Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
428s -
max time network
429s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
30/01/2025, 02:13
Errors
General
-
Target
flask_app.py
-
Size
10KB
-
MD5
eb83bde40a0f7ab84768d636fec651f9
-
SHA1
24e85280883bf5d99f29c8083e42fd667fad4c31
-
SHA256
fb10b3e4de839d7a931400530d2223a491dda0e7724031936f8399cf1c4c1fae
-
SHA512
de510e9207152917502f8609b4b6a1ed21289d65d5906e70636de55bf7a22ba8d94eff2143033576450d0469a27fe8587f8ebe6500a70119581eec4b867a4189
-
SSDEEP
192:sFcdnqOu9I6ozhzDuxU0ta3FJEhpkIfQZv8rlgNkZjSRm4pIbuIosbfRRDJVM3uf:sFcdqTMJEtyv8Bg4YpHIpZFpZ
Malware Config
Extracted
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Signatures
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
Badrabbit family
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
Mimikatz family
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
mimikatz is an open source tool to dump credentials on Windows 1 IoCs
-
Disables RegEdit via registry modification 2 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Downloads MZ/PE file 1 IoCs
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Drops startup file 2 IoCs
-
Executes dropped EXE 5 IoCs
-
Impair Defenses: Safe Mode Boot 1 TTPs 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 7 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 25 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 3 TTPs 3 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 4 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 3 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 58 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 26 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\flask_app.py1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50f93cb8,0x7ffb50f93cc8,0x7ffb50f93cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1348 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,2395029371747987781,7035539548896851293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe"1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 211738203490.bat2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cscript.execscript //nologo c.vbs3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe!WannaDecryptor!.exe f2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im MSExchange*2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im Microsoft.Exchange.*2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlserver.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlwriter.exe2⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe!WannaDecryptor!.exe c2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b !WannaDecryptor!.exe v2⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe!WannaDecryptor!.exe v3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe!WannaDecryptor!.exe2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 152⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Delete /F /TN rhaegal3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Delete /F /TN rhaegal4⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 3089112570 && exit"3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 3089112570 && exit"4⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\SysWOW64\cmd.exe/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 02:38:003⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 02:38:004⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\7821.tmp"C:\Windows\7821.tmp" \\.\pipe\{592772B4-DDA3-48D7-854A-B7E810C91E69}3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 152⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Annabelle.exe"1⤵
