Analysis
-
max time kernel
700s -
max time network
1053s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
17-11-2024 05:56
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Malware Config
Extracted
warzonerat
168.61.222.215:5400
Extracted
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Warzone RAT payload 2 IoCs
-
Drops startup file 2 IoCs
-
Executes dropped EXE 26 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 7 IoCs
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 10 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 50 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 53 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 9 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 25 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x248,0x258,0x7ff754935460,0x7ff754935470,0x7ff7549354803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3548 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7264 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3183909158859419532,18098948073905423649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Jer.html1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a47182⤵
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x3441⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\San.html1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe714a46f8,0x7ffe714a4708,0x7ffe714a47182⤵
-
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Scare.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Zika.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7z.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7zFM.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\7zG.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\7-Zip\Uninstall.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -addoverwrite C:\Program Files\7-Zip\Uninstall.exe", "C:\Program Files\7-Zip\Uninstall.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res, icongroup,,2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\svchost.exe" -extract C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.dll.sys.exe, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, icongroup,,2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe"C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\taskhost.exe" -compile C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.rc, C:\Users\Admin\AppData\Local\Temp\188f1ffa17c1437fa5e4d60e7b20500e\icons.res2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Yarner.a.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xyeta.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 4842⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4768 -ip 47681⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Xanax.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 4162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3232 -ip 32321⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\ZippedFiles.a.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WinNuke.98.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Winevar.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WIN5FFB.pif"C:\Windows\system32\WIN5FFB.pif" ~~2411315152⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WannaCrypt0r.exe"1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 238501731823519.bat2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.exe
