Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-09-2024 16:01
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
meshagent32-group.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
meshagent32-group.exe
Resource
win10v2004-20240802-en
General
-
Target
file.exe
-
Size
1.8MB
-
MD5
749bd6bf56a6d0ad6a8a4e5712377555
-
SHA1
6e4ff640a527ed497505c402d1e7bdb26f3dd472
-
SHA256
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3
-
SHA512
250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d
-
SSDEEP
49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo
Malware Config
Extracted
meshagent
2
group
http://94.131.119.184:443/agent.ashx
-
mesh_id
0x1BB80B7BD3F37219BF6F79BEE0A08A00B90168972309CA4BFD812814A9F980439E71B51CC08CC59D904B5AED18647DD0
-
server_id
B13800B3094163CC81EA68335E6D9A9B98350B3D697F92D49A06C6ADC9519150B766816EBC90ED105D4749F3F47F60B6
-
wss
wss://94.131.119.184:443/agent.ashx
Signatures
-
Detects MeshAgent payload 1 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe family_meshagent -
Sets service image path in registry 2 TTPs 1 IoCs
Processes:
meshagent32-group.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Mesh Agent\ImagePath = "\"C:\\Program Files (x86)\\Mesh Agent\\MeshAgent.exe\" " meshagent32-group.exe -
Executes dropped EXE 12 IoCs
Processes:
meshagent32-group.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exepid process 2400 meshagent32-group.exe 1064 MeshAgent.exe 2244 MeshAgent.exe 1444 MeshAgent.exe 2080 MeshAgent.exe 2604 MeshAgent.exe 2832 MeshAgent.exe 2092 MeshAgent.exe 2564 MeshAgent.exe 608 MeshAgent.exe 3012 MeshAgent.exe 2956 MeshAgent.exe -
Loads dropped DLL 1 IoCs
Processes:
file.exepid process 2288 file.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 26 IoCs
Processes:
meshagent32-group.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exeMeshAgent.exedescription ioc process File created C:\Program Files (x86)\Mesh Agent\MeshAgent.exe meshagent32-group.exe File created C:\Program Files (x86)\Mesh Agent\MeshAgent.msh MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File created C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File created C:\Program Files (x86)\Mesh Agent\MeshAgent.db.tmp MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db.tmp MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.log MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe File opened for modification C:\Program Files (x86)\Mesh Agent\MeshAgent.db MeshAgent.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
wmic.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exewmic.exewmic.exewmic.exefile.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exewmic.exewmic.exeMeshAgent.exeMeshAgent.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exemeshagent32-group.exewmic.exewmic.exewmic.exewmic.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exeMeshAgent.exeMeshAgent.exewmic.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exewmic.exeMeshAgent.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language meshagent32-group.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wmic.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MeshAgent.exe -
Modifies data under HKEY_USERS 30 IoCs
Processes:
wmic.exeMeshAgent.exewmic.exewmic.exewmic.exewmic.exeMeshAgent.exeMeshAgent.exewmic.exewmic.exeMeshAgent.exeMeshAgent.exewmic.exewmic.exewmic.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exeMeshAgent.exewmic.exewmic.exewmic.exewmic.exewmic.exeMeshAgent.exewmic.exeMeshAgent.exeMeshAgent.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ wmic.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 MeshAgent.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
wmic.exewmic.exewmic.exedescription pid process Token: SeAssignPrimaryTokenPrivilege 2576 wmic.exe Token: SeIncreaseQuotaPrivilege 2576 wmic.exe Token: SeSecurityPrivilege 2576 wmic.exe Token: SeTakeOwnershipPrivilege 2576 wmic.exe Token: SeLoadDriverPrivilege 2576 wmic.exe Token: SeSystemtimePrivilege 2576 wmic.exe Token: SeBackupPrivilege 2576 wmic.exe Token: SeRestorePrivilege 2576 wmic.exe Token: SeShutdownPrivilege 2576 wmic.exe Token: SeSystemEnvironmentPrivilege 2576 wmic.exe Token: SeUndockPrivilege 2576 wmic.exe Token: SeManageVolumePrivilege 2576 wmic.exe Token: SeAssignPrimaryTokenPrivilege 2576 wmic.exe Token: SeIncreaseQuotaPrivilege 2576 wmic.exe Token: SeSecurityPrivilege 2576 wmic.exe Token: SeTakeOwnershipPrivilege 2576 wmic.exe Token: SeLoadDriverPrivilege 2576 wmic.exe Token: SeSystemtimePrivilege 2576 wmic.exe Token: SeBackupPrivilege 2576 wmic.exe Token: SeRestorePrivilege 2576 wmic.exe Token: SeShutdownPrivilege 2576 wmic.exe Token: SeSystemEnvironmentPrivilege 2576 wmic.exe Token: SeUndockPrivilege 