- Modifies WinLogon for persistence
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Impair Defenses: Safe Mode Boot
- Adds Run key to start application
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39c7855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
5Disable or Modify System Firewall
1Disable or Modify Tools
3Safe Mode Boot
1Indicator Removal
2File Deletion
2Modify Registry
6Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7145ec3fa29a4f2df900d1418974538
SHA11368d579635ba1a53d7af0ed89bf0b001f149f9d
SHA256efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59
SHA5125bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91
-
Filesize
152B
MD5d91478312beae099b8ed57e547611ba2
SHA14b927559aedbde267a6193e3e480fb18e75c43d7
SHA256df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043
SHA5124086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96
-
Filesize
48KB
MD526440793d8a21119faf2a2eb91280f5f
SHA1e7d6b1b045c07f1373ca67ec838c2b59deae4999
SHA25665ef6675c2ff98d15ccaf1c248981e63893bc6ef8541358115828194854fee91
SHA512d125b4ad58ca33f04f4a738faf035ad4bbb8856e817345e6c0e421e19692bd56bc55946a6f25acf57072da8a3f762eec41d61506ae3f5535328f60f08a01a810
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
26KB
MD5c9a44eb6dc1c77a9a2d988768c9fd5c9
SHA1f352d7ed33ff0d8361be168a6b5300288d91ef78
SHA256675b4a74249edb71579147676a8115b662a915db9fd24fdfcaebbb0d7618c62c
SHA51281534ba808f32ade00a81349612c9b905914004c3a8d7e53e9993170ab5957600dd49d9881284541240181987ffc76208acedfac24bc1e8d33c99f003c65fbff
-
Filesize
3KB
MD584f17714d4b317851bceeb6ddea814fc
SHA10bb75eca3b253487899b586f176f2d26c2ac867d
SHA256257701f38d76ba55ad7f623e0fa2f65f7c9f6e110f6fafd7a501ec755afc8e0a
SHA512f99eba09ff4abf9407b96a96f18f67a4f0de7deae81bedcf711fdb0e3d0d0b9b57e00d227a32c2c8557a85961d773a47b0a61a48ef0f77bd056b209d8c5e5baf
-
Filesize
1KB
MD548d06dad34e29223d4270625d95afcf3
SHA19d55d576806f454ed18616efd0287e62ae250426
SHA25639d6cfeb26d0305864a2ddc994e45afe79b2ef44c105af89bc27a12241199a41
SHA512a78b89739f2c1cab593cbac77ebb194d2307f0071093aa50f91ff710ecb5904601bd57f20d618f287af500980dcefbaba6f5e3a8008c8f8303e0aaab9acdb932
-
Filesize
936B
MD5004b0d4513adb7f0e379276e5da37472
SHA1e59cbd9bbf2ba24268cb368cd995582adf5836a0
SHA256b1c8bce77037a37212633feea2ed2c017746b37692fd94041e1d3740aff3e8fa
SHA5128a5c3dd2eb27fb6c623f975c439a0cd04f7b29b2d2e4004ddf6b4f132b222812571f5a2259566be021235f477c02c99093ddfe8c777b5aeeca6ebd0225bf104a
-
Filesize
936B
MD534d3156a514e7dad9cb67c5e6ac90649
SHA1e720dc8f7fa8ab0d532e2be2370ec6955a4d53bc
SHA25669e84659696c66b83be12223c3b03c9f06df0b412a3f080e9d4422598a18820a
SHA5128da4042cdbd77234104ef002ec04a4fadfece165563b1097510bfc3027de7e4c022913f7226eb4cd379119afb260c27bc99768ebf351479b9d6855074e7eaa5f
-
Filesize
628B
MD51aaf63e6bffd64129487e303e0bf72e2
SHA17921be2409c76aa68616ff7aafda6488fca8c57a
