacb006f77d92755c71b7
-
SSDEEP
98304:6DqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp21:6DqPe1Cxcxk3ZAEUadzR8yc41
Malware Config
Signatures
-
Modifies firewall policy service 3 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List mssecsvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile mssecsvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications mssecsvc.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\mssecsvc.exe = "C:\\WINDOWS\\mssecsvc.exe:*:enabled:@shell32.dll,-1" mssecsvc.exe -
Wannacry
WannaCry is a ransomware cryptoworm.
-
Contacts a large (1023) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\DRIVERS\ETC\HOSTS mssecsvc.exe -
Executes dropped EXE 2 IoCs
pid Process 3568 mssecsvc.exe 3416 mssecsvc.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\WINDOWS\mssecsvc.exe rundll32.exe File created C:\WINDOWS\tasksche.exe mssecsvc.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3340 3568 WerFault.exe 86 -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" mssecsvc.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" mssecsvc.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 628 vlc.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3568 mssecsvc.exe 3568 mssecsvc.exe 3416 mssecsvc.exe 3416 mssecsvc.exe 4864 msedge.exe 4864 msedge.exe 2456 msedge.exe 2456 msedge.exe 5032 identity_helper.exe 5032 identity_helper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 628 vlc.exe -
Suspicious behavior: MapViewOfSection 64 IoCs
pid Process 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe 3568 mssecsvc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3568 mssecsvc.exe Token: SeDebugPrivilege 3416 mssecsvc.exe -
Suspicious use of FindShellTrayWindow 29 IoCs
pid Process 628 vlc.exe 628 vlc.exe 628 vlc.exe 628 vlc.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 628 vlc.exe 628 vlc.exe 628 vlc.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2336 OpenWith.exe 628 vlc.exe 2572 AcroRd32.exe 2572 AcroRd32.exe 2572 AcroRd32.exe 2572 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3848 wrote to memory of 3688 3848 rundll32.exe 83 PID 3848 wrote to memory of 3688 3848 rundll32.exe 83 PID 3848 wrote to memory of 3688 3848 rundll32.exe 83 PID 3688 wrote to memory of 3568 3688 rundll32.exe 86 PID 3688 wrote to memory of 3568 3688 rundll32.exe 86 PID 3688 wrote to memory of 3568 3688 rundll32.exe 86 PID 3568 wrote to memory of 596 3568 mssecsvc.exe 5 PID 3568 wrote to memory of 596 3568 mssecsvc.exe 5 PID 3568 wrote to memory of 596 3568 mssecsvc.exe 5 PID 3568 wrote to memory of 596 3568 mssecsvc.exe 5 PID 3568 wrote to memory of 596 3568 mssecsvc.exe 5 PID 3568 wrote to memory of 596 3568 mssecsvc.exe 5 PID 3568 wrote to memory of 680 3568 mssecsvc.exe 7 PID 3568 wrote to memory of 680 3568 mssecsvc.exe 7 PID 3568 wrote to memory of 680 3568 mssecsvc.exe 7 PID 3568 wrote to memory of 680 3568 mssecsvc.exe 7 PID 3568 wrote to memory of 680 3568 mssecsvc.exe 7 PID 3568 wrote to memory of 680 3568 mssecsvc.exe 7 PID 3568 wrote to memory of 788 3568 mssecsvc.exe 8 PID 3568 wrote to memory of 788 3568 mssecsvc.exe 8 PID 3568 wrote to memory of 788 3568 mssecsvc.exe 8 PID 3568 wrote to memory of 788 3568 mssecsvc.exe 8 PID 3568 wrote to memory of 788 3568 mssecsvc.exe 8 PID 3568 wrote to memory of 788 3568 mssecsvc.exe 8 PID 3568 wrote to memory of 800 3568 mssecsvc.exe 9 PID 3568 wrote to memory of 800 3568 mssecsvc.exe 9 PID 3568 wrote to memory of 800 3568 mssecsvc.exe 9 PID 3568 wrote to memory of 800 3568 mssecsvc.exe 9 PID 3568 wrote to memory of 800 3568 mssecsvc.exe 9 PID 3568 wrote to memory of 800 3568 mssecsvc.exe 9 PID 3568 wrote to memory of 804 3568 mssecsvc.exe 10 PID 3568 wrote to memory of 804 3568 mssecsvc.exe 10 PID 3568 wrote to memory of 804 3568 mssecsvc.exe 10 PID 3568 wrote to memory of 804 3568 mssecsvc.exe 10 PID 3568 wrote to memory of 804 3568 mssecsvc.exe 10 PID 3568 wrote to memory of 804 3568 mssecsvc.exe 10 PID 3568 wrote to memory of 904 3568 mssecsvc.exe 11 PID 3568 wrote to memory of 904 3568 mssecsvc.exe 11 PID 3568 wrote to memory of 904 3568 mssecsvc.exe 11 PID 3568 wrote to memory of 904 3568 mssecsvc.exe 11 PID 3568 wrote to memory of 904 3568 mssecsvc.exe 11 PID 3568 wrote to memory of 904 3568 mssecsvc.exe 11 PID 3568 wrote to memory of 960 3568 mssecsvc.exe 12 PID 3568 wrote to memory of 960 3568 mssecsvc.exe 12 PID 3568 wrote to memory of 960 3568 mssecsvc.exe 12 PID 3568 wrote to memory of 960 3568 mssecsvc.exe 12 PID 3568 wrote to memory of 960 3568 mssecsvc.exe 12 PID 3568 wrote to memory of 960 3568 mssecsvc.exe 12 PID 3568 wrote to memory of 316 3568 mssecsvc.exe 13 PID 3568 wrote to memory of 316 3568 mssecsvc.exe 13 PID 3568 wrote to memory of 316 3568 mssecsvc.exe 13 PID 3568 wrote to memory of 316 3568 mssecsvc.exe 13 PID 3568 wrote to memory of 316 3568 mssecsvc.exe 13 PID 3568 wrote to memory of 316 3568 mssecsvc.exe 13 PID 3568 wrote to memory of 744 3568 mssecsvc.exe 14 PID 3568 wrote to memory of 744 3568 mssecsvc.exe 14 PID 3568 wrote to memory of 744 3568 mssecsvc.exe 14 PID 3568 wrote to memory of 744 3568 mssecsvc.exe 14 PID 3568 wrote to memory of 744 3568 mssecsvc.exe 14 PID 3568 wrote to memory of 744 3568 mssecsvc.exe 14 PID 3568 wrote to memory of 64 3568 mssecsvc.exe 15 PID 3568 wrote to memory of 64 3568 mssecsvc.exe 15 PID 3568 wrote to memory of 64 3568 mssecsvc.exe 15 PID 3568 wrote to memory of 64 3568 mssecsvc.exe 15
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:596
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"2⤵PID:800
-
-
C:\Windows\system32\dwm.exe"dwm.exe"2⤵PID:316
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:680
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p1⤵PID:788
-
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding2⤵PID:2856
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵PID:3760
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca2⤵PID:3852
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:3916
-
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca2⤵PID:4004
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:3700
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:416
-
-
C:\Windows\system32\SppExtComObj.exeC:\Windows\system32\SppExtComObj.exe -Embedding2⤵PID:1628
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵PID:552
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca2⤵PID:1688
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:468
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca2⤵PID:4564
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:1440
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:1472
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2336
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding2⤵PID:784
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding2⤵PID:976
-
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:804
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS -p1⤵PID:904
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM1⤵PID:960
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc1⤵PID:744
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts1⤵PID:64
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p1⤵PID:924
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService1⤵PID:1076
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc1⤵PID:1084
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog1⤵PID:1192
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule1⤵PID:1224
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}2⤵PID:3176
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc1⤵PID:1284
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s nsi1⤵PID:1304
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc1⤵PID:1340
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager1⤵PID:1452
-
C:\Windows\system32\sihost.exesihost.exe2⤵PID:3092
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp1⤵PID:1476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem1⤵PID:1520
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s Themes1⤵PID:1528
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s SENS1⤵PID:1660
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder1⤵PID:1716
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc1⤵PID:1728
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s netprofm1⤵PID:1812
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵PID:1820
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache1⤵PID:1920
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵PID:1928
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection1⤵PID:1984
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵PID:2012
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵PID:2072
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p1⤵PID:2152
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation1⤵PID:2216
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵PID:2232
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT1⤵PID:2320
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent1⤵PID:2324
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc1⤵PID:2444
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc1⤵PID:2500
-
C:\Windows\sysmon.exeC:\Windows\sysmon.exe1⤵PID:2564