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\WarzoneRAT.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8621.tmp"2⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\White.a.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Whiter.a.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\notepad.exenotepad.exe C:\Users\Admin\AppData\Local\Temp\~sn8352.tmp2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Satana.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 4123⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Seftad.exe"1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Sevgi.a.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SporaRansomware.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\SpySheriff.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskdl.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\TaskILL.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\mountvol.exemountvol c:\ /d2⤵
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\taskse.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trood.a.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b9fc751d5fa08ca574eba851a781b900
SHA1963c71087bd9360fa4aa1f12e84128cd26597af4
SHA256360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb
SHA512ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757
-
Filesize
152B
MD52061f7f8995a481e9d779a7d07d8e403
SHA10011710c44ec76fd5d75a1b91bcc4a3775f5da2d
SHA256c29bba01ebdc26ae67e3427b0535fa84483b1378f2200e5f658c65c83e1d717a
SHA5121411e940b141c3a31ce660f15f07b55614206ee4a7593aa49bcfb205260c17831b06c5fe26d9a5e7160c7c18a64cfd9b63c14097d67575db3cf247d63d41cbdd
-
Filesize
152B
MD5d9a93ee5221bd6f61ae818935430ccac
SHA1f35db7fca9a0204cefc2aef07558802de13f9424
SHA256a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968
SHA512b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44
-
Filesize
34KB
MD5831fe2af47b18da1a29e6bfc17796484
SHA1a8ebf01e0b329d65012506994f8682a99f9287e7
SHA256aedc80665242d69b0518ffb0b787617f90a24ffc67cf8587abd9326af4c5305e
SHA512e0f08017a1555ea5d07d74bfc3576ae7de2065b68ba22b83573e25607effa078fb080c422730e656847f7bcea3bf5187ad59a5176db212dcbd3fc31689a458b9
-
Filesize
1KB
MD5c5d46dba659247099f0e6b2f0756ac38
SHA1f5945b0ab6352de7f19afd010ec32836deddd8e5
SHA256a0ade09691c614b2d74e946e84222a9b046db1b1c32f69e64c497b94c84a4350
SHA5121f5e74b955b5c845f65d3fe4eaf9a819218e7c21223c5cdf67ea418e173c8c75e46b2127f27c9f3304f2603355307621b6ac74497a41697d219517e2a4eecefa
-
Filesize
2KB
MD56f1d1858c8c5ec7d755729a1fcc709dd
SHA103372dc0d744e237975ea0773c309b3ba8b8ba1a
SHA25610a53d6552a66d57fa16a997b82ed9762c5b53a4748d255fe344adfcafd7a3e2
SHA5128fb73405e9cd2ab4c6e8121526c3b5ff0936292eee39003e19995d11db8d5afb676be42fb7bddae79c915f5b1eccc9e35b1f159c2a9f39e4f601f259e9746093
-
Filesize
2KB
MD5ef4bfa69a3ddbe15533488843f0a5ea2
SHA19330077849401a6ac6123ea4bd24a7583529ce15
SHA2561893da374854716432f689dba849f4e167c2b8de0dbd87ec93ecef05cd491fc6
SHA512b6c8d5c548321a02466cfccf7cd1e85fa7c3e5a9928a53b01976ce5c351af89095211b8c358cbfa8891d8d7ebc18640406af103b84f687104ccfa9d5de34f071
-
Filesize
48B
MD569555d75ea2c0a13ab012b974360ef1d
SHA1bab29e52342c27caa7dd730de01cf630e7d0a04e
SHA256d00f7e4c9917d00b9d2a4f9499e156a0960db66ce8855a46c8edda6b01525f96
SHA512a174a1a65d9496d6f25905873fd8387e75681ea0f9d8e1ecd2f0f973bf3ea896afcdd5e9bbacc452626dcb11474463a54a8aa9948c6be35c284709fa83df9449
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
870B
MD52d73861268bcb45d896e7ccb0fd60442
SHA1bbf6d6cfe7cf4a0920ee81e95cc1c9f3c19c2d76
