Resubmissions
30-09-2024 04:43
240930-fcd9xayenq 630-09-2024 04:39
240930-e92k2aydlj 1029-09-2024 07:53
240929-jq1a3sxhqg 629-09-2024 07:47
240929-jmxqsavenp 1028-09-2024 19:59
240928-yqq5qstfnq 10Analysis
-
max time kernel
299s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29-09-2024 07:47
General
-
Target
https://github.com/Endermanch/MalwareDatabase/tree/master/ransomwares
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 13 IoCs
-
Loads dropped DLL 39 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 38 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 32 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 7 IoCs
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 32 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/tree/master/ransomwares1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4996,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4188,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5416,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5584,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5588,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6048,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=6176,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6656,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=6732,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=6916,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7056,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6128,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6020,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=5868,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7456,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7420 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6336,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7288 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5660,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=6852,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6168,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:81⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\[email protected]"1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\[email protected]" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Modifies WinLogon for persistence
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 844654EFF626EBEFC52473240EBDA4B62⤵
- Loads dropped DLL
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 563779CB8CF5A52858D016B2E562340B E Global\MSI00002⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 7A0A91AAE210C92C55B8B2BF3266615F2⤵
- Loads dropped DLL
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 730876ABC455FE7B39BD559A602F6C79 E Global\MSI00002⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\[email protected]"1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\[email protected]" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\Temp1_Winlocker.VB6.Blacksod (1).zip\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7488,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=5876,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7264,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:81⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 227561727596261.bat2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b @[email protected] vs2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "rbeoqsjruepbaol925" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "rbeoqsjruepbaol925" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f3⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x23c,0x240,0x244,0x218,0x25c,0x7ffbed39d198,0x7ffbed39d1a4,0x7ffbed39d1b02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2956,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=2948 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1904,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2196,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4312,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4312,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4564,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=120,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2576,i,7147826361517124782,14907409292705388872,262144 --variations-seed-version --mojo-platform-channel-handle=1404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceWait.aiff"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD56495aa8f9a233b0a5a0bf45afc77f4b3
SHA1d2a4b9b4b589df149d4f267ad57119e59208d083
SHA25612ed64e53c90ddda811794c2912d753c094ff48216cf45c61e809bd5cfd3a539
SHA512d6222be69bd9de9204dae7e94cffcfdda4d177b166e6aaad9a37b027e3510f710b2793a68f604f306ae0feacf50f425bccc5556193dcae4992768fb237447ead
-
Filesize
101KB
MD5e6ebadb8611cfa8232088bfcc5c227ed
SHA1bdc9027cb4a806f8920f042256b0ff45ba98cb03
SHA256fe73809f2c6a6d4ea290e75ca5bc9722f01084177d81c4f0b36c4b9e4670af2b
SHA512e681b5913834aa71f8258a736fe3825516208553e13e387847531e023103cbf45b78b5ebcf2b5fce0390687213e960fa108a4077f6be1c155937f4bad2d57457
-
Filesize
1KB
MD5aca2b70863fdec97ee1ae4e58eca5c55
SHA1ae6f4e22c9b66b52584f0a15180f7323ee7fde15
SHA256b7b1f0df6673a0280fcc0acc5fae60930d0dfe8abd92d062775349204762d697
SHA512caf78dcd958abba2ac15735d1d4bd38f35a9ae04790f4be9f421bac08205f950031d34082a86417aa552a1e6273eba3f39bb2dd84b43fd2478c06594b5e4a591
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD5fdd5ea2a84a8b4038f10d66441816684
SHA1d4dbac88695fde0655aea8b3ee0ddbffcd8ce315
SHA256ed52c3d0cb79496502a1e0bfb81f7cf4f1bfb35fc58ed1e354631dc38c2aa172
SHA512c8708dba5b31c143923aea309012488de060c1efb1f4e9266e62e9f1a3b32c64f23235292d76b614a7975e8adf0db4c23df7a4810c252dc0927731a4f169f981
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
12KB
MD55959a29e8dcdb87af92b3a58fd1b36f3
SHA10e3ba65297f963975dfee1f062dabbae9a3c3110
SHA2560a0b57596a123edaa8afe73124ec6a3a83edeef761f60737ef62beec39864546
SHA51282c206536e1f04020edb942e91c206bae8e1ab64180e15a8b229bf50a5b17e017471fb49308c2e681c5b997f5d23cb5af9f74fdd05d01baffd090074a761c319
-
Filesize
30KB
MD57bf24cb14eb5bf7b2a8f17a4654cbdaf
SHA16d2e428fe670b8fd77d1f8ddc019d5390a20ab5b
SHA2568da65a120767a3c9c091277803a0a561d8d8f931175552ea96df39b75ddc9b83
SHA51244291e8d5b1721d6f3e9e02640306ca9af309b1d9b63883fd42614882583f654e053598b567f79e68d28fbb2c362fa066bbabece6c2a61624f3fa2cea8bae22c
-
Filesize
77KB
MD5a0f7cc9889cfbf845180cf842b09177e
SHA1d9bd2720cd139c264f3477fe8f2325300bd09e64
SHA256bab39f1b1570b6dc52476135e6a4e28b37022891f12307c190677ed605afcaa1
SHA512055de1cfaaa4ec44db262dfefbdd575b548b36a8f15e797597592cb19fa43bee6b33a4c36c9c292aa53073b407d9087b5ce3dcbb1c9c3f5919187e3c2f0fdf6c