SHA256b26d9dae9d623e22ec6e42f893050cf9bbcc208edecd6732c7e6c8deb95859c6
SHA51289a807034d40ccee2f812fa1792f9d3c40dfdca4281933077c6f7664f2d1607f5f43ca8d886f33e4d2588d60d783920c5d1fdf71f6287c2328ff09962c3881e5
-
Filesize
7KB
MD55dbcb5067ede9bd7343f9f8e06e5c94c
SHA1f80a37e808cf0d49bf8e03a1ab3064c0f56e704a
SHA2564006ee909ecb88ef9945c3eb7f5a1544c61d99f832ecb92640408ded208d490e
SHA512d8ea22dde5f093f3b394535da643e0a1b4cdf059bd627f71a547583a2fd81b9f626b432483b29e3d6f9bf5da4d7772b7b39caed1255973bb997a9a043aa15e7a
-
Filesize
6KB
MD5197b6c64c8f492295409439bfdfc460c
SHA1f281e0f33d2dc6426ce9735449275c07e5d0293f
SHA256820a6264a559e8fee59d1451221c451c029eb8bcf49197a4205e76332ddbcdca
SHA512de1799e1c3dbd39dd8b7dfd3e13d1ad3bfb6fea897eb89c53268a5d075152aef0288538688dc097871f6fe79bc3476b7850ddb0aecb7da2d993bf7e8cacbd4a2
-
Filesize
6KB
MD50261deefa4cf1171852635b0ae751c03
SHA1ca83cdcda1368e0eaf9e0edd0173c864c95f326f
SHA256ec90055e2be93310e9172c37542a62710981415b199f871def231c62476c7710
SHA512613a74b148714ba69176fafebf9974f034afe0e6e93147d70e01f15d3b96743e61568b739433396e86e83c0788e0cf741f4b8b2eabcb9458d7939b334c39da1a
-
Filesize
5KB
MD5ad4bd98c552a1bd635ba565805058fd6
SHA1ce1131c92e60c491a579ad82fab0f00893c7f643
SHA256ea9b550455c2beb36546859faeea2daac11e3c84dcae14ea13e8d0fcdf52286c
SHA5127b1c2e5b77d16b7b9306b1ef8da8a1d155ede13b49383af1573302e3729b175f00dad60de5d57bcd2db62f833a471e77a729e89ea28e6823f904a9ce9de0f08f
-
Filesize
6KB
MD52c35ee5e37a057db957f9f5b0e10b20d
SHA1865d27ef04f51eb99357196f9c13e779e137c49c
SHA256c96447e2e7444308e8dc2499e4177d71f3cf1c4480881c2fc64888988fbd013a
SHA512e443b75ba651591ab556a2ded26555adc7bd4129480def0b764c4b2883f0af5205927378455a62e908a6b05cdcbd815c3bfecf307315336780b36bbf5a499702
-
Filesize
1KB
MD5ef222b9e0027581bc372ad4029f77696
SHA158e87bafb2aeb7390f47a44942d233e4859c050f
SHA2568dd86978de0b7696bfb9f4d04f9850f4e54cf6ef8bb7704e8833ea1e489bf7d5
SHA51283e8dd69cfd9506020f4cbebff9a0a41076f80453c91cf1151135853d958c86c8e45140b275ff7ecd5becc074455f0ff376d26284273188e73e1d1a336f68b15
-
Filesize
1KB
MD5187cec33dadfe9620982b89554c7ffc7
SHA1bd9dcf0a32f580f5e33683eef296b2ec3b873726
SHA2562e2e07d870b60d21aa0e124ffd06bc371e43aeec33a1c51ee173b60c8950be6f
SHA51292388fb3e00f6feb94bd38867801042bb0fcc1f9905d5a54328d8d97e782b6cf8214e79156b599adc24df6d4ab1199c195674cdcb6d4b723aa04b4286446c66e
-
Filesize
536B
MD5abe2a50c516e695b4deab44df2b1aabf
SHA13d0f49a2a3f953f6216d0bed6a0a3ac919d5e0aa
SHA2568e4f45e990df5f2a9876345155c96772a987e3543bdd0036129b5aa616d78a7f
SHA51280913f89065999664eac951bc16e81f7d0fc5cffa43acb65398397acba6c332183f8c9fe175e8b4d252e2a35b9e15e7d557a62bdb060b4d2178e34494e7b5135
-
Filesize
1KB
MD51de7cf62067749955bbb5fa5001e1c4f
SHA10ad62d7d999236559f59eb891d3b73e57a1a161f
SHA256d5180192b7a230f1f8308a884b2c5a588ffe52986f51c3b113b58c512b8008ca
SHA51283e0daf90ccaecb502956af1c6ea921e2150bb1d574221d9401f214ec991c1122ec4441c88f8d69adb5966f3ec63d4690b2825588e4f04445127717ae9a3799d
-
Filesize
536B
MD58b5022e2aff60893bd6e14250d490d4a
SHA1f1f7ac2ba4100ed4141410708e8775130ba21512
SHA2564c1d9a94224c7124cb811252eb50cf7ec6184d461385a30a7515405b4363daac
SHA512a18042b7e4c0e56a8ce4c8bed548392637a424f4c3af073907bc063b3f092cd8195341619c499447b83f29c7cd9b3209fd13ec4f735b12d6000e4b48703f9a3a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
72KB
