Analysis
-
max time kernel
67s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20/10/2024, 17:23
General
-
Target
636d2c354fa9439f7e72dfec9c116654_JaffaCakes118.exe
-
Size
808KB
-
MD5
636d2c354fa9439f7e72dfec9c116654
-
SHA1
9db6c53f049f90eea9a8e3bf2cea95ffd663c25d
-
SHA256
165839ddc5f1001f133c504b5a8594b40c6f0fb59c66b458de0f3839a30b3c72
-
SHA512
7bf1755f1013541cd1392147813ddec98fb34ea948b182b13b985b514318ebafcfe34bf6b711b79514a7a3da3a74a4b9dfdf75d7ebb1650c300ec6b4e0cf0036
-
SSDEEP
12288:Q8tAkq7VWdT2z8q3cn+DC+UpuGCxK4Oe1rXjBHo9XIQt1uPwPUB7MdkWPDruhQx4:Q8t7qgC8mc+DRGaTjBUXIwuPB8Dr
Malware Config
Signatures
-
Modifies security service 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 13 IoCs
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Adds Run key to start application 2 TTPs 44 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 18 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist 1 TTPs 4 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
UPX packed file 13 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 19 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 14 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 2 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\636d2c354fa9439f7e72dfec9c116654_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\636d2c354fa9439f7e72dfec9c116654_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\M6Blrcg8.exeC:\Users\Admin\M6Blrcg8.exe2⤵
- Modifies visiblity of hidden/system files in Explorer
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\xirew.exe"C:\Users\Admin\xirew.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del M6Blrcg8.exe3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\2buw.exeC:\Users\Admin\2buw.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\2buw.exe"C:\Users\Admin\2buw.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\2buw.exe"C:\Users\Admin\2buw.exe"3⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\3buw.exeC:\Users\Admin\3buw.exe2⤵
- Modifies security service
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\3buw.exeC:\Users\Admin\3buw.exe startC:\Users\Admin\AppData\Roaming\2B8DA\B5429.exe%C:\Users\Admin\AppData\Roaming\2B8DA3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\3buw.exeC:\Users\Admin\3buw.exe startC:\Program Files (x86)\DA73B\lvvm.exe%C:\Program Files (x86)\DA73B3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\LP\2982\E63.tmp"C:\Program Files (x86)\LP\2982\E63.tmp"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\4buw.exeC:\Users\Admin\4buw.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\2ed7663b\X*0*bc*5925d399*31.193.3.240:533⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"4⤵
-
-
-
-