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer1⤵PID:2580
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks1⤵PID:2596
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService1⤵PID:2604
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:3132
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker1⤵PID:3264
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc1⤵PID:3364
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3456
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\486f3b0c2d9fc55d6069c0f76c7d741e_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3848 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\486f3b0c2d9fc55d6069c0f76c7d741e_JaffaCakes118.dll,#13⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3688 -
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe4⤵
- Modifies firewall policy service
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3568 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 14285⤵
- Program crash
PID:3340
-
-
-
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OutUnpublish.avi"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:628
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Documents\CompleteSearch.pdf"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2572 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵PID:3432
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E893C8D85D0DDBFEEEAE1A00D6922004 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:3896
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=20C43498A31A57C9D6FCEBE90962CD80 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=20C43498A31A57C9D6FCEBE90962CD80 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:14⤵PID:3168
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B00456DE19BE2F612DDEBE60E3E6BD6F --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4864
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8C13163084A8E72E719C37A114C62E3F --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:1836
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C3DFA0A04D9FEE594599CF7B2BFF8128 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:1780
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Documents\UnlockExit.html2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa24b546f8,0x7ffa24b54708,0x7ffa24b547183⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:23⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:83⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 /prefetch:83⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:13⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:13⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:13⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17133105889413403105,17723880630818544232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:13⤵PID:3052
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵PID:3572
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵PID:4896
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc1⤵PID:700
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵PID:1372
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵PID:3040
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵PID:1884
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵PID:1240
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc1⤵PID:1624
-
C:\WINDOWS\mssecsvc.exeC:\WINDOWS\mssecsvc.exe -m security1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3416
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3568 -ip 35681⤵PID:1032
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
Filesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
Filesize
6KB
MD521e4ea00003c7a3d35d20cdcb908853c
SHA170a047990ba52f425eb698776a3b6893479f9f06
SHA2562efb590500d53b0106418a60a8d84575dfaecb2ca4b32787b97ab31996af1f5a
SHA5128d076cff1d83c94b69a4a9a542f95d739a49e6c590e2aea5383d913e4c61955f9c9ecc726eb7a4124ab03cd6f5b190632cdcd93a5af7f6e9ed952d2faa857805
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3.6MB
MD5dd648e0a045c271c486a19510b095863
SHA188d9a6ae3eb991e6403c223d7e6d4b3ff5910344
SHA256ca3c934f011071c5cfb5474639df50d392d65271548bb08b038c37dea31aa4de
SHA512d41b6cb799e199be8f5119d44a3599e0b0b7837306a1cd2842490027947e72198f8751924cba8509d3478406f1d3b8d6d18a8233b02ccb49fddfa3152c89abbc
-
Filesize
1KB
MD581fd4856b1f35b38685c1d544572740d
SHA1338d9de17d92628eafd62864c4b9a7f0b1eff894
SHA256faacb044f140f576036554b1900454fdef1c9e4de10905e27e4deca28bedcab3
SHA5122e78a49474d92e50620464aef302493b4ab30b47dd8bc99ab42e9fe1fa1ab0df89ef3fb9bfe6b19745795deb235e625392532ddb4daffa983d8f67fd659b226e