2576 wmic.exe Token: SeManageVolumePrivilege 2576 wmic.exe Token: SeAssignPrimaryTokenPrivilege 2744 wmic.exe Token: SeIncreaseQuotaPrivilege 2744 wmic.exe Token: SeSecurityPrivilege 2744 wmic.exe Token: SeTakeOwnershipPrivilege 2744 wmic.exe Token: SeLoadDriverPrivilege 2744 wmic.exe Token: SeSystemtimePrivilege 2744 wmic.exe Token: SeBackupPrivilege 2744 wmic.exe Token: SeRestorePrivilege 2744 wmic.exe Token: SeShutdownPrivilege 2744 wmic.exe Token: SeSystemEnvironmentPrivilege 2744 wmic.exe Token: SeUndockPrivilege 2744 wmic.exe Token: SeManageVolumePrivilege 2744 wmic.exe Token: SeAssignPrimaryTokenPrivilege 2744 wmic.exe Token: SeIncreaseQuotaPrivilege 2744 wmic.exe Token: SeSecurityPrivilege 2744 wmic.exe Token: SeTakeOwnershipPrivilege 2744 wmic.exe Token: SeLoadDriverPrivilege 2744 wmic.exe Token: SeSystemtimePrivilege 2744 wmic.exe Token: SeBackupPrivilege 2744 wmic.exe Token: SeRestorePrivilege 2744 wmic.exe Token: SeShutdownPrivilege 2744 wmic.exe Token: SeSystemEnvironmentPrivilege 2744 wmic.exe Token: SeUndockPrivilege 2744 wmic.exe Token: SeManageVolumePrivilege 2744 wmic.exe Token: SeAssignPrimaryTokenPrivilege 3020 wmic.exe Token: SeIncreaseQuotaPrivilege 3020 wmic.exe Token: SeSecurityPrivilege 3020 wmic.exe Token: SeTakeOwnershipPrivilege 3020 wmic.exe Token: SeLoadDriverPrivilege 3020 wmic.exe Token: SeSystemtimePrivilege 3020 wmic.exe Token: SeBackupPrivilege 3020 wmic.exe Token: SeRestorePrivilege 3020 wmic.exe Token: SeShutdownPrivilege 3020 wmic.exe Token: SeSystemEnvironmentPrivilege 3020 wmic.exe Token: SeUndockPrivilege 3020 wmic.exe Token: SeManageVolumePrivilege 3020 wmic.exe Token: SeAssignPrimaryTokenPrivilege 3020 wmic.exe Token: SeIncreaseQuotaPrivilege 3020 wmic.exe Token: SeSecurityPrivilege 3020 wmic.exe Token: SeTakeOwnershipPrivilege 3020 wmic.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
file.exeMeshAgent.exeMeshAgent.exeMeshAgent.exedescription pid process target process PID 2288 wrote to memory of 2400 2288 file.exe meshagent32-group.exe PID 2288 wrote to memory of 2400 2288 file.exe meshagent32-group.exe PID 2288 wrote to memory of 2400 2288 file.exe meshagent32-group.exe PID 2288 wrote to memory of 2400 2288 file.exe meshagent32-group.exe PID 1064 wrote to memory of 2576 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2576 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2576 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2576 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2744 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2744 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2744 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2744 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 3020 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 3020 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 3020 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 3020 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2648 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2648 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2648 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2648 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2556 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2556 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2556 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2556 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2656 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2656 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2656 1064 MeshAgent.exe wmic.exe PID 1064 wrote to memory of 2656 1064 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1992 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1992 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1992 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1992 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1972 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1972 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1972 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1972 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1924 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1924 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1924 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 1924 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2704 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2704 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2704 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2704 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2932 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2932 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2932 2244 MeshAgent.exe