C:\Users\Admin\5buw.exeC:\Users\Admin\5buw.exe2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" http://ginomp3.net3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd828746f8,0x7ffd82874708,0x7ffd828747184⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:34⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5365633050861452875,5423241979847658570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:14⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 5buw.exe3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Users\Admin\6buw.exeC:\Users\Admin\6buw.exe2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 6buw.exe3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 636d2c354fa9439f7e72dfec9c116654_JaffaCakes118.exe2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6024 -s 34642⤵
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 372 -s 60002⤵
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.11⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
6Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD5de2d445daccc5b2b829bb8cd9c88d325
SHA1d07fa1955d4079231b2c58daa8180218e92b5ccb
SHA25613605126362023caaf25164f6537c68dd10b3fc2f8752d30976748add42cb8c0
SHA5128457b1d87a152c21046908f46d9e0629832be0d684d2ca82e0f4921cb09e39e40c51f5025b3585cb57c33a95dfaa8ceb7ed8b263aaa28a1621447ba447ce4bdb
-
Filesize
116KB
MD5bd1a291f9ec6babc57a9a10ef3eeccd8
SHA1f892c892c66438d1b2fbc2970eb316b71b5b1d17
SHA25653e7bded82420a720eebe31186fd312770ee2660d9b7484f326756febe0d475b
SHA512db87931c856ef69601270015dfb45ca82743831e8ebd64776d243c3feb3c48252558c43045d66a7b5097ddb8990a4839f469cb0ebcd3488a14261f87f1c292e1
-
Filesize
275KB
MD59386d0870fc5654e6389249229cdf317
SHA10861e5e251519a76e053329ab6730bffeb4f8542
SHA25683936516b54343d4223e3402485c0a4057a7a5157430ee0c9cbd010355d54a9d
SHA512d6b32dd869d90f4d2f385e7369cb8750cf2ae273047b98d1f45e747abf50bffd4a1e74ab2a283ef64341ce4c0de6191c4682b9932e3b5438d2d0637d960703d0
-
Filesize
270KB
MD5bf356e67d69baf8a9338b01e5a013428
SHA19f0065e7a53864782a579972dc8f4fc5b951aa99
SHA25628f3337df7dd25a754c5d9c6f6634795b120a06f4e11f82d060cc083a57e9fed
SHA512dd972b8b8869a6251e08e3218c58e25f9354064d7c7d7b1815f8b09a3b3eadfbb8d3736a83e5646874f94669f0bc68e219720ee4fd4289ecaf13951bb02c88d9
-
Filesize
28KB
MD5adc0dc58d647bd292f13ae0f271b03de
SHA1a4faacc4093a12ba91cc8c3af8febf8f75998f3d
SHA256cfdc20a03a9fd4292135eeffff1f2587727cfb0366a373f818e6bdf7c88153be
SHA512b40910fd7985fb0dde2f5dd36be88184199443be41ef48262c873ae4177fc961e350a7002c7a707a6eaa9847056699beaf6fd5faa0dbf354115dc2c3664dd552
-
Filesize
60KB
MD59fcc39f6fbe56574d466cee9cc2b8d50
SHA1e598ca18cb21ea62efb3a6b6bdb4c10e48fe6617
SHA256248f8d1fc62061eb3f12234142e102e04d58f7069fe13263cd81db4055225297
SHA512c415b0dc4e19b91999d908d4c260778dc4e7d75476f4f3a1d315355298dd903c2d0505d60e4fed27da9c845b252fcd59f00b83d6848a1bd0a8a539520ef5f55b
-
Filesize
471B
MD5d2bc1f6a28aa9917974c732dcac8a484
SHA182336351439dab67540faa8b5f175c1769952c3e
SHA2567bb275fa411b00f8ad36938db7b5ecc419a4f24682c66363288675c558aa9968
SHA5123eb1033be4d37cdc81d9a237320e8c4b9a06e86c7c1f725cfe7ba8a7228bc95c001661d540fed920294886ca182223ccf51069c6409b659e5e1e9355289f5a21
-
Filesize
412B