SHA256b00fa7c7f9aec3f8f670f6bc22829e416c993051099b5652d9464db2e6a2cb79
SHA51200400a32d4bb931aaa63e0664d079438a75c411125ff459968fe80ee287b3b4c73339b04fbf18b9342b00edda2b49d157b5d9ad9b1fbdc43f16eeeb43edd02c3
-
Filesize
3KB
MD5bb77a2ea36f270f8b327a760b5bf7dd5
SHA1f82d9ae7c2cd4b001773b7a64ae19abf395efe57
SHA256b8afa45e88b185b7fead8fc071650b1b64c4a386c12893c2e3ef65109e04a385
SHA512a4ca4841d34142abd9c68a26acf99c2a6483c0170a6e3bb7fe2443903db3f217609a52d915681b872cd84c921f314e4368a3cc543d37ac50161e21e0a606c52f
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
5KB
MD53f2c6eb5f2a4c971d80d92e2718824a1
SHA1f02f3f79c76348867c3be4c6fee669dd48539f10
SHA25646f8fe94d49330d0e9dd62440323a76748540add56c7014017d1a4b65f3a62ea
SHA51224a9ee1cc85cb9c9d9d988f5990f334032ddc032f2bfe3914f9002d7f972faa1c74d7d91a0d67ef033b36fc54503697d306aadf637bbb19cc8a580daf9688dcc
-
Filesize
5KB
MD5eaa153260cb8861fa47f88f74694e16c
SHA1e13609e44e77a73bf50aa987187f990e54aa6ecf
SHA25623a3d1121e282e85e59e36d1289e4769775a631834aaff2e20328ed2db2c48b5
SHA512741b4ab762bf7426933a589189b080768c39e7ed3fefc958995f8cb4e7ca46741a5b415b2fed8f3fde7415a27a20fd9879379d70d6003e794ff4d4cd749ba27c
-
Filesize
5KB
MD52c4a5ff598c3e6bed58c4c657ced85ad
SHA1294ebbaf3ac96ca5222c158ff9f7317031d991bb
SHA256f8e2c28a09e3ff8fd7fdffd35613df288045f90fc35cc708e50779effc06372e
SHA512d24d52c695f7b35d63957694de514fb3086df6e867fcce197225fee08f20e09a5859f4a557b090f226d40f738279c74aa9591e0a5506b792a4036043749d9ab6
-
Filesize
6KB
MD5fa191513248e7364ef27083b16258eb7
SHA100d107907913ab4929b7661acafd8daefaca4ec9
SHA2560c7866095c62d1f1b2452784d917c575bfce84f94ef48c2d49babf5ab4b62013
SHA5121a0ded880e9f3d53f14bede434349472072c29a7bf0409cca327565aaa2da54769b800f8bff5c91b1151896cdeeb47b9558deb5e5d1e7071c596ec9a3f047d65
-
Filesize
6KB
MD55f9f3eb7e661d2337aa709bfb5a37b10
SHA11e71c022a18a7a5962d71419d41be88059eb6cbc
SHA256139d240e3a4f5a129f2fa427edc77db7640b67cd84818bfab98c55bb1c73ba80
SHA5127c03d2b5aba6e9dcd4b438ab93cf429a99529fb1fb4d122d6b3e9b2713ff9f7b79c24a0dc0a496726467fdf744ad63230c862f4c98e3706473fee1de7906fc29
-
Filesize
7KB
MD5ff24f1d574f84ea525223469c8abd070
SHA15a3dbfa55e86b81c782047449835b9f71db9e370
SHA256d4c8dea42a5f93827f1eaa97ca69d6a5abfca08bffc84b86008ced01f869502a
SHA512e9eb4d854b4aa3f01eeecf620eb717fedefc810b0181e8d6779785bf05503e8e2f606f66bafdd4e9b3242acd7dec1df726d07b537d65eb6558306ec72203f6b0
-
Filesize
24KB
MD5f9055ea0f42cb1609ff65d5be99750dc
SHA16f3a884d348e9f58271ddb0cdf4ee0e29becadd4
SHA2561cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348
SHA512b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4
-
Filesize
24KB
MD5d3412a01d4c3df1df43f94ecd14a889a
SHA12900a987c87791c4b64d80e9ce8c8bd26b679c2f
SHA256dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be
SHA5127d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e
-
Filesize
72B
MD5ad6028a386cb576176edcc759d9a859e
SHA1cc030e8fa9779eb43c68d1667016aee0ddd98d9e
SHA2567c50775144327db3a09cc1b497f3ac5c1a7ab0e200b82385ecb441cf0c25f5b4
SHA5125fe56c4ad9ca7b123bb498bb3d5003b02363977ae4da278c6c3c723a1cdc1635ab22c0500456761c0569115e2ad1b5680edbcf4f572899e43a68903e204bcbf2
-
Filesize
48B
MD5018faef385ccc44a2770a549b4c1abe8
SHA1ce3c55f23568003015755a036fc1c70dd8d41805
SHA25627ecb8ed8cd4ac05123f1c49383ac769d405124db3861601f64fa99c83bfbcad
SHA5120c878befcac0de02dbdcb08cc25eb89e5011b1c6d0ac866f4b7e36c5a59f6dfad708f9f0a519eedd402752421c589396ca6de88dad0cba12cc3ff28d0140d0d3
-
