Analysis
-
max time kernel
173s -
max time network
225s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
01-02-2025 12:19
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Malware Config
Extracted
crimsonrat
185.136.161.124
Extracted
modiloader
https://drive.google.com/u/0/uc?id=1TcSctGVBajYMA7CFDc158wpvqkpxmkhJ&export=download
Extracted
remcos
1.7 Pro
Host
nickman12-46565.portmap.io:46565
nickman12-46565.portmap.io:1735
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
Userdata.exe
-
copy_folder
Userdata
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%WinDir%\System32
-
mouse_option
false
-
mutex
remcos_vcexssuhap
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
CrimsonRAT main payload 1 IoCs
-
CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
-
Crimsonrat family
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Revengerat family
-
UAC bypass 3 TTPs 2 IoCs
-
RevengeRat Executable 1 IoCs
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Drops startup file 3 IoCs
-
Executes dropped EXE 2 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Drops file in System32 directory 4 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 15 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 28 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac108cc40,0x7ffac108cc4c,0x7ffac108cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2384 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=212,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3700,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:82⤵
- NTFS ADS
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5352,i,7282497202395517553,5199254295215079172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabd353cb8,0x7ffabd353cc8,0x7ffabd353cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,16160155194844406042,1003682423248003103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2384 /prefetch:22⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C81⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"1⤵
-
C:\ProgramData\Hdlharas\dlrarhsiva.exe"C:\ProgramData\Hdlharas\dlrarhsiva.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe"1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe" "NJRat.exe" ENABLE2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Remcos.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Remcos.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEPING 127.0.0.1 -n 23⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\Userdata\Userdata.exe"C:\Windows\SysWOW64\Userdata\Userdata.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f5⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"4⤵
-
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\RevengeRAT.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\RevengeRAT.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\prsqrufa.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6860.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc145FAB76BDBC4EF5A84AF7D13BAB4A12.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cip6a69m.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6AB2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2611ABB4CEA5435894AF792ADBD6A73.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\aoww4wnq.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CB5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9C7F3C9A8494CAB1396EFA7ACB8BD.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bpklc4ah.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E2C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc59248D9B9AFB4CA1A6CD549C995F5233.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\9di4rcly.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES705F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFB5F751181BA4CF2BB1523C22531391.