MD5d3ba1f74fabf5d46a428e10a7915d695
SHA17026c9b23746aafa067e725e28fffb58ce59ba90
SHA256e19e0ef133a85c8fa5afa614906fb56efe5d00a3851bafed8550abfd0b4eadb1
SHA5129b7b161c152feeb4d87ac76a333085abd9973b7d7493d9f0d1e236d920ae62aefe565c9993bf4882ce765bb6c17c2340d7e86387c7d2fa6912e0899e9b0e4744
-
Filesize
38KB
MD572de2dadaf875e2fd7614e100419033c
SHA15f17c5330e91a42daa9ff24c4aa602bd1a72bf6e
SHA256c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381
SHA512e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3
-
Filesize
12KB
MD5dbe713d1c736db886ace6f81f9a91602
SHA104b80f75d828ffaeaebc9b26a4eecb82c85e6381
SHA2568181f905d49c57f41743bcac6a536ec4527c1299c1c5ff4d5b78045990a7cfc2
SHA512a7402f89e591b4e9feb9addd4c0b6a5dbbeee15f45eeddd526d4317c46bdc50656a037e133d1216db03cd2b986a56c91a5413aa9a536015cd80464d25fe75848
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
5KB
MD5df99feb4256b549bfbdbfff2968beb07
SHA1a1ccd7eb5d11385d3f246cf03f3a5db97030a7a3
SHA2565d1d3d7d8efaf8759d66585921b556bfb25b493978edc20cd3063ef952cba1d7
SHA512997d1971cd5d5d4edf432cef903270e78d7395a20dbf2b70eda5c7ea94edd503f669d1b03a157191392fea57ccd80cd227134ade01015ec4957d2a349473a2a4
-
Filesize
6KB
MD52883053e7d48037c2757551a30be2b45
SHA1fda2a142d8e3a6005b81ace9394d92f3c9647362
SHA2569c31a4e0b988a0e7178e4305415ee8a8bac05cf65f5582b68eeeebd5ae17ff9f
SHA512914f4b906aebfc1030f2281214c8de4386b38bf7c1afec150862bc080e83999908a624caa7f46c4072947dd3e60e0b7e1757c37453662d26c9fe86e726b34625
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55e416704b800335d589cd6612212a9e8
SHA11561a62851412f70ab5c2986f0cf7583bcfd5e58
SHA256906f5c783f14beb46b6ba322ce0c626f17e833e9315101b6601ed73c543f442f
SHA5126a7481859567dd757b81b1d100e8ba2cdbf3d92a171e5263e64e0977340d18c09fef274a671c9012188f0c0b8d6a13e9b1190b811c062546afa6b1290766ea8d
-
Filesize
11KB
MD50f78e5cf37b91f32eef184789696787a
SHA16c1ea7cab150183eaa75d91481aed38a547f665f
SHA256c621102d15227e348f497c3322dfdebdfef96cc4e8268feaa60058bd39421895
SHA51209607863816d44e8a4e3a749c4e303b2cc7e494e19331887b6937f806f05a5bf0a524748bcc0175de54b334002a89a25eb78f570718891334c4c8be24e0b2d9b
-
Filesize
11KB
MD52d8f3c52f2b5bce27551a750b1052c92
SHA19d12a4b9ac054fee91b55e314d8728aabb2fad94
SHA2564cc7802ff61d6366fcbc0f7b50f4a268e3e5d5625f6136d0f2480593b817fae5
SHA512cd70085d579e739eff9f860bc93b224412037e4ecbdf3aae217fe3a5e8492f899ee951025657637134a56416b3b99c588320c3fa0978c45a0cc14425c3bf53eb
-
Filesize
11KB
MD5b4469d5ae853061f27de8a76e0a97724
SHA1f4474555d8ec2e3b13839b5492fef1f399d23aa4
SHA256968e3ea4f36f88870662696938fa5a8562ef4d502010fd8108fc77269c49a090
SHA51254768067bd8c2bd326356cdc2d81ec2c55ccb695dffe6892b2df2996412242117e94d8a7f5b386189a355a1bdd652a2f717cdf43fb537191d35a20872ebc2e36
-
Filesize
12KB
MD53e6ea2209f353ccdd30fc1105a830b5f
SHA12f7a20d9ddad3b8d86746c415d8cdb49cc0b74ae
SHA256a89295b67746f822e54c71d7490b90c17dcfb3fad36ad294238cef83701c9fbe
SHA512e0fd4a9ce92265c1770d0c96ee517b7b36d6fb7a316a3a17dc78380a308f53de5be2e8cc848706bd41f79dddf60a6991b0d7621c9c87545f27a21ae0d1fdfa4a