Filesize
1KB
MD51193ce3618be8666d5f6d8b5c3f6ee51
SHA1245f683d46ca74732ba14a160ff6cc5282b14ae0
SHA2561fab4a52982a092e62648c0663668f4bb8bf01f55d8e90260b8e1c510282dd45
SHA512921e2c073098fd62a9735fe6f4791b97472d017f9a807ad2b20d6dbbb312f956cc497a2025640aadd2c3b2363373eb6f70e2d150b558940d2e5918205414ee81
-
Filesize
1KB
MD5070799389fd916292a9e75a0156bf3e8
SHA1b2728bc415651002e01d2f846d9e4c2ff7f32f14
SHA256e6579b1e0902f5ed9d10d4ebc894f9792b5c2bffa9d6a7ecef41bd00668fefd5
SHA51275709e527cbb6ba5d57c4ef51d4d8cb7a48d2355781c4c84d7ce4f7ff8f2f2848ce90b368b2029931316c1504aa72625624b3af5524190a58ee9f3094623a142
-
Filesize
3KB
MD5cca661ad2bd4863f4225e8e4b73bb32f
SHA139b520f7f4dce9ac8c6e0107baa118e4fd512b72
SHA25686fc1573bc136a0989bdf16db949b1770c160f151fb0477bde36a20265dbe730
SHA51216b69ba8b72afadbf3d6952e58613949ee304275a6b35e60b25b5c1cd7d0fc44da330509b2fa0641457fe1d7a89f9512090a57aea917a17bf9016df162c55d3c
-
Filesize
874B
MD55c0d4bf6110ac732c02ac4620855cbda
SHA1005556fbdbdabc9f6fabb0f862406dc4c68da25c
SHA25607d5692e331b2b57232b016be06a468435c746dfea682d05f8e929df850805cb
SHA512b5382723fcec0a042baf114cd7b1d379b0b19bda2952ea668e39e81e45843266cf5a09c473db0cfd2370a4781c5c14720194f1ef3095a8a9418b16162d4384ff
-
Filesize
573B
MD5a6d346f58cbec0a6e4015327b25f1537
SHA1750056e65a8b1c20b1a6051f5adcdf35821a6ac1
SHA2561a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56
SHA51274e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD58518541e96f862e010c810807465443a
SHA1aad8ef95cbae2592c5589af68fbafb3b637544bb
SHA25617214a2bc0ebb693cb0f8f55755c870f027a6c0026cc36d01938d9a7432c933d
SHA512662f8875e58443800a81b86c9353c7b93f78e55ef6794a859c419c2ed520092cfe415ff184ffa477ce75fda9c2a05b1633dcc11d52284dbc25d9e1b969f1a8e8
-
Filesize
10KB
MD581bdc442ec71e5c2be2c19d36fbaba5e
SHA1ba7749752c0af136281b5d43cebe836dd7d01f65
SHA2567a4ce5a9ed6f2876864ee91d010eb69bb7f1776e2fd7ce2e20b5b476c21c6466
SHA5126ff64e6a4e1793fdf90edbb5a34b18b50ecafce0459c695649c72e941eb7455d58335e7f1141d06b0a1b13c54dc0c7527ce715dc73a185c9a47fc3c20d5c7c91
-
Filesize
11KB
MD57d5cc10ce2c3ddc5b4e043d56f21460a
SHA12bee1497c3a61001aa721c0f113f464e4085f05c
SHA2560fefefdc5b0d3b78ebbf3d8b6018fe029f3aab85017fc3878c733db0faa56fd3
SHA5126368b99962381c14e4b0e650aae74699d0a914acf8ae9cfde737b7c812d8de708ea3fc726b691575ec6826dca3e1a06753f2de99708184fb5b017a21f6d915e9
-
Filesize
11KB
MD5a0600a89e430e86cae72f09145d451dd
SHA1bd547e636639db73c09774af58a8ff5c25b3e605
SHA256caf1e5f3957efca012618f13e5ad6ebce3b348070f9ef5ae3016ac24b25db279
SHA51229d8f2ed970e8a2c220d872425faed4b4177fd7f5365cd4ab20442588f49bdd661949f053c8f9d06cdbf0dfac4a714fc6e7dd25eff77bce6e923a9f4360ce78a
-
Filesize
11KB
MD5e2b062d4c84a37afbb330d108cccf8e6
SHA16c669b78c2735665db64a1614b59794b93d1dd36
SHA2565b3486d63828f7f6866f24273d2f9ab236120c6d852c04d35c248d97e9b55d69
SHA5123447bc6d4d0e0207a74204c36866b83d53053d816d6baa7a93003c6438960912f3886796da91c49c4fcf6520624a6575ed070697d96792309fda0a8fdb86853d
-
Filesize
11KB
MD564b2a9a47fa311c659e40cad9b6093b9
SHA13bd82269f9b5b3e9a890a961e6d42dcdf2b22253
SHA2560967883b641c4d806a7b777c0cd609099c3aeaff4200fa9491e2a48bf74cd636
SHA512d006274d3a4d60355df8bbc61b0bcd48adaf8f7ffe72d953388745511952fcd773e0d95483231625b3ca7972c746d27a173ae80ec2a72e9cf69009b26924ce46
-
Filesize
32B
MD545d02203801ec5cae86ed0a68727b0fa
SHA11b22a6df3fc0ef23c6c5312c937db7c8c0df6703
SHA2565e743f477333066c29c3742cc8f9f64a8cb9c54b71dbc8c69af5025d31f8c121