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3cdqndc0.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7224.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBB83FB6BE8C8477B94AEDB6BF1FA4E80.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fowooutr.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES730E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA1B93825B03C496697B64C98F69C6380.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tzwm5k3s.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7428.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA6DC7E27DA534FB79E56A4A560CB363A.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kvr59oui.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7560.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB133DC7849714CAE8B53152C72A3DC21.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\blmz1es7.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES76E7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc306CB895F8554606864CFE53BF2A5B42.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\caa0qgzd.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7938.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9E64138FACEE4120835DB2F134DCB3A7.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yqovcd4t.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7ACF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc348651FB10DB420B86CF6D8B8D677E69.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x6vkpmnv.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BE8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1B5E54FA84DF4F4AA5539839C84F6876.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vgwgtupo.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7D20.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDDD62ECFF2DB4F66921C754060BF2D59.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\n7foitvy.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7E78.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF4E824572FE5494CBFFC9D91C8A6C9CC.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pfja_uik.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FA1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD532EEF78F7D4A008498CBD5D74476E7.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\n92cjqxm.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES81F3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCA6AB2CC22DF4E9A8E19B22CB569157C.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\i_-yb6-x.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8379.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2DE6116F47B743BF97C6C9B33840DF80.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yjvxrygv.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8493.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA35E8CE8D4694D54968E182676ABF49B.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\adlvlufb.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8619.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3D5EB20EF89B48CE9D734561992122C5.TMP"4⤵
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zg2rs-ye.cmdline"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES87EE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB77CC43DEB5149609C988A445FE066.TMP"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"4⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"5⤵
-
-
-
-
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe"1⤵
- Enumerates connected drives
- Modifies registry class
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
3Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
3Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.1MB
MD564261d5f3b07671f15b7f10f2f78da3f