MD5de36c51804fe76c8cdb480d8073a1fac
SHA1ed426c3b85400610f96a0a2121a051526240ce1e
SHA256d905e9ba867cbacfa019b0076baf12c608125b233437742a3c940e8c26882958
SHA5128ec5fb6dde13a5c9538abf183f18834b2ae5fbde300921c57441ec466d5c66f87ccee196ab9fe6d5bb7c728ca1b71dc7102c4e27bd3c7a113af0769bc6c4e6bf
-
Filesize
16KB
MD5d926f072b41774f50da6b28384e0fed1
SHA1237dfa5fa72af61f8c38a1e46618a4de59bd6f10
SHA2564f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249
SHA512a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f
-
Filesize
11KB
MD566663c06203ed8e522f8cc414b1fcdce
SHA1e6ee7207459c45089cd438c04bad10ddd225fa50
SHA2562cd64d258d714c36b37d06a9f968eee1c723dd40e641785c3cb1556a8fdd922f
SHA512ff5a039a008a5b13907bafdbd9607c24f8b9bc584de133841d49fa7d4b20342fdfaf8187a33ec8105159bc515b451f45d84aeed2c539dbc0992d026302ee6fc1
-
Filesize
10KB
MD507983fd630a7758efb5b7bc5ad9fcd4b
SHA1b2ca7d429571aa6544ad9800bdaa23a3af7a1c2b
SHA256ade5f41518eebee9c7c13a3ab98a939c2d5f1f39d137ac2cf2648b7c84470bc8
SHA5121125a6cd0fb0be5e53fcc727be1f78d66cb0ddc566a1839ef8dc78676274405075dc9d7b24b1a27e67de5a91d66209d1e854148d0fc3f721e0d0e92cc1ff890c
-
Filesize
4B
MD5b3152cf3901c2153ea7755d82a3d7fe8
SHA1eff3ebf64e01c776dc9dee0d3bc449f8e1cde1d4
SHA256fb06ba3498c31ae2d3bbaf9364a786ddfb4e82a15b7c8810e07e5bb14c4005db
SHA51291317496b64d3eb64652830e4270045348ef3b8e2bf1d101d52eae7feb7ab4b72b18ba97bce4a3deb3419cc821bf61914d0364c705899676eeaf502ff94dcb60
-
Filesize
14KB
MD577730af9ffef3b114850a935457cb726
SHA18f9060c4c08f96c45563f8a33f6f3c8fe44bb805
SHA256d46d71486c9155f12bb3ae1dee9dd7c7a918788b63db425b7fea615fbb57ec16
SHA51289c52e1d65f049427dff3bd2ad50991ea15bbc57eb714cf5a9374f8da869f316b8f82d3d73edc8078532c4f374ee280ee3c34dae9a7eee5e06ff78ce71392ef2
-
Filesize
800B
MD581c1845fff664ca86f152adc8fe842ff
SHA18c1e93c4a80cadc66690b01734e3faddf886b2d2
SHA256146bab79fe96119a1be2c3c8a62d188685b5e9cd0817551b5a5377cabcd55c7d
SHA512c37490ada3296d8e555748bcadce5a7223f6ad255f6c14ae52643640031882591211c9a05dabc988a9fbc437dad8ca6b8af7b996956118774bf8f507b3e9d10b
-
Filesize
992B
MD59bd8dcc5927ef9294bc3cc70d959b4b4
SHA1156f6c2697b849e878188ad76c161e6ca109af57
SHA2564de2d85dc8efdde5e2b7716d8274f8efb24edb304846f8796fb9c13f3ba16bef
SHA5121af186377e83c0e15bf797b75e930080151f6343c3bae8cd2c951775a250241dcafab6ffe9e7298c6ca3b315132465b1b5d7d09f3f2c375ed9d51ddd5cd74fcc
-
Filesize
641KB
MD5b5afdd66ed93840ac551dc5a85334608
SHA1ac7e707c0ef403a0dda64fb7ed3992b51091d6f4
SHA25665f627f0286e1e219218c95776db4c289592c4068b9202c081900a448e3e9b2c
SHA512a44e1b4a836c81e07c7b1a4cb2ab2c064e1b17a8d7a648d5b6808dcfbcc70045a21aeae91759088a00324488c8bb0b9f2114ddbf5c85f027c9e4188150c5ff20
-
Filesize
176B
MD5f0e418193987fdec158806b4d97f4512
SHA108ddb105daeed24ab19eb887038cb1acfbd7ea3c
SHA256da9675fa8bcc6b67b5073d419e1bc787d549b9b41e0266115339b5c0f05c6cd8
SHA512ce8c09f3f9483e9b13ee5da226b13f7f544258299f8a77d424c5ad2121738dbe27f4f0a28bca1dc47c84b64f8893c9ee94d79b45bf5f84d416521cef88eebd6f
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
797B
MD5afa18cf4aa2660392111763fb93a8c3d
SHA1c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA5124161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b
-
Filesize
983B
MD5545bd02dde3d748d728d386db4dc355b
SHA161e6e9126b11116749a1fce59c4a5821575b2832