SHA5128da0bf59066223aab96595c9fbf8532baa34f1f9c2c0dee674d310a82677b6c7d6a1cc0bbaa75262b986d2b805b049ec3a2bfb25a9ae30fe6d02e32660f15e83
-
Filesize
44B
MD5dbfea325d1e00a904309a682051778ad
SHA1525562934d0866f2ba90b3c25ea005c8c5f1e9fb
SHA25615a3a3303b4a77272ddb04454333a4c06aa2a113f210ba4a03314026e0821e6d
SHA512cd853c67c2b1a44c3f592ff42d207b2251e8b9bc1eb22fc12cd710329069ef75abffccd169418c4f9bd008a40f2fbbfc6904519f27fd658f316309f94b8ff59c
-
Filesize
3KB
MD5b3f384059d101e86ccf932b5a8789a39
SHA17f88ebec8ef231c1955dbf0db4862bf560acba17
SHA25666e6f762ff3156e7d57a9c3c3140386163c6102b50acc8e122bf9af8a8ba1919
SHA51274787b17213708d7539eac45c34f7d18b5617eb820fc4d62240a6c1f5e642f06e0ffcef58e33ff6c530429acf18f56331c6243c8e6dd0c308250c0e44e1f1f83
-
Filesize
3KB
MD5352c2e9d079ed83145230f070c61f4b1
SHA16390056fec40a35ba148170c6b651a5311b87485
SHA256ef6a68d16a6a0932724a2238868f998ea4ac2ab5d4994bbf9387547e46ab61ff
SHA512ab1408ac5d519134348795b918e9ef93ebb36f5174be53dd40dbce53870352f512876aa9617521b932f1e20dc1ba15d1d9619f39bbf012adceb6042516d1c2dd
-
Filesize
10KB
MD5e8d934d57cf673b256f5e879f28bdad1
SHA1c5057ae13d0cd254e0e248abf4ae6dc13fa584c3
SHA256a2ea4d695c24150d0c89bdab4431e6da645c904eb3bc7871c2f555024212a686
SHA5121bdad654d1dc3109ee0f3e887f2301547e20bd640f285a16dc788c4cd2ffcea736c3c85be06835046c026a397d5c93300e151c69778f956d6aa28e6beb421127
-
Filesize
10KB
MD579e3d17cece46d64a3eda390981f1ef4
SHA1cecb80d2bb84c4cde1147128cc1204175f7a71ec
SHA2568a21900e609e66aea7e3c04aee28a6b5e6e201933dfa1ebd4ba738b71f32d21f
SHA5126aa17ba04f15d7b726c432416eb96affd34a64c44a59a3c82665778a76298dafa2f03a9a1f99a7c6fe971f0f0cd835f80ad4083b6a20c81e60080f8f1cd9be72
-
Filesize
1KB
MD5bcf6b4905f02a1cb93b64888692615a3
SHA13ba43dbb3adbf7417a0746961e0b47d827e088d7
SHA256886dba6992f4b7a8ac2fa15ae6f2c82ee2ced8b1a75da386eaf1cea9aa12558f
SHA5121e116663343abd59ce424a5a70f42ac654dcefc3d7de203c572464ba692b1a59def575412e70b5aae55e9ed183e015c4c8a4405b8243633f9651da8a0ee6a3e7
-
Filesize
360KB
MD515a43ab68e372101d9b9f0d115d1c228
SHA1684c1b3ef813f73c1a862529a75a820cdc261cbd
SHA2569524b97d029d87575b42e74738d93d597219ce189ba110cdfe874ee4fe85ec6f
SHA512bce4637a77534db6ee108b231d16f44165da3e3898650261bb138104557ceeb7dfbb96094af1d0347d22309d8ec9a7b4bf893eeb4ef1dc3d6a7b3cdc76eeb5ac
-
Filesize
440KB
MD5971e24bba5f3ab0b3936ed68d1b93d08
SHA15c803e4160fcda33638fd9e02ce7c04edd7a7d8f
SHA2566256d18f901d3510765fff2937948c12fc7e3e5a5840aeda8953fb3ebfc7fdee
SHA51258f04e4e44650e37b1cf4d8d2656eb0ab99093af3517d1eaf3f6a99340574e0fc95b86fec8e07951125b5f5254d84a8d93d10f827f43cfd3644a1b87916ccc62
-
Filesize
840KB
MD530767084dae915565f4ce9da76f8997c
SHA1e6bd168796571f188bc22caeebeb3a1a2040d595
SHA256c5d25506d780c4d9ba2a9d5f179545cd81883d3a99b56fad729d494b0fbb6a19
SHA5126de7b90dcea3c3a95a71f47602f6c411fe600c02538e31663bd0aef226ae358cfcd9c33faeab4081ddf4752c638131b69a53f0759c1651c9e7151cc4af604837
-
Filesize
580KB
MD5eef9dca59d4f87133fbfd1ba493847d0
SHA176254421b4d718a2c303a7a012723fc38b9fbc61
SHA256f31af155d09eeedcb398907284d442d18e881fbc68b135d9bbff592e29f96c09
SHA512c6fee4acbef7f96d17d8582fa8e2e08613a2ec87b6b36a482919046dd1bd6065d729e1c7ce22b49f3146afab89720e445ab39d11c74a41b28fa6e1a716c496b1
-
Filesize
520KB
MD52f0655ab5647850a41edfc67f63fbbab
SHA1a8b865fe69d23b5a0258a0b1066c29063f99b2b9
SHA2569abfaeabe4b3cec943dc5218567e2c064fd49e385999411f05afd683865ce8b6
SHA512af96ab2814a2942ba58030228294801ca63b44f9ec55e4756f2dff8b24c4fa40cfdd52ecf540f113f5481f017775cc7d653db5784309f52f9659985747ba1875
-
Filesize