SHA1d4f978177394024bb4d0e5b6b972a5f72f830181
SHA25687f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad
SHA5123a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a
-
Filesize
56KB
MD5b635f6f767e485c7e17833411d567712
SHA15a9cbdca7794aae308c44edfa7a1ff5b155e4aa8
SHA2566838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e
SHA512551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af
-
Filesize
4KB
MD5602ddd0c457eb622800ec2b65d1a3723
SHA1e322f2927b3eb868f88f61318589cdbc9b5e4554
SHA2566491b2ebfda073e601f99be125c6ce0c4a72162e0995c673605c673581023a82
SHA512eb0cd42b7178ee205af959b3b811bf85c44343c2e3ead6678ece7bc340fd0efdde3067a583649d12aa2123b555a4cc2a7be7a587fb2874a9f9aa666093df782b
-
Filesize
4KB
MD5bb4ff6746434c51de221387a31a00910
SHA143e764b72dc8de4f65d8cf15164fc7868aa76998
SHA256546c4eeccca3320558d30eac5dc3d4726846bdc54af33aa63ac8f3e6fc128506
SHA5121e4c405eca8d1b02147271095545434697d3d672310b4ea2ecca8715eaa9689be3f25c3d4898e7a4b42c413f258eda729a70f5ad8bc314a742082b5a6a8e9ff1
-
Filesize
4KB
MD528d98fecf9351c6a31c9c37a738f7c15
SHA1c449dee100d5219a28019537472edc6a42a87db2
SHA25639445a090b7ce086d5efb4ac35add13672fac9bf40eb481b54fa87302a3f45e0
SHA512f5c2458348347798304393fdb5c77f4f7ed7245c0d4c7594deb0113262828cb8e210e7b48a4aa7c4d2fe1e31201b4e326cd60a6f9d4e3ba1a7fbef322dde0971
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
649B
MD5c8d83c4448726ed5b0446fe3a2286099
SHA1969a27c19caf79d70ad893faa5f1f3c983d23f99
SHA256fbe38f41cec6890639130cfc0fca09a72959d35c22cb262e1f5cee181b0e715a
SHA512718b8366c1f045cd518580de4ba16d2e801dcd5ad9d3b4293f47342b96de752a63e8c6e78bf2d07f3d2cf738ddaf44bbf4516ff662412ca6a2f9c3cd9b1f289a
-
Filesize
1KB
MD5c3be37fcc682a96e8811ef9de15b2e80
SHA1a153528cb4bfd696378bfcc7d7e33812b27c31ef
SHA2565eecff894dd738ed5b313608c0d7bcda0443ea14c1983559d6533b9e719f292f
SHA51274bf7d05e267d4ec555fc65c66fc758b355cbe0b35413f8df4f1d0f4648d1bc1635b8f08cc7bb36848f140b0b949efaf2786e52b7a4f3c63f70fec61b89e8496
-
Filesize
2KB
MD5a332ed8d52e9ac1945be38ec2b47c6b1
SHA131ad1ffb581b7f63a31ae2f40b020badd2c920f0
SHA256f01b3f1d38d85771fad08a1ab35eeca03944481ffea97c55fce0c9ce1a9c3f19
SHA5127e2294c617090d87381c14635de4fe3f96e889b5ec520623d9ef0b443bc74a46de9fb044a617d2596d34cfc5ea5a9439de1033da5b5dfb5f1abeea16e8536228
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5bb3615b6533fbcef8b9203e78de1ab1a
SHA16d027f1d50057183f243f1af05bdeb74f18940cb
SHA2561ee230f33544bd6bf601536d159ec1afd831f96ed9660037574d1f0eae86c26d
SHA512eaa46f23c2dba76c0f7893531285a7533bb90b698de4d6602395e98e68cd10909c7cb88c0660b8459f0f656f76ae7b3e223c45815f2705c6b2998d76325e975c
-
Filesize
1KB
MD503f996bd28fe3b687900363a57d8fea2
SHA1fdf2c7d8c161caea302998ec30c76fac245e20a1
SHA256e78567e0afcfd80f963c52c27392887f6928a7fc4e0ca1fe023d75c602bf5299
SHA5121c75675352f2a123afef55473639c9ec5cec45503cf5556b328c8a40a5e6b6ca3b56f37e4a36ca2d0ea1b496909a7dcca50d2059b4209ea93986085a74613c8a
-
Filesize
2KB
MD58db37e12d177fd01dc1687bc5bea420e
SHA18cde5db4d595e5a2087b4d24d7685091538de236
SHA2561f0617c80f427127cc50200f82afcb6dbcaa7d7eb384b7920bd8625206117e9e
SHA512ab829a4e10497d836d5d6e79aafffb7e088102c6610cf9e66fea31d4b6db35ddd3337f315270ec0254db3cd60daa8f027e40255229b73ee53a2ce5cff08b36ab
-
Filesize
10KB
MD5f38269eb1ccec5f6cd04cb621237d124
SHA1f4d03fb6c3dbf418fb76f0b1f1464f764989e835
SHA2563db75d3b215b14fb7c7c852f56360f32a311d4161567b50370d150ec0fa034da
SHA5123c0a90d4cb7fa2d1ffe9e4a2cc9c7c1366b874d0181e77fba2d9bda802f1ce67f5749d0fb34cec59cafda878aac68a3d1444efe7d7563512fce86e65d0f6e9bf
-
Filesize
10KB
MD5d2d47d4b7c4e16ffc9569accae367db1
SHA19aa8c1640659c8f7b2a28c8c2589130276937090
SHA2562893a339ff86406a27d382a8c32004851310ec2933ce5ebcda346bd3b9ba168c
SHA512860ec14f09e5412e8c117f45c5e06ac860e66bfe87d994875d533b8450997f7e4396be4224eeee8802764ec113b8b4d3b3457eec57dae3dff2f08876cc497c36