-
Filesize
2KB
MD5b0b8f9e195b09e7a9d5bde49f30db3ae
SHA1d596020cf24f72c2c3bb59aa4666ef0c7074edb6
SHA256921c8ed26008276454a3b82c6bb2ff1c7336125d3fa5e8b41083c893dd5c1a18
SHA512144e04f195c11c7adc216d82330fc90f50332d4a146981a2c30cae98a73d1ee1632c482094dac1ff6384ced47a4167c05ef88e750c39ec2cf0bc6249a399df8e
-
Filesize
75KB
MD57ee2c06a600408d271acf80db2d9a3df
SHA1e60868e0612696ad9cc79b039542e3c3e80bd4db
SHA256c2a23c083264ad2c266bc2eaf19f67986dde994b670a2fda4697881de421c6a7
SHA51263f092824fdfe3b796d671d05f29d019e32499ed7500a121c9b480e1283f5d6415eab3266f4cac2397773b6ef1f3cc1332db3f778e4809e67a9f9f65714788ea
-
Filesize
97B
MD5539db492f33fccee9be530dd0bf34a46
SHA1650b2a3583d6c9499b4ed73e9a5dca37f342a50e
SHA256f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999
SHA5129328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a
-
Filesize
600B
MD5359b7d74e7a06ecb8ff6d359dd749db1
SHA183d0b513fb9bb541562c5e71d9618e52406540cc
SHA256d9c0b7e8d50befa59dd2c31039af9a55dc7811e5a5b1f6fee33270208ea52f73
SHA512297fe371c0d6ac2e0ccf864217c79d3b1cb4a29999d30bb79eca8702d65397bc3eb967858bcc092eaed8509b60720db3596861e8bb841c85415c496b89865d34
-
Filesize
996B
MD54c103fe6638b4ac89a5b5b56027f3943
SHA16bb1a3d9ddd78e873e461e18a3d43cc1587faf26
SHA256caf9a0aecc5bf222b84317109cf276a04c57cd692b17f77848345ca5e0461ad9
SHA51278a13e98ab6181177569e7a870e5c6ce05e7d19a4888f92565b8ae6047e0757933393b18486464a18bfc8186e43298a42659e5468426a9c00e2437f3e9ee7d57
-
Filesize
1KB
MD508ff98797960f7a97193c7ca2bf35909
SHA18b9a3a01bf49ff076dfe0cad8f0db8ccd13d0a7a
SHA2569c94878815ed5ec12c6165433b03702368f8afb115ee1b78c64d8fa1cece1656
SHA51262bd444edb72e7dbda327f62aeeb06d59aea60f1c37e89ef8b282d886843fdecfe2a5805eb1843c40a98c38f10f66aca5fee862ec81de77d9df5bf99d469c861
-
Filesize
300B
MD56bf0c69f3127b19fac19a562c5ce8eb3
SHA13fc1a170f145137ab594dfc2df50b473076bb602
SHA25679ab9a70ba194eaa59aeb57bc84765e1bf7a980e87dfb9cf279faa20a7147958
SHA512c23b7f90fe49889c49acaac758746087e3a225c41aab8d615d01cd4c656440daee9137f3ef984aaab8b26d7edc77e7cd31f00f4f5ead8e717b9558ba9a83a0a8
-
Filesize
260KB
MD54fe76d5388b2c5184c01ae8c8a779f7a
SHA14cd9f87e14c754a5b146c2ad85a4b151ba42350c
SHA256045455be09c8458c69e7752f0b86579109c389174c1715d1340aeb014f79a4f2
SHA5122d92bfdb4b09efb941681431f143c07618d39481d292c17bab8ae13809962dbe3582747637205eecaec05d3408630feadb69b86fd8f3a8a30f6fe2511f45635f
-
Filesize
260KB
MD5439f42695b71c1f523d71177ebd62c78
SHA124ce4fb7d67d8c4937ea8dcfb1bdcc1eb637a61c
SHA256686218a5520823ca7704e3fcecc0806d53e97415e449f3ddf2a49f1a5faa43fe
SHA51211cfe805a755686494bc9f543cb8ba547cf5219476e36b0cf89ff79711b4b19d9c7e53e44f2fc6f48ca02d636add7e3263ba1bb543871106304b9bfe019731d9
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
432KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
340KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
432KB
-
Filesize
116KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB