Analysis
-
max time kernel
821s -
max time network
821s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
-
submitted
05-02-2025 15:21
Errors
General
-
Target
web.asm
-
Size
2KB
-
MD5
57d423ca4add6241bb21bbadb9d6177a
-
SHA1
b474f7422001e7f740d2de6dc9e750f77ea3bc76
-
SHA256
755768e16043b1ea870717a5e84dd6d522d6ab71a85d3b9935f82af1651c34f7
-
SHA512
165f76d5a045124453e4ef4807193c33e32078de17b13cc932a10dc19a42d6b60c06e7c5c257a7ff15dcfe5baa1998e8774bf0a862e751bf2239a16db0516a29
Malware Config
Extracted
C:\Users\Admin\Downloads\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file 8 IoCs
-
Drops startup file 2 IoCs
-
Executes dropped EXE 31 IoCs
-
Loads dropped DLL 7 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry 2 TTPs 7 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 45 IoCs
-
Suspicious use of SetThreadContext 4 IoCs
-
UPX packed file 14 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 9 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 39 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 4 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 8 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 5 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 50 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
- Modifies registry class
- Suspicious use of UnmapMainImage
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\web.asm2⤵
- Modifies registry class
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff84ef0cc40,0x7ff84ef0cc4c,0x7ff84ef0cc583⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1928 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2144 /prefetch:33⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2368 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3208 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3460 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4596 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4920 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level3⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff793404698,0x7ff7934046a4,0x7ff7934046b04⤵
- Drops file in Program Files directory
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4844 /prefetch:83⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4956,i,12687273404124932914,11311809608217430931,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5116 /prefetch:13⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85f2946f8,0x7ff85f294708,0x7ff85f2947183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:33⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1888 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\WannaCry.exe"C:\Users\Admin\Downloads\WannaCry.exe"3⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 258591738769061.bat4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cscript.execscript //nologo c.vbs5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe f4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im MSExchange*4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im Microsoft.Exchange.*4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlserver.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im sqlwriter.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe c4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b !WannaDecryptor!.exe v4⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe v5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet6⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete7⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe4⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe4⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe4⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe!WannaDecryptor!.exe4⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6604 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\satan.exe"C:\Users\Admin\Downloads\satan.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\satan.exe"C:\Users\Admin\Downloads\satan.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Roaming\Qekos\kilas.exe"C:\Users\Admin\AppData\Roaming\Qekos\kilas.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Roaming\Qekos\kilas.exe"C:\Users\Admin\AppData\Roaming\Qekos\kilas.exe"6⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_dc532efb.bat"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\WinNuke.98.exe"C:\Users\Admin\Downloads\WinNuke.98.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:83⤵
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""3⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6808 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 4324⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 4324⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 4324⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 428 -s 4324⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 4324⤵
- Program crash
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2112 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\$uckyLocker.exe"C:\Users\Admin\Downloads\$uckyLocker.exe"3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2004 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 3765⤵
- Program crash
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6952 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2763152952756322386,16730681424537666844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:83⤵
-
-
C:\Users\Admin\Downloads\Petya.A.exe"C:\Users\Admin\Downloads\Petya.A.exe"3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\!Please Read Me!.txt2⤵
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe"C:\Users\Admin\Downloads\!WannaDecryptor!.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe"C:\Users\Admin\Downloads\!WannaDecryptor!.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /72⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Windows\System32\o-r7xj.exe"C:\Windows\System32\o-r7xj.exe"2⤵
-
-
C:\Users\Admin\Downloads\!WannaDecryptor!.exe"C:\Users\Admin\Downloads\!WannaDecryptor!.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\!Please Read Me!.txt2⤵
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /72⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /72⤵
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 4323⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\WinNuke.98.exe"C:\Users\Admin\Downloads\WinNuke.98.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Floxif.exe"C:\Users\Admin\Downloads\Floxif.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 4003⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\$uckyLocker.exe"C:\Users\Admin\Downloads\$uckyLocker.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\READ_IT.txt2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /72⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks SCSI registry key(s)
-
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 3844⤵
- Program crash
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}1⤵
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\15d21118aaf04b5ca299f1393dce5546 /t 820 /p 4041⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2584 -ip 25841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5416 -ip 54161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3940 -ip 39401⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 428 -ip 4281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5496 -ip 54961⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2828 -ip 28281⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5780 -ip 57801⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1860 -ip 18601⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5908 -ip 59081⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
3Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5d2fb266b97caff2086bf0fa74eddb6b2
SHA12f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
944B
MD56bd369f7c74a28194c991ed1404da30f
SHA10f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA5128fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93
-
Filesize
649B
MD54b2900582aefb6cf6d1f6cceb63f09bd
SHA160581cdb2761f01c745c4f6b74865203cfb3d608
SHA25602382e95cb12165568860c6d9bb72af890e0489959334157813ef52a7ed9c579
SHA5120cebd66170961b8025b21809ab8b2bb71af4adf3fd71e5454f248cd8fa1a0bfc228e345e2f09f99e51be92018a534197fc55abed8f113ce343daeb71cc3db410
-
Filesize
214KB
MD5ba958dfa97ba4abe328dce19c50cd19c
SHA1122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA2563124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf
-
Filesize
168B
MD539e57d939e6eb32672ece00c6c83d7cf
SHA1a04eaba0e2f658568a0242d9046e08069c39218e
SHA256436a7dd8698ae6af816851088fedfd587e499a18f10a0f2c46c6acafe67f982f
SHA5122e90be31eafbc0ab9539194a68639e6095ff7c66aaeb0caa5070403414cc9fb4c42de06746818d75f174c97bd0361b413b6649bfd4b2d6a2b58f7d2797610d5b
-
Filesize
2KB