-
Filesize
10KB
MD58ffeca26f01bd40e23e6d22c21ae91e8
SHA1e696468ba559c5d0f6626f71a77ee88f7e31c007
SHA2561e3b505a268d6e00f0e78159f6a01fe54e0b5fe67aba2b55258bff4a5e069c59
SHA512587686bb0c68db3aa5440e9888551c50913a01a95341bb97f87880ec576372a8cc4026737203e0ab33e1e72c22bac03a4abe3614c3c8010d405a0be7db6483f1
-
Filesize
9KB
MD51d114be407dad0595c1b79af1f71df63
SHA1263cb71dd7d1cc6768f1cd738193194c1e145ca3
SHA25681cc94a0e3b49f7d448d3e4759c6e37cad72a6041475c573cdc5d308b9ba47af
SHA512a74ca8a6c0ed193a38c8e50b527461641d74aa36d3e871ba61e8cae76ce250bbeed25c27fbd1732ab071d106f8055a967c345aa0b5965fb6ecdd81e59398ae27
-
Filesize
10KB
MD5a5e681b269be5cf64af05577535fdec3
SHA13633f290d3affab9284425a67ed95938e6974ce2
SHA256139e671b0b3b760816f956b4331fbcf2dc0fb4a343131bb188564cde8efe0a5a
SHA512f728f42f64c3ea2a6f4387e2d487389d3e324386453051a571a11ba72684523a4a8668adab63baaa2bba4945565a5fe52f8640615d80c185c587f2e1b0ba2d1e
-
Filesize
10KB
MD543813138b881fcf4b535f21c8a7113f3
SHA1fd66fbe61c7355ec389618e64ebd58179abc1cef
SHA256620a440bbb6e053ab8de125eb158e022c9cdfca3d78c96c893da3b88075c9694
SHA5124c5d6bdd773c774d36db96389c491815f799b5b251cc680fb37b9ac83295eac69a7f759cfeeb6506c3e5635b544bdc4fc7a85fb1514572b333f73d1eb2c6fb8a
-
Filesize
10KB
MD5b7e6448561d0e53386632833b4ea567d
SHA13b874ee04e787afa88510aff4187553f245378a4
SHA2567608690b20181c9e618f0cac5d1a4f1e60adb40fafef42f3b5e324acc153f1ba
SHA512d6ea7ded5e9c487f8a5964c896994146cd29add6726f6b7ab1046b8a9cfad43cdaa8bb1d2e005a5af0f6b710f81a5877fda829e73ab42044d1e3fa83bc1e15e6
-
Filesize
10KB
MD595dc2833f84fa785d2a951738e2fdc5a
SHA1231203048de2bae51c981799b8f26299006fb566
SHA2563b62593966cdc9daf18047de6928c2af6b50e9a7e986c97bbbb232da2ceace25
SHA51271a9cd0ecd48983a6580e08b070826aae971acf7a02065b52e6259c7001a03db45140be50fd72ce288e4afa461a8d7b00356f45c0188fc57c6b97d6d74c024a2
-
Filesize
10KB
MD5cf0c74c207d6cccd79782ae543aa8027
SHA18f51abbc26b25591d4967e4c68d08f2558047577
SHA256e89e327356843de24385877565e2ef8eb345ddbdcee0f60a043b93158b0910ec
SHA512ff3ae08b0796bd0a14e1298a5a5d348a31cdfcfb24ec759929b9c8e09ff01121e6a41c9e4c896fb1418b8f4718d9ba158c35f38966c04fbf87f56eb5cb93e4cc
-
Filesize
10KB
MD574dd343b6b0cbade5e3019285510692d
SHA1820d9b2ea25fd4f70023e87a743ac0e182ec76b2
SHA2566b77e7a3023b2a052bfdc5690570b0f2a5b466d3d3c8090f0b5542171800950e
SHA5128defe6d60f8ef8d8bca2911c03e4acbf6d8a6629ca1f6e494c6db1fe7e99dc02fd9ef8ea3c598e68b4b1062573c2d44f93e5cf35b376e15bf459f5841a064173
-
Filesize
10KB
MD541094f5b833f976b909ce103d359b84d
SHA18636929f4ae68efcfc0b2e12c0f721d2253d1933
SHA256ffacce166a60e78875d3a9ae9501cde2bc91f068a73ad58e2a11c57df4996cba
SHA5126baba3dbf923dd2a6974d6d4e2ad99771a4f6fe7daa383790173f2537f36fa915c07756e216530acd4d7d42bd86d657c6ff1a9e7580f094a4a35abbf20f63b0c
-
Filesize
10KB
MD59dad1f4769d5817532b1563feba7f196
SHA1dc35b38f8c85bdb7db83a1342225003faeaa5118
SHA25633b992f1677a0639bb928728c65caa61f24d51f76f85389ab2585d92c1ae1f2a
SHA512ea35ae957fdb9745b00e26236a811a3cde81fc32870ec6fa30df4bc343bec1cb78645ae35afc67d9bb451d8be681b6d0f2f1feb41a587db95aea832f9d268d92
-
Filesize
9KB
MD5b781d6bdd9c074429093cbdfe9478901
SHA1275aa5f6f9ecee7ffab4a414a6608f7a8cb1a9dd
SHA2569e33419a13264bc4801ee0d01f61bdf51e21a5425cd788d2cbc2787b833382f4
SHA512625d185aa3c540166dd1a4e5fa56c170fa7054a63ffd38aa4680b9f4564bcb739f38c9b41f8c1dd663dd4de025310ec0d36be14702d3529b2e86ff38e4ed098d
-
Filesize
10KB
MD5993db9cc4bdc6692cdc30387b9e8ce05
SHA1946c03ab09a3857eeaf3649fd3372c96335669de
SHA2562bbc0967c4d9278adc61d9910cdb24df97617bde55fd004dd9605488bab02aa2
SHA512e044eae1b8bf27188683125bbda2ba6e2f1d29e6eb4589b4747f4ab4ef8f0de53630b538d693acd75cdd31c0b0802e170653c0881c2da4d2221d797c3f14c596
-
Filesize
10KB
MD5ce48ac4ef5a64426bdd74d12f6f36e43
SHA1f98dc7cd77e407dc55bd5b2e0ca4a6b985ca04e7