800KB
MD5b2395ea672bf6c5e0bd67e75a15baac8
SHA1237f023f90d76cbf633a2ae008c581a282df075a
SHA256c548ec5eecc1553d89c84bb15c123c5655811f232e509ae549b5447255e0acc8
SHA5126229c82cc60f09730181c0f4cd9ec12a5d8e93cd6824b84c204c7b5b6049cad7560ce1942d8398d2489ea0dc4b7ade306a2ba8d8d58cbd0b9d443063a91daafa
-
Filesize
340KB
MD5f81d8f6c553d4112a5a81b9e5bc7fc33
SHA1d5ee6b4d4fe728bcca55a59faddf346be9fff9fe
SHA256c326a1b3bb2ca92ae2dc7e3761798f37124ef51a4aa44e412e806882cd16927c
SHA5120f7d83289e31f32e8ad7e758e5ee0248d56222dc09d0f9f5b1331fb8c2796ba5febbc0705581eb4d63713abcb65a02ebb2d2f0c4041e1a9f6df650183cfe7a83
-
Filesize
920KB
MD53958aa5737d2efd3934f4cf0263d4ba0
SHA19b64798c14b563b2a06f1e9d8cd8f90bd33f00b4
SHA256858ddee092bd07f48a74bc8e3b9bcba97aa503a82743bc46c1c70db509d8b699
SHA51284696d2d23595c748277160b4dff0dfebb81466a8af0c6c7edc2f7e32f9ea2a50816839e9201ba33f412d4fb67ee7e59ba248f2743d577ea74706aee1b2e3573
-
Filesize
600KB
MD5d81f2edf9ac00bad7a0e000d686fb317
SHA11749e3884f694fc5d140289f564651b716f23132
SHA256d134740507e2e934ab49b9fec9821f17aae26d3a32ee2f5c961db2182f9ede30
SHA5123289127eefa792b0296622f475abe7d6bec90584217a98a6b70fd796f678c7275ad7bf6c9ad2dd6ec6902ce5e4d627e14d366638d76797c5ad58fdea9a7aa404
-
Filesize
500KB
MD57d15445438c715a1f0ffca8d34ef220b
SHA14aa41a13c16018ee23236bec60897cdaa69cece3
SHA2569cf195272e8306b67b50a7c31a664cd90059c35ef524afed76ffb49d1050e549
SHA5125dadde07b6d2a2c5f94f18f8552808ea6f5b916af81d519e9c70395493f59c121552de52b9c8eec3f0aa20781f65661db4c0a311aadf1dcea3c3ea66cd8ab61e
-
Filesize
380KB
MD50d80208cdabb5d6023fac5247b3819bb
SHA147604c3f0e692dad02ac662dd073e60299de3061
SHA25606555116e11cba803c03b5e714341bcaa9f84277ce32ec77a3fba69f90e2ea68
SHA51241793d8488ab0c3c5d340efef3c819e1a36589d2bb375a6f2f2033e6e5c31d9d0902729113c45482a25cbfe2e3e434945a83216b8256d6e3fc9372f22f97bfe1
-
Filesize
680KB
MD571536f424efc614350e107dedf224f0c
SHA1d04b69f4a2fa0b956211751f01a164863b928101
SHA25640f046135bf28577cbc8b9567ed523c5a86b51a9e01198182681a76a3f1602d5
SHA512bd3eda5b37a2d04f5ad3d8adeb29b83adeabcd90487ef37a4b87d9df49f1b5993075609d414277d1e214234c63c102220622b6b0e3b5a0e325f772cd737ee27e
-
Filesize
640KB
MD55b1b5ae4fbd084ece75e80cd78f4ee3c
SHA190ba05787d3103e8d3e660d7fe710e6c91765215
SHA256963f78e6ebf64775f7cdbcfb3abcf38ba8f6db859f7679ee137b9b1011ea9891
SHA5125bbea588584fe9db69cc780eb3d0afb645de23696d8067bbc48a5046b4801edfb99959eaa9a7e9c169325c56f5146b8c515bdb04a53e00d0ac22e07e132a12b4
-
Filesize
480KB
MD5c728d77cc432c96dcf77ff97bd5b9b6f
SHA1e56b896f4a7022c17910bbd850844682b8a9e54f
SHA256c57e88f49e6e37a6325e27e91d4e57dd43bb2941467464d267b677f1ebf5a823
SHA512f41f1612d0aff96d77a500a712e60fa7a54a4b55e7da7c038dc705a4ef7c562d7ae0c3d7b157eabb70fdfb94fb32c7d6d2b1247270e60928f8b2981e7878f2e6
-
Filesize
420KB
MD5a029ebec21a713866e54f8d6bb040460
SHA143df4c73083925505ef4930ad9f3e1265b624c16
SHA256aa07807206ccdce496a266417a72b6cc1090e12ad0502f37cf50e4c95deb6e76
SHA512edf7381d6313565a12d288fba09653a601fd977d2985d973d16924cbf75b73396682d84cb3308a5a3973fc04910d15b137bcbc009e96203079610453caefa755
-
Filesize
400KB
MD56fca7bd575c40f0ebffa8eb448d2189a
SHA16902e2a6c3464ce8227b9a3e892b3f88d3c89ea1
SHA2566dba44bc599ca8273b3fc001dd096c42e23ba3fd20c51faa51a0bf85924adab8
SHA512f4f0bb16cf1cdfb792740565b799b31d8beedd51d5927921255339b91212842c1f995dd22d9f14f0de95d004fc559ba79edfec64fe2abec08c173ff9d56ace22
-
Filesize
320KB
MD599d766dad7883a1bd9e80114419adfa5
SHA1237e31147204511c9c2cf7cd7cab01da97ac0851