-
Filesize
77KB
MD5d488b1b7cea449690cb8f16c0ab61ef7
SHA1b751934b0e79502b685af11d0fd543cddaf6b5ef
SHA25644443d6ca560b63718e7242b8c859a3f6a1bb0dd84415d03ca92cd8c1a883061
SHA5126da7f6a81b283adc9ed25bf86134a33d36d5a76622d2cce16a6e018a88700275990825b9f82a08278c89716a05640b138d4369931bb6f1173b0bd770d623e5a5
-
Filesize
81KB
MD578f4168aaeba4f6ae994137d239cf027
SHA18e7be3382cbb53847f1c2f5053f9133e81a8273f
SHA2567f58637862617d334311afabfc7d1215c6151c295058ed284c910ae55b48e299
SHA512f756ce873ee9baf7610dd8af480a01e06a1aa4025aa29db8e1560c66e9ef17634fde2af6bdeddb68cb6139936bb8e744f1cc320091b41994524f7c98f9e49f90
-
Filesize
84B
MD51e030f050b7bd3549b7323992ea9c60a
SHA1cf2809557f579d83b4522495295686f513406c5a
SHA256c1a116ba6dc470036bc6e48568d190f6766b924144290e8608041f077750734b
SHA51278c090fcff1d98eb8791e1662784298dee02edddc88fd28fd4be20e022e895e69129a0ad291fb2e3607eb8e75c488ab1128962fe8215aa558c76f5cca90b4812
-
Filesize
84B
MD526afb376830e37b10e8f258fd8476b27
SHA19654a2b12f16d11725162a5b51cec384d2bd36d5
SHA256f80fd62966985f0d0fe62533ab4fba811cb2cd50d3c7d1129b2087b4a3dc32ab
SHA512e265f708299507fb94cda6f76dd1b939d077a953abdaaac6857ac0cd50bbbf19129fd27b2be440a675a405054a7aa9ac6bac30071824309983775e93725536de
-
Filesize
26B
MD56bc190dd42a169dfa14515484427fc8e
SHA1b53bd614a834416e4a20292aa291a6d2fc221a5e
SHA256b3395b660eb1edb00ff91ece4596e3abe99fa558b149200f50aabf2cb77f5087
SHA5125b7011ed628b673217695809a38a800e9c8a42ceb0c54ab6f8bc39dba0745297a4fbd66d6b09188fcc952c08217152844dfc3ada7cf468c3aafcec379c0b16b6
-
Filesize
84B
MD503e6eebcbdaccb5d4dc6391772cbe275
SHA1e19803c8ea3900b34c2377fcebda62ef6f034215
SHA256a07baeac6a629d3ac2c6909294486e37f0631b33767adbd3c4930bb91f124787
SHA51261fbfa16dbe4a633c4133843d4377ef9edd2377967ed22894b45fe24af8d6c4651edfda0536092780d9048106ba80cca45d65f6c251d64f03c23d809c29cd670
-
Filesize
84B
MD58084ecfe42f3e824d43f5a018bdfbc80
SHA1e907148939183bbf55a576cfc68845ceea95cfd9
SHA256025d0d465996ecc95457cf566eadd882db4e98feeadf59607e1e78e894cdb38a
SHA51236fa8d82cfeaa87d1acb26427ec0406cd3c0486dd5bbc988b6d65b462a73a1e61b476dbaf16f9bda7c56aba65a9640128425a9a56c4052885f72011551577846
-
Filesize
3KB
MD5854a8341e89558365fa7b3fe7a2b81e3
SHA187a9ffd06218cafe5efdfbea53e88dc2809e53c4
SHA256586506b3e95e560a6663cde24e317de6a42efce17811ac60ee0588ced2d45e29
SHA5125896ced2003fd111840535224fca7471bf2b3dbe730dfde0d3621c0722573c545e67e0a9f8d5022ac6501c021b574da43f10f3d881f721205a166090b8d954ae
-
Filesize
4KB
MD56eb9f5d2c591b1d86c7c89e58d841580
SHA1f486e33b0efc5d6a656ed61eda9c68a13b6830a0
SHA25611c94fe8a8c31c0d42d13fe7eb5587e4cd3499c9b6a863a4352ed86494d0ad20
SHA5120b5ec097166ec0c9d31ae51630fc18731f730f78ffefea3f8b7b9a5e870359a1187f3ceeb6db963561de11c63b70051da39121f257e00317a2f80a33e00822e8
-
Filesize
1KB
MD5181e4d1b4dec34de96de3d8fb8c81302
SHA1bcbbb25c52c2c5f196ccccce54bd6342f7a07c66
SHA256f899a044be460faf1be4502474c0d78a2889a98b611254a985d1deee4ad6ba31
SHA51208314d506cc22d328b40b2ea3f58a9273480816d6bac82477c31178d8fb397da62ce7156c6708daf32d055efbfc27a3e3031edbfa986d5bef0ebb859b35d3ef5
-
Filesize
2KB
MD56b8846aaa3f059593ed202c225e3129f
SHA1a9ed0c5db0af22b2602862a81c02047d6252fc6f
SHA256efbccbe6c72dbf2d580f2eb659071afd5acf6041662f62842307e7340dfc3745
SHA51291ef651c4635c5f7b6e8fa7dc4b66160089d30fefcaed0eee30e30fdcb3a84f332a0a59f056a4521b84dab154a54e84140806a3ca890e5c088fbecd7f628f89c