SHA256420b4bd142e169122ccbf1c34063c558030cc22440eef4bdcff01d40fb3b18a2
SHA51253a7822d2b20525a34647f58dd27d597f97e34ffbad5ac058dd33b0c1d02037553db42e0d5c2be8fce982bfe8a3d3ae4b035a89b9218592ccfa736c2525d7201
-
Filesize
228KB
MD5317008969dfa5b877e2e77ec380df895
SHA196ae1aad7ed983f29f04f030eb237edb4570f8e4
SHA2569df6d73a17a4ff51d9d4b3a26d2e02aa43405f8af38645b14bf06fe2b47cbefc
SHA512c2acdb80c99f310fafe78c592dcd1cf67a8c5687930a91d36f13088796b7d26e3e7266616eb762353c10419425e8dfda1c5d9eeece73639d60cac5435000f998
-
Filesize
228KB
MD57c1172d79ef696496e957e75f772d2bd
SHA17ba7fd1695b95a466bd5627d95389d05444527f2
SHA25697fa890cf8002a21119597669a66b52b7a16eb21cd95d54e5f7a6ac5f7f3d815
SHA512f9f3fdd0dbccd929c06ab84797b4b8fae6e598ddfe2a2ce7cf82e36181dce850e841fe7a44103af7153f9a94576f7979bec4de49eba6457f916f4b3dd99616ed
-
Filesize
152B
MD5c03d23a8155753f5a936bd7195e475bc
SHA1cdf47f410a3ec000e84be83a3216b54331679d63
SHA2566f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca
SHA5126ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41
-
Filesize
152B
MD53d68c7edc2a288ee58e6629398bb9f7c
SHA16c1909dea9321c55cae38b8f16bd9d67822e2e51
SHA256dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b
SHA5120eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
70KB
MD53b06aa689e8bf1aed00d923a55cfdd49
SHA1ca186701396ba24d747438e6de95397ed5014361
SHA256cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c
SHA5120422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
64KB
MD5af6f7a5bfb2f170eca7604107465e692
SHA1c32ad2424b1296ffdf145135ec48c425a639e8a9
SHA2563ba873c82bfc3f65e7589a875d03764342089000539c675efd4c76c2da925b63
SHA51211b5685fbbf834bab1aa0ba42b836fd5f2d43eff81610f891ffa7c2d6f53bbd8912e584adc111b7299c9a9c4507b353a091709a13a941b67e6b6dfa27459c5cc
-
Filesize
214KB
MD5ba958dfa97ba4abe328dce19c50cd19c
SHA1122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA2563124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf
-
Filesize
1KB
MD58293363049360f7c66ddc3b8698fb649
SHA12546fab420d7b48079e868f0e3de2e409d078f76
SHA256fe145502553219c44954d6d10e4401dd6ecd1b180187c876a85a0a370fe08948
SHA512600ba6a9889160688698bdc1bbbe3721a489f33ad8b56313b7191febe817874914152f4f8c17c1ba4f2f0af514f6440d5a8061e2e603cc526ea4055e9ba682de
-
Filesize
1KB
MD5f06502ac8b615d37b9f0e7a4bbd4982a
SHA1a4027c0c1c41104e9ab6428756b0281af3126683
SHA2566eab90d86f1daee8391e82ab571b5f9a61317480ccac96c23298f245d9ccda96
SHA51217ad1575e9ba371c45db30811aab152babce44c01965357d3a3c9fc6fb883a90eeb7bdb5886f1d16abf44240f2e252d3fae6150c9aaf0a68f2746f612a68db22
-
Filesize
1KB
MD51030b4375049a2c39058ecf21d353f75
SHA1714734dcadfd66ac28fa8663a15cd7cd65ccec2a
SHA2567044c9a0dea39b7dd038f8151d9b68ac2620394b52484726e7294d526eebc459
SHA5129a57058db8ff881f1c0b01f9c2e51e806ff8cf72749a633a04a7877984c2838ad2b9320ce2df9a281118024467fdfbba703608802af5188d1749e81c81f95ba1
-
Filesize
2KB
MD5e8012482a6e730b12faf65e0cbfc849c
SHA12050a0a5e6c4e21ba6a10184081ddf80193acda3
SHA2566ac586c4d70fc3229dffa2c09197ddb53fc9fb55b38292dce99dc5d3775333f2
SHA512106619f2a31a08be0620e0fb61bd90d3089965823b7e23a2efbefd9781a74611cb9d15ee9c53efd7dac21d930c7137a8a3d1852f41668ce24d2da84fcd230a79
-
Filesize
6KB
MD502513a93fff8e46f3958070b068a8d64
SHA1c3eba4251fa887011685b078f19624e0209f8d23
SHA256d54ca622f7b25b88b2dbaf3ee35d539037d1acacce1c4ebdfe6be4dfb924a09d
SHA512c49ac0e5240ab43010fcc4004ca4cfdd22058a1f222c6d93014ac283360fe23481a10d3d2c1bec0cda6aea6db88fd12e3a3388aad5251a2fcf3119a10e67369a
-
Filesize
7KB
MD5bb23f578f0ae6b5cca679f15e9bf52fe
SHA15813b96f02538811a31d59fbee2aadf10599f8ca
SHA256462d705cda7a69ef36254560eaf0c4be849735883d608cddbc138a2f60384a58
SHA5127530a1dcacefe90a18e8bf8e85999121dc5d4f5be9e605aa65ce92b7ae095c251951b21bb906caef319e73fbe171430225f246cb2f48d2640bf27775a208304b
-
Filesize
7KB
MD5ade729250c085b18da2bded8b55f233d