SHA256bea3b23e2d87840a633d794706c9573ca934af23ed2bf17add4f5828b8cdd7d5
SHA5123b491183d7a01b5c615b25f74ff877b4a0a10d7e78617061b42034fb326ddd1a4cb870f65d5165ec772eab37d1c0f9df2b721e44da040b89dc6c711d8ea4ae52
-
Filesize
136B
MD5ebb605c9792850de2d1a6d4cdae652e5
SHA1602625374f3f0afd56d545f635697ce4d4b487b9
SHA256be6e3206b3ca555e5580170865a3618df72caddb13ad3d17f48f038d6ed54a58
SHA512018305cdf04e1eabe715be83177f1c19512c58716454fcdc02f851a4a7a91dd2c803557e39618f5db570ace70f6774728a6a6d770d6ab18b140638a762e61de4
-
Filesize
136B
MD59c7d772b6aff8a3f0f191f1616059e49
SHA181709d0d7061e8530b8e2c155d1a515ac47c73ce
SHA256ae0e6e4d6a126c7740dcc0f76964566a57b4b414e47c78e27d93cd0eb55315c3
SHA5128994e9a10e501b1acad76f7f90bba4a00939e491babc56c3acccd43b2766b0c4994d3b3bd91f410ea9acdb549062164510ed6d0cd0fdc3c2c2867d7aab6a665f
-
Filesize
136B
MD5d5eaa1c8a20656d1b28726224bf7cd87
SHA1092d9a721d2787bde88c9b92848fcb89a31ab04a
SHA256d3896e648e6fa4fdb8dabf1deae1c1586474dab637a9622aa3e8dde91687232c
SHA5120f2f3edf8c06700c3a6989167a9e44fcc74abe323a5555088af7f33f125e10b9c78f5dab9a724417b6d09d07f56171f230268658344086835be0a85aad5ad756
-
Filesize
436B
MD59198a1130ff204dddf404f3f212bfdbf
SHA1e8938d6d3fb4cc0c117ef941bd9f32e4a9fd9850
SHA2560752776882e539c7f2d222fadafdf4dc2558cb652bc4509d87af2811d9a321ab
SHA51215f096184a49f2e06aa4d7df1ad75611cae71d3846885cb4b9d37564cf990e7dbefa9332ea8782e6e24e7789c931982f31f1ad73e0a197733594a1acf0576c05
-
Filesize
319B
MD56da79e0e7a92ac521a3e74479e1b4115
SHA1d0e761fc3ddb1e89bdd2415eb41368e7f433dbea
SHA2563b6be4e80faddaea9ace661558d83e6c8c7232823b235e4159b11f7eac4c17f5
SHA5124e24c8ece64e10637a9c0c95b59fdd23e2f83e7a8453315742b705e91989bf2febd2490376c8ad7bd000cacdd4e3d1bec374b091e4b2916fec4c4915b97f84cf
-
Filesize
628B
MD5f63d76672a613266a5c44f35a1d19686
SHA14ba3ab4b13c42da6ad233546beb29c86b1e8d90b
SHA2568d84081d3db57e6dc40160b721ae98b75c82d4e0b3fa34e8a3a9bc72b1d3091b
SHA512a0b2ade5773c40beb3e9926d178b983ece539019bcd9c0c1231074041cdd82790b34e441035577ea19bef82a7f8acd536fd0d21bc7b6d1d6a4a7d7d5c472baef
-
Filesize
42KB
MD5980b08bac152aff3f9b0136b616affa5
SHA12a9c9601ea038f790cc29379c79407356a3d25a3
SHA256402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496
-
Filesize
236KB
MD5cf1416074cd7791ab80a18f9e7e219d9
SHA1276d2ec82c518d887a8a3608e51c56fa28716ded
SHA25678e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA5120bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5
-
Filesize
330KB
MD5692361071bbbb3e9243d09dc190fedea
SHA104894c41500859ea3617b0780f1cc2ba82a40daf
SHA256ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
SHA512cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e
-
Filesize
60KB
MD5347ac3b6b791054de3e5720a7144a977
SHA1413eba3973a15c1a6429d9f170f3e8287f98c21c
SHA256301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c
SHA5129a399916bc681964af1e1061bc0a8e2926307642557539ad587ce6f9b5ef93bdf1820fe5d7b5ffe5f0bb38e5b4dc6add213ba04048c0c7c264646375fcd01787
-
Filesize
401KB
MD51d724f95c61f1055f0d02c2154bbccd3
SHA179116fe99f2b421c52ef64097f0f39b815b20907
SHA256579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
SHA512f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113
-
Filesize
72KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
416KB
-
Filesize
16.0MB
-
Filesize
21.6MB