SHA256b6a672dd8cf9499b1d45eff13558ae7530cdc8d6f5e81700448bda1c5e775deb
SHA5124005b11bef100706b98b37da685a84d9fea6527b9546ae6937daab36f8b850b70ebd7a04b3053a90453114ae8059b477acd1686722b4ed615a2bbe0467f7d322
-
Filesize
460KB
MD5b11529f5e32147742eb8b89d3c680a47
SHA1bf970103291028e36d91c09d77c4671ecc8cbe72
SHA256c403551d454f82425d22c8cbfb91048783014cdb33cd6e47d73ca591673536c5
SHA512e0645f8abb7edf420055f171dbbda386e0323de6734aa4e74abad4130b8584c1dfad48d358b4fd3573828cde2a2db0fc377f9dd95e7afb22d67b3948f0f41f45
-
Filesize
820KB
MD5f373e7790b4acac450569d773e95ef7e
SHA1130e7cbd9c69556dd83c58f61fb28247a05b2ab0
SHA2560e987b09e202ddff5cb1ab6f57de692540d7f859d8fb77f973c226bb4f72946c
SHA512b2f74c1cafa444fd683a640332f5fee42ed9f7e847f7f5e128fa769798c3efda07d3d8434686585c5ae52e721303040dd6872e2dcd4607e3a59244d11725d412
-
Filesize
740KB
MD5e1ddec89a97899da02b6068e226a64db
SHA1d7b87bde6234bef3557dda4f68e97b4a04df6ea6
SHA256cbbb6c780243a5428b1642b93d02d8ea522229499926d77d24d36cecae588054
SHA512078e15f7ca7f5370e75c22fe6fd7c96590122c4c09cbb6ffdde838dc777d8a5ea619597f221f755392a79cc91572015b2a3c2bd79679ede9faaf34187329f5c0
-
Filesize
720KB
MD5178a44489dcb5cabea13e5d4debddffd
SHA11d9046e4a318bebb52f9b883478277623388a29d
SHA25620d95c8d696ebc25a345d9b5d851af91b07e70888d648cebb7c51aa66f01248f
SHA512b914a9fdb52b365e3be236f091c1ac1c76cba37fc5fe0261039110e087028158ad5a11316ffbe56077142f47b388357f0a06d90c8570a132cf8254b990c6a503
-
Filesize
1.2MB
MD5931dc9c634b255139293200bbcca549a
SHA166890cfb0e16a918e435676d3868f7c9d66c6be8
SHA256db9e2e0bf80a8e314f820d2f5cf7e3f8b4dedaccf45ef1276c3f74301c7774f9
SHA512f067b458bf0c4d7d09d362d2f78523a507e52ef9b8248e550eea56577677e2ca434a2945c7be3e1ccb49c1a751667b095f0f8912e9c366e34b707ef62a90d2e4
-
Filesize
660KB
MD517fbdb240f050dcc7661b6125081d355
SHA19b4d3e2cabd2117e7dc8a653bd0df3a0f0295d1e
SHA256a8459950bd019799be428c98bfa1bf4ced096b9e70bb0ec02c3d04bce83f7031
SHA512f4dfcb5d38e79bdeefbc9ebcff58811040335b322afc5c85b8296cea96accf274b11fd03da58670ddf32f8aa17e53a7ca203aece55fef54ebae55c042bfa39fe
-
Filesize
700KB
MD5fd15a4ffd32a5f50e3ff2be186251c26
SHA1b146c573719e80ded65f262dc00888218036d4d9
SHA2560a794b66d03e42534d01ea9c861a107261ec0c6548b363a21e23735ebe5c0e33
SHA512a85d1cf362b2d06c1f55b4a9c652d2ef301d00a2c51921b645a6a8941abbc5cd919779476de581cd43a47e9ce965bd5ecdaefcc4aca1ecf558530b03f671e2e3
-
Filesize
540KB
MD55078908e5be05d89f15c0c3621fb0b15
SHA1d3036bf3e2cae25f25b141113b1687f155d26fc6
SHA2567f72c6d414fe940fdf6482d99ebd313ddab3effae2703a1eb6d2dd04e6a5fdad
SHA5120531c998378e30ab4c33139a3818f41ee77c17f34801ec0ccf7f2bc184b7e933672affec335a476741ed57ea9f81e839f512a29f44adebe7a54c2e7d7a0c8f14
-
Filesize
760KB
MD51f18ff184d53312d9fdc184de1c2931e
SHA17612d8adeb987170e0f2de29373d766408ce5b44
SHA256df923c10e01ecd54bb0418eb5acd121ad3998e18e3cd3cf80ebf95232927155a
SHA51200c54611e285e15f8473bb640e771e2e3c4dc564944992d137a107cd8569c90927df942f4498563160b2b003f7a224ccff3a85f2be76c9b61dbf472117a47fed
-
Filesize
780KB
MD540f62f4a5758f495f81dee8247954832
SHA1db26a509aeea3a072cc923688cff3ca7501aa4ad
SHA25692301b1601c54d82ad2309419767ca3fbd7fd1465fc3bbbec81ca792bbb76aa6
SHA51284efd59107d62923b7a10d374fca6d7a5597d34cce7d2bb9e922f51c973ea722832c25b294a5a2c50081fd98670052062566b2e39f7454cacb1bd591d66e2647
-
Filesize
880KB
MD510e2a5f0ceee1072a6c9d56fa0fcba21
SHA102775d3daa05a5d6c6a3355a19bc64c5040cab12
SHA256deb09817d2c5287d1f796d848cb6e689b29a8dff7c5814bbab566c66899261f6