SHA1dfa235bd626d69a5d4df90cc4510aa650b42ff6b
SHA256b7e67ecdd5f41dd19e103a42fdbe73c20abc603b1880305175d26a8ef3d0f551
SHA512f92c21f4a305ca1544f5526c3f819c88e4181fe76222bd91e0e99f8520f86b8aa0e9a8a690dcdc261fe56a7e663f2e22f7e5e34fe5d471a1429ba3e8ddd34408
-
Filesize
7KB
MD587cbc04c4899fbd5b776ce6c2ad0d75a
SHA145779a93061cdc45cd3893449d8fc94f93debd03
SHA256733d8361fe9c0b5a764f9a0642ea4fedc8e5d4b15a25399fab88fe20f4194faf
SHA512fe5ee0270870d23fd38fb6d741717627d43c4b6e9f855f475abf779e8b1f9811c549366288d014790fd7459d554c452acbd6342b567ba48b2a14de3150ab7589
-
Filesize
5KB
MD5e84330f882e2b0d81feaf4cc773ac27d
SHA1c67b65b4626115ae36893942a4e9fc87dd67875c
SHA25635ca92033873d9a0313ab8a0871432097eaa476e8120744eaf3f4ae72d021960
SHA5128c82721f68f29e565e7ed4a111844b1f3139893274dd2a1df2d8c39a47ec187155aa6c5aa9ffed22d51b8b91e391f489001e933b8c89014b6b0f75572ef77a8a
-
Filesize
6KB
MD59fd3e5cb0ee114beda8cc17bb103cdd1
SHA1fe26a7bccd9cb3cbc8cfdc2d7cd19a0d81dcfc19
SHA256a186eebf6716ea9601a210a5c84b325dba1d9a5a3a635ce069667719ba864af6
SHA512a89e2d3c923e6e5accfe203c269ef67f0b6b341d11d1097705fd84eae83ce8f22b07ddd6e50e0e1eb8d4f9d79ebc6c123457a2d2bb5fa03400ce8ba31d838167
-
Filesize
6KB
MD52505689bce9dea62c1a48dcee67fd97a
SHA1c6035699f04ef1a582a1e21794c52bd5822f9663
SHA2564b0ceb684e4167e35f0bccaa5deb9719498dfc339f7fb69abaada92a397a4a2e
SHA512fbefd890b2ed4f73c40e9488a55b51a311220e5f5c4e509729ad29c6d0a432c4498d10a7066138372abd562f996a45f2692b2599fd586c01b7350a824938df9c
-
Filesize
538B
MD56d3b052bed74af2fb1b2a9dc9c82463b
SHA137ffadad8c6d43e06ddb2f32bcd4a0bc3341a937
SHA256f4e4dae610381ef4752c7c53a7ed41c04ab09e0aaf87b8a4b4902b7406de8ba5
SHA512e3fa62f5bdddf9d9894808d47e8bf86fb30a109062cd295f2241a7aaf3a0a9e7711ebaa28e2d041fc2400c70f7dd82c5a14084bdbca683706a1109b293661d2d
-
Filesize
538B
MD503066bd16404a715a49e3a7424133024
SHA19ebc035f0059fb5cc18ded5e3e3f08883c84cb0a
SHA25671e52b49b353c5932df3a992531dd7c538632924c36f72d58012e2213ff0e31c
SHA512e12745ec31f34249869d75757fd9980b89f3bca41429de75273be40febe9e99c21e6bb158fdb1891940715919f691a8d718999be06ab2035aa5cf500b4886b26
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD599f9952e561169c51d42889ca20d80c7
SHA1d827eca9dd00be2a1c4b3185c4db37388027567d
SHA25681ccb25abd37acaceb85e8f6355e27cdc1ab51dec49adda7dba43d31d83a923c
SHA512fc9888765ba839623959347ff963700184b2d376152993810e14832b5e53752f3fdd77abf4bb9a0df523c066f271b63139542765cf6ccc5f4005c70da7720341
-
Filesize
10KB
MD56ef4f3c9fe58fe0f748068f600d7b4ca
SHA177f15a9d33c03a7493555e5b72c3652dc5fec867
SHA256db1aa4fc5a822c185af5efe04f76ecea8d687eb2c33d6162b8676fba6b70e4ea
SHA51243b7a42b432acee101a854de8dc9fb2ff4c00a45c15f49352fab8e9872a2562b7be9b411d7b78b973f86996a0bee116596cc80023612f4d7b693693b8edda9ef
-
Filesize
896KB
MD5c48c031107b847635a5e67fda91b4213
SHA131a1c16a92d03f2f21a9bc01c4d3f010aed97a25
SHA2566d3af43e0fae1bdac5037930ab875b73ef2ccddc55e66cd8a51a243250b83b08
SHA51265dea6a6831252d2f65bbaddf9e41d5d63389997b976fefc64ac3e30e60b5f6ac8e00f0e6527b145c418ec30727d547a456e16e6c38c42a9da369c00697478fa
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
5KB
MD55d5d04d83670fb0a6318842fb41c425a
SHA18face1303b7a2bf88fb28c4d9bf76564c1fcd710
SHA25630e7c93b6724a7f027dca95e81e037eedfa790b0ce8fa6c94e261fdf3deb5e6a
SHA512c4b0cbe3180a2716758b2ede40e75f8fe8d7a385b231bdcae7505c36819ae372efd7ae847a35d1553d39a04ef4b49981d5c97885a0e6a14acfbe9301c4aa0800
-
Filesize
5KB
MD5bc727cc993f3d45c663193790195ed89
SHA1a67d2226b59f6407464b21421b57d7a1976a9af7
SHA2562efda71e454ac5a1cd9cbca28690d5f1193b58681d0d5da2abb64ebcad84cabd
SHA5124a34c364848754a838ff43a726983c6ad21f233fdacbcb5d219fcfff77934a016f369adc1209ea1622aa980481dd3f32cc8b075baf16d7b4e687f848d7b0fe25
-
Filesize
369B
MD583f6067bca9ba771f1e1b22f3ad09be3
SHA1f9144948829a08e507b26084b1d1b83acef1baca
SHA256098cd6d0243a78a14ce3b52628b309b3a6ac6176e185baf6173e8083182d2231
SHA512b93883c7018fdd015b2ef2e0f4f15184f2954c522fd818e4d8680c06063e018c6c2c7ae9d738b462268b0a4a0fe3e8418db49942105534361429aa431fb9db19
-
Filesize
253B
MD5a1825b7ab815da48d7953ff7f35f12a2
SHA1407fa9bfae0c66504a97b672622c04d8ce77aa11
SHA2564719509a6e3efd9b99ab4ea84321d51cd953c54bcc318365d0e5c7752a5f6fab
SHA51211601e9723f109beaa4f17ad3493a68a20a5b1ef30db15c50919bb3da411e3e9e39e7ada4ebfb811ae34a1dd901d16369e63ef74d1b1c0b37d2d5de4a48c19c4
-
Filesize
355B
MD5acd609faf5d65b35619397dc8a3bc721
SHA1ba681e91613d275de4b51317a83e19de2dbf1399
SHA2564cfd86d51d0133dda53ba74f67ffe1833b4c0e9aae57afe2405f181fc602f518
SHA512400ffd60ce7201d65e685734cea47a96abca58ca2babda8654b1d25f82d2766ca862a34f46c827249a4dc191d48f56005a9f242765d7becdda1344b8741a9d8c
-
Filesize
224B
MD5a76f1eed99fac8983432d08efd280c34
SHA12f1a97bdb744f30b5963424b36ca4ecd9a09f3b1
SHA2566414f850270140a2879b2cbaf4d7cec781a19ca19ae9f2a79c091ac98afee161
SHA51202e7b63bff0fb1de8a3534e4329aa42673438df5f75b9a80e3ce6cc3e48627cd5a21235323dfbee37e8369eb841faa556dab7fd002cce369102435693ab0dd14
-
Filesize
187B
MD508d2e4a2d9e2c22025fc369cc551ca6c
SHA1fbb518fd33cf1c752f762dc43d904cacad3aec00
SHA2560e7dc72dce87f7448c7e65dfdae1ffebec653e4f066807a94993feb1039787bb
SHA51292993473f027749718df243d6ac9480c1607cf908b3b01fc7dd92bd6afe4b8f3b0ae17c79fc75ed79c52cf79fc5f7bdc1814a4d132fd80202d80ba6539577686
-
Filesize
369B
MD5e4a08a8771d09ebc9b6f8c2579f79e49
SHA1e9fcba487e1a511f4a3650ab5581911b5e88395d
SHA256ef4c31d167a9ab650ace2442feeec1bf247e7c9813b86fbea973d2642fac1fb6
SHA51248135e0de7b1a95d254ae351ccac0cb39c0d9a46c294507e4bf2b582c780c1b537487161396dd69584c23455950f88512e9931dbff4287c1072938e812a34dd1
-
Filesize
253B
MD5d1e15ee75a0acc76ec94b63938e351b8
SHA1daa015f291754248cd0b2b6ce3878107d37aea72
SHA25616d7ce0fadd9dfd8f5b9957ff1ccb32f80328d2b39740e5c05e87bcc7bcbaf13
SHA5120a9fb6f4697f2f4146b9fd7067f583a596cfd645a36b791a9349dd57bb4bab6e6e3178d5e5275d8ae30a28a4c36823a878ee22fdc4077a1593aed64e06b57edc
-
Filesize
91B
MD5de97f8c7f4f066b79ad91c4883cc6716
SHA192cc8bf74888ea1151d9fd219eb8caee02978556
SHA256a99f5d4f9a3cff36d5fa6ce75c5aa651448860ee1b29111bd8ad96eca85b05d9
SHA512cfc7ab2465cce5b7bd5a8ed8ba0b632afc3f1b74f70f1d799f858d2271afbbbb3b37697e1074d6f85aabb4748745566d72ec68bfb2e90d312879875406efd0f3
-
Filesize
5KB
MD584e9754f45218a78242330abb7473ecb
SHA13794a5508df76d7f33bde4737eda47522f5c1fdd
SHA256a979621de3bcabf9a0fa00116bcd57f69908b5471341f966c2930f07acfee835
SHA51232b51e82e505e9124fa032bfd02997de6d6f56e0c0dfb206aec2124199048168ec0f7927a0a289f4653662bdeb5089d91db080019a9556491ef111df99b12623
-
Filesize
5KB
MD5abeaa4a5b438ffa58d07d9459e5c1d6c
SHA169631de7891162dd4840112a251f6531feae7509
SHA256ce174412cb2889bbf162b7ebe4476da5a9c928ba5b13111d338753ccc4c0f5fd
SHA512c9cae8bcc14661e993d97a3c7b658310a8b9c19044817589f92eab66f1bcfcecb3468b0de8b45cd68e218c23cd9c60aeef1d391af36ec03afab5c8b86d7937d4
-
Filesize
5KB
MD511cb9aba8820effebbb0646c028ca832
SHA1a64d9a56ee1d2825a28ce4282dac52c30137db96
SHA2562a1e197c5f17c60b3085782d3c8c97bd9aa2ac1e3a4a721122c0b5ec56d276c8
SHA512d227b39d5d67c18703730fd990ac41077321054d4f24198cafbc0b7af1ed6c72e7ef7eb626fb558f9407e11b5b9f0d194237400d248a80560d715c88971ad375
-
Filesize
390B
MD594e0d32bad78bee9196bfb5fe24b9d6b
SHA1a2bc31e79570c2793db63a500cfdc649f4e729b6
SHA25610aaab1f1916dd0408c291f1ef16d325d8282eb187677874011529066586b85a
SHA512f85f0bcb7c549118e0499b485feb9caa0960098083cd97599e5fa432b9bf3f152240bd1cd39f4593e23242c840e4f11ecaab6cb5d20f3b6f19873212d14d333a
-
Filesize
14KB
MD5e236f64eb4c593f697bb8272d1bcfbab
SHA101d734feffd7f9d0f43883a887f6dfbecd893603
SHA256d20aae0eb2d9b4c51430445cd218f78412f43fdb44c827367b464984f3667d16
SHA512224a65782badc8a463eb712b167d79405396d8dd00694c8bf87643ba0c32f49270c3cb2ff20c332e3b7c471c8ba4d5765fb6a3e20f6e7737fd6406b4b59683b4