-
Filesize
3KB
MD5c6eea6594a0a5b0e0bb58806e0500057
SHA1a54f1276951771f92de6a0d79f7e7532df5dffbc
SHA2564d603a679f287e28b3a155316537d29c6a20651e4e254a139564ae2486a785f5
SHA5126681940049954c532cb32fe42ac4d913c04a0e97ff20aa4a99eb729d60a1215ab70670b0233a36ad24d00ef824570a381af0f7cfc7d571bd8717d5c8218fc6ef
-
Filesize
3KB
MD5918737997a7bcd00211a8d2dbf6dd10f
SHA1c69b830499aab6d3e7b3bbcb943d4a14b8094cfb
SHA256ef098d6cf057045157739ff9ef856bf717f0544ccc0555f125746deb1dd4f496
SHA512369bb7bc5e1fb1fba08cedde228819e511cde78c7d4512c1e78dd3e8eeed0be80ed9103742d48e4341c6671353daf194312f4ab894596192c963948f8e24a51f
-
Filesize
2KB
MD5fb354f26fb51887a5dfc995f4b87918c
SHA1d2b99d27e7e42d3a1f69bb37df248267b5a6481a
SHA2568e426234eb214e57ad869f5cc2b643561a96921586a5a05b56d9677cb12f3239
SHA51289c3e68e29564355125404608fa7144e27770f95df592e1fda468e64dead2da64cab99eeda769b290f5a97337decfbf61265b44afe732734595dfbc8041df6e5
-
Filesize
3KB
MD5a3049af1c7063bd17fee63b773b6dbca
SHA14274053ee5abaad5311a10f47a52e4f871613cef
SHA2560c1a22f01bd37a422c97ebe7e8db3c94aad63e5910743421ac0107b10b28456a
SHA5124f65c444bd53659df992def985ff8891f29419057cf2771a4aa3b5dbd3ecbff1db6a066c985171ec6d2115ca77e8b7e524327a6282a92c29bc5035434de41428
-
Filesize
4KB
MD5c95cef93e0db963dafcaba9ac6b6d4a0
SHA1d927eeac81e488d57f60abeddfc1eeea26c57814
SHA256e25982065c2b71c8fb613b058bb033f8bd3151c290be69f06a5d7f87c48be1c5
SHA5124123b63011726c31fa1c253a319cdb345b120250be87d1ae9f618c419787d7349d6fe0ba915093161ffb5f7f96379bd5eda203849d930dbef2e2515aa0c69069
-
Filesize
933B
MD57a2726bb6e6a79fb1d092b7f2b688af0
SHA1b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA5124e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54
-
Filesize
240KB
MD57bf2b57f2a205768755c07f238fb32cc
SHA145356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA51291a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
-
Filesize
3.0MB
MD5fe7eb54691ad6e6af77f8a9a0b6de26d
SHA153912d33bec3375153b7e4e68b78d66dab62671a
SHA256e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA5128ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f
-
Filesize
37KB
MD535c2f97eea8819b1caebd23fee732d8f
SHA1e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA2561adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
-
Filesize
3.1MB
MD5aff55ff1a0d686ad405855bd22a932d6
SHA100b5db2b0322b2aad7aebd80d1d13372eeb85832
SHA256926a128e1ef90c09470460fab0682fa500640b96ad3ad6fd8efaff9ed46e97db
SHA51219bccc43eff166e1c701713edd6279d6c55b1c1277c2391eec73e6aebd201db762a52fc5a764900ac04441e73c573703ee29944c6c0a8e59d90b46b3279cd11e
-
Filesize
1010KB
MD527bc9540828c59e1ca1997cf04f6c467
SHA1bfa6d1ce9d4df8beba2bedf59f86a698de0215f3
SHA25605c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a
SHA512a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848
-
Filesize
724KB
MD5bab1293f4cf987216af8051acddaf97f
SHA100abe5cfb050b4276c3dd2426e883cd9e1cde683
SHA256bc26b1b97eeb45995bbd5f854db19f994cce1bb9ac9fb625eb207302dccdf344
SHA5123b44371756f069be4f70113a09761a855d80e96c23c8cd76d0c19a43e93d1a159af079ba5189b88b5ee2c093099a02b00ea4dc20a498c9c0c2df7dc95e5ddd49
-
Filesize
24KB
MD5e579c5b3c386262e3dd4150eb2b13898
SHA15ab7b37956511ea618bf8552abc88f8e652827d3
SHA256e9573a3041e5a45ed8133576d199eb8d12f8922bbe47d194fef9ac166a96b9e2