wmic.exe PID 2244 wrote to memory of 2932 2244 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 608 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 608 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 608 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 608 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 1372 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 1372 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 1372 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 1372 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 2160 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 2160 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 2160 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 2160 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 344 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 344 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 344 1444 MeshAgent.exe wmic.exe PID 1444 wrote to memory of 344 1444 MeshAgent.exe wmic.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe"C:\Users\Admin\AppData\Roaming\MSIX\meshagent32-group.exe" -fullinstall2⤵
- Sets service image path in registry
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2400
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1064 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2576 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2744 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3020 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2648 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2556 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2656
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1992 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:1972 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:1924 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2704 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2932
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:608 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:1372 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2160 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:344 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:876
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2080 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1732 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2724 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2608 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2488 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2508
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2604 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2656 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2312 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2284 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2384 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:1908
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2832 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2820 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:1692 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2060 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:1148 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1040 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:1612
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2092 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:496 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2440 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2260 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2612 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2252 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2492
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2564 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1412 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2444 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:1748 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2704 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:1788
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:608 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2276 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:1976 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵PID:2152
-
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:876 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵PID:1988
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:3012 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2636 -
C:\Windows\SysWOW64\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- System Location Discovery: System Language Discovery
PID:2720 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2508 -
C:\Windows\SysWOW64\wbem\wmic.exewmic SystemEnclosure get ChassisTypes2⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2124 -
C:\Windows\SysWOW64\wbem\wmic.exewmic ComputerSystem get PCSystemType /FORMAT:"C:\Windows\system32\wbem\en-US\csv"2⤵
- System Location Discovery: System Language Discovery
PID:2860
-
C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"C:\Program Files (x86)\Mesh Agent\MeshAgent.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
271KB
MD5348c5f72992e31da054603543e219f3b
SHA1f6ad1c29868b68ded109493c550840db640ef3d9
SHA256305a0fe57d6695ce743ddf25bc893a69e2c066dafd18072cb111643bc3b13ca2
SHA5126d43b1267dd711e9a6a0a8f5d37548ca6e7516576662e8e28c5484b05890dfd421abbd80dec44cca02d91bab529118fc17db4278df763b641cd18c6f06be9884
-
Filesize
388KB
MD53f9a5667777ccec0a3167f0cd7f2d835
SHA19e8779f9f43cf012585f3b6a27a2174d540af5cd
SHA256526174bc641929f0d286a56b204bb07b45545e0250e6230fbdefd7801ee15e5b
SHA512d0203528baec6a1f0c34a80892ae270bcf6970f7e05e0c78eaeeab1aa4219994bcccda17ccfdd77a303b470834d805cc530071e640945e1a3bc48e0715058575
-
Filesize
153KB
MD54bed07e5f457379e6ab615116df7b91a
SHA1c353276095ee7cfb6285a3c3491a41909945fd7b
SHA2564e183e610bb0f400cb1ab8056137a22d5a2685ff8d3d897a12f97da429cf341d
SHA51256fbad4161e14de305da82798c4b11f1ea1ae4b0b589fb22af0bac677e19a9ece7e3a43db6c33a26559249b79f5174a250ae317323ae09f0bb2710a12c71398f
-
Filesize
1KB
MD5e5514bffaba763239b342a2b504ef383
SHA18ba60fad918bf7a0c6e4660faf098c7e65603b29
SHA256c0185ec7735c0056a19bd4d8caa2f51922e72767736f65e33017540afe851f6a
SHA512dfdcabf2ac4a763da03af53048e155d5b81cc26132fd4a0b31511133ddd04adff08270670f1a351fefd13b13b4419550d0e2195ea0695f37aa67f145c981865d
-
Filesize
1KB
MD55efb57d61a79fa1eebd08d201a6c5745
SHA16c1ae4f45dce03eaf5ca04902b97518fef30ae7f
SHA2567d0f715671bff0176f031c096843bf1cbe1888b90598b9cf714671e7a667d062
SHA512bf8451b5c9af92c3d711d5e546518e83dc2502b53d59420b3f22f19410ac9eb0f091ae1339af39c982b8ac09296a67449bc4567cb01c2609829623bc5617ebc2
-
Filesize
1KB
MD59a1b453580443bacdf4adc98ee4ac3b3
SHA17e40f97583557609df302954208d0fdd4b33ba7f
SHA2568641d799bb7e7240c927d1230472a00521d741e3eca1f98df6f0c4fb47a5daa2
SHA512ea82e6a32c3711510b9ce249f1b69d04e0a0a0d62eeeed015508c3686917c3995ad12325ab1af3ad45bfef27ee385b7a3e1ca5da238ccceda4497654af418e12
-
Filesize
1KB
MD5bef4964bfd22155f66409cd14fabb5ce
SHA12dff4e38f5d69d148a50524703b4036e8804408f
SHA2569c671c8d8481ba57203fe4becc687f46e410ec138a0d0189827e69b5b3f94ff8
SHA5120a8798127fadd3d3e0f34d276e60af874307a8ba143ce4bb8a9e2ef6e84814d11858ac7be4d40e68b3cf693045893b73b7bc7a5e9c806fb4a4d5cb9742af3e88
-
Filesize
1KB
MD54fc1ab0739c03e627bd78f302f17502d
SHA1295db7bf4d9939ae44d1f0ce5b2f47f9133c219a
SHA2569239410d07a0ee8ae333082f33011832c15ee6d8fe94a141cf7d4180a390f55d
SHA512efb82641d61620536acf29cac79761de90485605a7631d2aeca45e8bfab2a6432de9f8206e815096aa39f5c07a9be05fc6570a8625a71726d79e01be22eb7664
-
Filesize
1KB
MD5554193c12f8b71d7fbb4be2360863932
SHA1fd40a860b06a643d227318cd414c4d496f3e7ffa
SHA256d6a8c4a3c18a7072d1b5d02f9b4039f9b6c7f1dee8ca366e7cf314c1bf3cf6a3
SHA5122109606d0dcb8361d1874683d10d6039841de59a2bb3dea84aa6386d21866e10adbe2e2c78dfacfade7d29c8db9ed193a3149dba8a72eb6a435f6abfec351b6b
-
Filesize
1KB
MD5f0ffe7949d0bfc1218aa809e867a11d1
SHA16c8c454c7d352f83bb64771273682d76a7818818
SHA2565e5552b6e45e61ebdd874dec40f9e48eec4a0111d06d5c0a642a251f0e61d94f
SHA512454811607b0672b8190545a6c41cff0fda209781b5ffd31c1dccdbfabbea94427da69d3394b49ed1c3ae999eb9948af5e9ed99039c3fb97abc2d6d2ddc17f31c
-
Filesize
703B
MD5323bab9b012486dece4228de73a077b2
SHA145eab7b96b084434caa04a8d45d3712455e96e01
SHA256e16808c984e1b2a42b43cd462639930e67690de347d1f8d60641a5c03ad9f085
SHA512b6cb02f9879529ac953f0e6722b98455fc2101e7b149568e488ddc9a5ab4fd5d459b1c856c509d6221bca6ddedcd173f8234245e78915f4c533473027ed9b755
-
Filesize
870B
MD5aa1e11a623b3556bd8a90e9b511b9071
SHA139c8bf66cba6c4ae0d475c16e0fb2eec34decf20
SHA25661de4b3949801c08d892e5519ff17784e66dc6463cf120fb8981ab4c63ef34dc
SHA512827275aaed4d26e874b99d4a0f804daf3cb1b2d0af0526842d453aefbe3d87dbc4ecc2fc83e1e7576f119fb11325520d4360f3c03b070a0addac4443de5e521c
-
Filesize
31KB
MD590c4989cf99b9f357020a7e07a977eea
SHA17e0d44a99412713401a00502fe85c2877064daa4
SHA2564f1fdf000e1d59f66dc3c37d3de736145a2ee07bb486894b131406bc01272902
SHA512b627eff21c9506704208e343d7e80a26f64057fa8b00265b74eb0a8f33ab1f082fd43a54bf35b25f40b63aaf44c1f8ca7c0b319028565fdf558cf72f52de241d
-
Filesize
3.7MB
MD5e8bd5c14b8301039e7538298d26cf09b
SHA14702252fef2156b59ad61f1f397b205323b339c4
SHA256f32426d0fc71a3a054f0fe263133aabeb25c9d7d129238cfcfc0c1a40854c67e
SHA5127108e6379e9e2698dbac52549b5fc81d7b3c5bb02d4d3574b7be9e8ab9f6f473513e651c1ce0809d74273f02e837c36032666f739c05b71fa732899360b77cee