-
Filesize
10KB
MD57a4b723521a86fc5a409ee1970f8bbe4
SHA1636ac27f96c320f2be9a0bbd25c23b5e92f7adef
SHA2562838e1a3e20afc957a310a50f69b71ccb52fc10a255dc896b95f02281c8b521b
SHA51207df629b8b5dfaa1b638e0c4c336372ef39af7826480c2d0d4c3b2e64a7c1c3f358c53a538260c32ae3216a48d458afa11e4a3e49fa69be3a925d8aa32ee2f09
-
Filesize
3KB
MD54edbe6d940e0343b12cdc2875f6bec5d
SHA1350cccc264f0ae7ad06c376af5c834c43e98daca
SHA2569fea3468a4b83ab39371d979a4e89b7df3c66fd2f012d67e0262828eb70a8438
SHA512603bd1cf1c8a33a14ca1e909ae9c8f78a640960e56259f071182ef971465998f52863b3d0ec85f2f2cc64faf79b3e2fcf7753ebf4639a6ce5ef4723aaca96fe5
-
Filesize
4KB
MD5b56b1a8d1b511fd55af9a6e117146053
SHA1ef2c6f6483f513fc3a180582d587188c3175ba16
SHA256ce40eb8f4c7e9b7e688968b71ce87df831fdcf0b25795a08ef1f3a1e0c30fcb3
SHA512c6de444a107aca45b0d4ddfb87af0f8b0c97c1eecb1507f8cfa2c8542baa4677be8a5170bec199380339d92da0253350f05572dece9234a176809a977d14da15
-
Filesize
4.0MB
MD51d9045870dbd31e2e399a4e8ecd9302f
SHA17857c1ebfd1b37756d106027ed03121d8e7887cf
SHA2569b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885
SHA5129419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909
-
Filesize
92B
MD5c6c7806bab4e3c932bb5acb3280b793e
SHA1a2a90b8008e5b27bdc53a15dc345be1d8bd5386b
SHA2565ba37b532dbb714d29f33e79dacb5740096fd1e89da0a07b9b8e6b803931c61a
SHA512c648be984413fdbaeb34808c8164c48b5441a8f3f35533b189f420230e5e90605c15fde2ce0d9fe42e9755c594dd1ef32de71a24016277ad2cef2f9afcf0ad93
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
3.6MB
MD5698ddcaec1edcf1245807627884edf9c
SHA1c7fcbeaa2aadffaf807c096c51fb14c47003ac20
SHA256cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b
SHA512a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155
-
Filesize
47B
MD5081c6d16a42da543e053d56b41e011a4
SHA17c3b4b079e17988aef2deb73150dda9f8b393fdc
SHA2567a4a7fc464c0e33f4959bbfad178f2437be9759ec80078a1b5b2f44656830396
SHA5125a65a2b81c0d001be174a100363adae86bdc9af02360fbd2c87ebdb45d62833104e4cca90473f1156792473af5922e947677585c55052a99868e6a395aa457ff
-
Filesize
92KB
MD5fb598b93c04baafe98683dc210e779c9
SHA1c7ccd43a721a508b807c9bf6d774344df58e752f
SHA256c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4
SHA5121185ffe7e296eaaae50b7bd63baa6ffb8f5e76d4a897cb3800cead507a67c4e5075e677abdbf9831f3f81d01bdf1c06675a7c21985ef20a4bae5a256fd41cc0f
-
Filesize
2KB
MD5c5447af30c5667022a2b35b2e9b4ebe8
SHA1304c7819d28c21a7090c85240e45b6210889d1f1
SHA2561189810e2839e571880f51d5c25c747b8b8f0f40172e71b532fc0836b44ff781
SHA512056e81f03ff27bd3d7a6b97c0385a2fbb9da1f3bfd044ef0bc1bf1522025e39925292ac3c2f6b894ae66f773d233172a626785139edbf03691e9de83c9485157
-
Filesize
2KB
MD574a476d7005b00ec31c69a3721a61685
SHA19700a9dfbad240160df5197bcb459fa1206530f3
SHA256e94bdd857a42e990b4a282836680d545763c77d6b4ae7fd45c1c5ef71de686d9
SHA5127314f8047cdbc78ae40b2038574692b45f89217eb4b94ae51fd3106060d4a3e86b55e6420c0b48ac700bedb61ac36a0a5566456943f2be6e1dabb10d5503fd51
-
Filesize
7KB
MD5477741add23d62ba612b0afe3a9b2117
SHA16639e5334ec34dd6d458bc04eae4e268656ea40f
SHA256e6b8ef370b2c1a1da052605cad016b64311a6dedb827d7ba043a82ff6d00dca5
SHA5124434e9d75d6595d9d1fc0794ff609a7b39e8261750577b48cbfb85e377d06b9d251589fd017ee38c97a4b11d5fa9a25f584a17a1bd9f58a3a0be4ed0e29843ce
-
Filesize
54KB
MD52aa9349944687fe32562482e0fac57db
SHA190ff41b573246a1bb19d35310456fa45069940f4
SHA25672b1d8b437d688a1b7f7783291ce1022999f90d72038bf28cbd96b9735c72428
SHA512eb986f51d4a3e16f2492f7657eef07935aa131e2113ee4c959aac6ec5fc0ca8aad9e88e32f89ff4fdc95df0ca7c2b8bee02f227a220b524ed526e4f465350c23
-
Filesize
440KB
-
Filesize
9.1MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
664KB
-
Filesize
4.8MB
-
Filesize
392KB
-
Filesize
4.4MB
-
Filesize
32KB
-
Filesize
224KB
-
Filesize
56KB
-
Filesize
120KB
-
Filesize
4KB
-
Filesize
4KB