SHA5129cf947bad87a701f0e0ad970681767e64b7588089cd9064c72bf24ba6ca0a922988f95b141b29a68ae0e0097f03a66d9b25b9d52197ff71f6e369cde0438e0bb
-
Filesize
126KB
MD53531cf7755b16d38d5e9e3c43280e7d2
SHA119981b17ae35b6e9a0007551e69d3e50aa1afffe
SHA25676133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089
SHA5127b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd
-
Filesize
5.1MB
MD587ff0abb5efc83f54e6767b88bfb33bf
SHA1fd04159f8e72f93e12ba1eb47b744aa9845430aa
SHA2564a969d246de04d6bcc80bfddadad01c1d4a7eb09359dd919bf6a1599ecf064e6
SHA512bf878cc9b34ddc2c20e796f106f23881edcad51586a0bf4f325165f24a15f10833eff79a3f4fa516d19736415fe781965831b04f79677a9b1a65ae71d4eb4c58
-
Filesize
75B
MD57ce64148a04f2126e49e76842237735e
SHA15ef2433fcedc94a942b67a15e81062456e49ea74
SHA2562d3a9d9b123be568880faafa3b78cc8196e5e684ff8a7ac16e2e8b381931b6b3
SHA5123e818b983bbd79badd3fa3cf294f91a03cd4444b6a0c422d16c13d50136f112d34e8640c600d6f82b0fe5d460d17d0ff273cc6d4c6b6f3ea02ff6d64b847ce9c
-
Filesize
18B
MD561f32e48451b2f35c21103a2bd5b7db7
SHA1b8227be16f77cdd1a4ded70c22a799ed6311b77b
SHA256c6070d16daa3855a0da5e272df08940eeea459fc5337f2b7e85df88dbbedbca0
SHA5125d7501672c3a7d72d2375a2177fa680a6c68c2b00db381e21bdc205b1f2e8cefdab3637c928781c87342c2c9cabb44d25f1fa2882ce7b400d2826c724ae7841d
-
Filesize
1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
-
Filesize
88KB
MD54083cb0f45a747d8e8ab0d3e060616f2
SHA1dcec8efa7a15fa432af2ea0445c4b346fef2a4d6
SHA256252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a
SHA51226f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133
-
Filesize
180KB
MD5d552dd4108b5665d306b4a8bd6083dde
SHA1dae55ccba7adb6690b27fa9623eeeed7a57f8da1
SHA256a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5
SHA512e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969
-
Filesize
96KB
MD53cab78d0dc84883be2335788d387601e
SHA114745df9595f190008c7e5c190660361f998d824
SHA256604e79fe970c5ed044517a9a35e4690ea6f7d959d21173ebef45cdd3d3a22bdd
SHA512df6b49f2b5cddebd7e23e81b0f89e4883fc12d95735a9b3f84d2f402f4996c54b5fdea8adb9eaa98e8c973b089656d18d6b322bd71cb42d7807f7fa8a7348820
-
Filesize
128KB
MD57e6b88f7bb59ec4573711255f60656b5
SHA15e7a159825a2d2cb263a161e247e9db93454d4f6
SHA25659ff5bc12b155cc2e666bd8bc34195c3750eb742542374fc5e53fb22d11e862f
SHA512294a379c99403f928d476e04668717cdabc7dc3e33bcf6bcad5c3d93d4268971811ff7303aa5b4b2ed2b59d59c8eba350a9a30888d4b5b3064708521ac21439c
-
Filesize
312KB
MD5aa82345a8f360804ea1d8d935f0377aa
SHA1c09cf3b1666d9192fa524c801bb2e3542c0840e2
SHA2569c155d4214cebda186647c035ada552963dcac8f88a6b38a23ea34f9ecd1d437
SHA512c051a381d87ba933ea7929c899fb01af2207cb2462dcb2b55c28cff65596b27bdb05a48207624eeea40fddb85003133ad7af09ca93cfb2426c155daea5a9a6db
-
Filesize
312B
MD55fd9a86ddfe7bfce63018105b9d95da0
SHA15ae3a31cdb6e732ce1879d2cb74b7af14285eab1
SHA2564aeef5547d9d95d1c652323a69cae79129b5123df17954b12a33036597f7bf0a
SHA512f8a7ab108aa5b36783cef7e045f36b653f29bf05233da2fa3a0a414f079b4863aa610523c6d20409620cd6fe7cf8ef1a04859fc93b20a3d6e5cef2f7d61f0004
-
Filesize
64KB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
112KB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
520KB
-
Filesize
136KB
-
Filesize
520KB
-
Filesize
136KB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
476KB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
2.1MB
-
Filesize
520KB