SHA51215d6f4d476dbf5b4cfdc2b1d43a70a664469d78b782b66601bd1adf447f2ddb2f99938eb537d3acf30eefdf94f453929d15c68b77a8a9319925917e70d5cc148
-
Filesize
900KB
MD5809d681e9314172c284851e2bde64411
SHA1b2e4a1ffc680280b52c84d96a5024c1d20b8d95a
SHA25659cddab8f6e9fc6d8b27018732952b49c2658bf8445d5ca65131113251d4a8f0
SHA512ca4e210246cc326a7c46730e3d4673d1860328c0ecc0f686ca997a238eac859267c617657225a61df0a803daab4b3963cdbd89b3299bc9642b5f156b442f0229
-
Filesize
933B
MD57e6b6da7c61fcb66f3f30166871def5b
SHA100f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA2564a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3
-
Filesize
57B
MD5da53941085b635d68bba6cfd5ec25b41
SHA13a1fad738f5576ad8eeebaaad7f85aea1110136c
SHA256f14b23fe8a5835b3451b2c099ae01afc77aa8a84067621cc80b31fcb5b827a32
SHA512c3f2be04c0c805260372174d57db68e94039a6657c7b2ddd8c71cf07c7bbfbb6b4065beb037956b574f413a268461d7a551109c9cd2fc39113d54b13e6637556
-
Filesize
183KB
MD53d4e3f149f3d0cdfe76bf8b235742c97
SHA10e0e34b5fd8c15547ca98027e49b1dcf37146d95
SHA256b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a
SHA5128c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff
-
Filesize
4KB
MD593ceffafe7bb69ec3f9b4a90908ece46
SHA114c85fa8930f8bfbe1f9102a10f4b03d24a16d02
SHA256b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07
SHA512c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144
-
Filesize
37KB
MD54e57113a6bf6b88fdd32782a4a381274
SHA10fccbc91f0f94453d91670c6794f71348711061d
SHA2569bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA5124f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9
-
Filesize
560KB
MD54231a46a57d2b28c7ef5de166cdf6c08
SHA13b152b4a6100b4b0ad951c2886e5a551594ba3c9
SHA2566750b786d5c299bb4ebb1807818d6d1b8f303ff861d67d2d5296cb78976d7732
SHA5125e7e6337e536cb23c41788835735d71b7cbe41872194ad7ff5bb0bc83f061d3e55e4497ddb96f6b376ce5384ee2fa7763460a7fdc974bdb64ca1693a5ab8d1fd
-
Filesize
620KB
MD5f342ce53e4779f4f86e085c845ecfa4d
SHA155ab9d5516230b6e87d3665d085b78e306cffa39
SHA256efa8f437547cad7b24498318f7fdd082430c60693e330d468eb41ddc2ac6defc
SHA51260736bd43ab8b017b524c034ff07a023fb81d267ec0d40db758ae41df94539c4b714d0cdd100e3f267177f0b08671a358b8c4505ef49f650c13f023d1efb1133
-
Filesize
860KB
MD517b72d38b368deae6e8a6b9eb648dd71
SHA12dce600ae20ea5c3ca3665ff312a8dedd7bdf71f
SHA256b7d56f1dfc364f905b57ef6fff276e7e29adf4dd769c454a140184fc7d5b8b14
SHA51227ed7ecd8126ace4543d8557680930c342a317aa150931c4cf247fc80874b3f4f95a2a134e3edb86425846a1a962debb7c111841b55843ed3ca08ebf04d3ffd9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
884KB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
4.3MB
-
Filesize
884KB
-
Filesize
884KB
-
Filesize
4.3MB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
884KB
-
Filesize
884KB
-
Filesize
4.3MB
-
Filesize
56KB
-
Filesize
452KB
-
Filesize
452KB
-
Filesize
452KB
-
Filesize
452KB
-
Filesize
452KB
-
Filesize
452KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
4.3MB
-
Filesize
884KB
-
Filesize
884KB
-
Filesize
4.3MB
-
Filesize
316KB
-
Filesize
316KB
-
Filesize
884KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
344KB
-
Filesize
32KB
-
Filesize
624KB
-
Filesize
160KB
-
Filesize
884KB
-
Filesize
224KB
-
Filesize
224KB
-
Filesize
224KB
-
Filesize
224KB
-
Filesize
224KB
-
Filesize
224KB
-
Filesize
884KB
-
Filesize
4.3MB
-
Filesize
64KB
-
Filesize
4.3MB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
5.7MB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
884KB
-
Filesize
4.3MB