MD5c23a0f51ec18ab2abf3a6e02bfedd53f
SHA16de9808f62ebb5a043902093ffc14fcf750dea74
SHA256f99942ed3c7ba0af374033d4a8e3183d2e50ff476038f007d55618ff13420882
SHA5121cdca24e532d5906ee039e2b137107a23acf59b1060a2f1ea8ab2c195077a74e1a8e186f4b18041d643b39106881675969becad68e85969a30095d6a5927969b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD58322b76af1f8836a42f040a06ce1360a
SHA1a911bd5926b8a2a415df3d395d35394d2ba5d8c6
SHA256c0e7043178a204c9d71ce1b1cae14bf1a50b2cbcd6a45fe4681bbc606dac7be4
SHA512e7e90b3ecfeee771609b3e99157147b791fbdd5f5a43fae6bbec06d183198abe41575668d0edfaefa09b20d07e51e350d0aa0dd45fcd9594f03274d64a0153d4
-
Filesize
9KB
MD599373cfc65430dd2780bf8b9bbe9898e
SHA172b3254d4acf9f79799c13233a415d5356e3596e
SHA25635ef37bb80005275171190914a47507ac542e45a98938bed1ddab61788044858
SHA512c9a40a744b0e020c3632fdd711b07b1f545d363ffa8d8c3410912645a332113c32fcf52ba2e2fe613dcb8738820ed068cd22b9120ab28b06c2f7c21b83312c0d
-
Filesize
9KB
MD5faef9dc490ed79f526d00e997d300769
SHA1ae7ab59518a61156206ae33a0dfd0c4ecc41e59c
SHA256a74ecc7a002d458ba1567c0ef664bac49e552c79e1b020e34efe84359e5313c9
SHA51271b0e3ce1d4f55b1ec73ad67ac5c70ea1503fdaa8cff977a9924edfcd14ff58bcb9a8636d76ee387f0925c45be2cb942fe9fe79181bcf802c187e056d8007d66
-
Filesize
9KB
MD5054e7e6bc7c0c301f51bd41a89fc74ee
SHA13e27a9698cfd68805958505322538e2b18f0b950
SHA256f6c039fc833aff1a6afe8b731b37624399d4eae86407003d247bef80b9b878bb
SHA5121a9ff8fd41cac445bd05e44cd63944f2fd870896f12874a713333eb544b3a3e8764014ae0a91f723c13a739399d67a45d24ddd957c4e2985f852f8f01d55732d
-
Filesize
9KB
MD532d0c11c3f311ab76f0ea5722be15c8c
SHA16107ef0be5043f7d1d05e0b576771dd32a4d359a
SHA25693497c989d3aea79e128f5adcff694df2470253bdae5aafeef1621859f444b71
SHA512eb9020aa9f819411741364697c849d7505117d10240e48d7ad45dd20232c4cba54efeb4070483414d41171fb3a201dad8f723cc87f8d6743e18b1938f76633c1
-
Filesize
15KB
MD5866ee24c3796e8d17fde823dbf0d6023
SHA180ca956cda2cc2af6e29fef3cd8b19eb4677787e
SHA25640176b5ffa20a8f8f101dd163e03e685728faa946f96c5fc2069c28eed2c94f5
SHA512c034421bbea37c8c6bf33b907e36e5e6b91e06df2eaf9b5925f0db497b7c07e37e42a397b6092810b53c78c808182e34be190f23323a32885fe0e96bf1c61bb0
-
Filesize
242KB
MD56cc995269338dfe1cc98aa2eec79d695
SHA1424ff2df0cf4bd8d6046cfb9c383fe056679d738
SHA2568ed3d9d0d4a33f61ccf66c7222b1a000b0177ab5fa5091ab2d0588cd575160c4
SHA512c3b323c3311c90ec007b5578b43565446523387b8dcde0beab0693190aff7dae2a603e7d84039e12e1d19dc326bfd73162e811f5ea0fe7aa4a7373d73674302d
-
Filesize
242KB
MD579baf24fbc7de991e9926938d35f703c
SHA1c6ffb9059804cef718a015b47743e65504cbd11d
SHA25668877cc007a0957488507a89327ad35054828bcbcab9d00358e04b58639198b0
SHA5127d03a182292095eeee3c48710742b5083dbdbca3713d3d1f52f12420cd03c33b3e9dcdf6bde98f7506dfb66918ce3e3d6fa1f48abfb9b111c9dc03ca0066b39e
-
Filesize
242KB
MD5b29995941b9f40dadfbb9ed8fbf27d37
SHA1fd6610ccda97246a1af8c32b4de2bb0e4e57ce9d
SHA25629b226b81f6f5a1fb642c274e07a1235d8e01fb75d56a73161fc4f2da7da3849
SHA51277d6e97da757645c14ff8a8937414ea42d132c0118f2fd4bbb78cbe6d9e997e626dbbde792e2f5b99385e1fe518a293610c515df6764733f03e37bfacb9309ae
-
Filesize
264KB
MD524cb3bf31b01f000d574e10d4c7b6bc3
SHA1d29a8db51ffb76dd3daa356c0fc4b4a56997dbd9
SHA256029bafb0b1e82ab4ceff4523e169f616bd7ba57a77e11834230fc805e9c0ee24
SHA512c34d41c443b0f5cce8c2d57d56e079ba560c6983a9eeb8c9201f135aedd058ca6eb7133cf66a2e807046ac4aa462c54fc9e7431d1592c0008478ace2f17f2266
-
Filesize
48KB
MD55a1706ef2fb06594e5ec3a3f15fb89e2
SHA1983042bba239018b3dced4b56491a90d38ba084a
SHA25687d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd
SHA512c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16
-
Filesize
152B
MD5908f9c2c703e0a6f81afb07a882b3e30
SHA153ed94a3145691e806e7dd8c160f5b459a2d16ef
SHA2564436bec398522c5119d3a7b9c41356048c19d9c476246c76d7a4c1ee28160b52
SHA5127af7116a91c8e3dfc23db8a78d7aff9a8df8e3b67df7f4ee66f9380dba4d1e66d980afaefc5dc2d9034ab5c0b7c6934400feb32645373f3ff4f8816414ae6ff4
-
Filesize
152B
MD5b9013b8bea41aa2c8fa7f4763168069e
SHA1349be86bde65cc0c3a15b2b21b6eaf2db452e92d
SHA2566245436fe808740cde15c227fcda465a37a52f17f3642a71f0abbc466ce5b466
SHA512d23bc18adb6acf9eb36fea85becb7b1a004bed034ef443acc3d442d1364f2ffa17f57e8eb6eeb1702dc459c5c16763b4e72249e6a326c9c36800d3f395fdd326
-
Filesize
3KB
MD5e489d4fd2600b3a83d2bea3687b973f3
SHA1e7c66a0fb337b4fe40942bd8efa5ac2c33e8cc2d
SHA2561258e1008154c0c99e241546af349776e0673ed2fc7eb95a6e39e1535ca82759
SHA5121ca811c0fe286167cfd83513c0727f3153b6a8bc020afad7eb55bf7a3aa830141280013b4e5516e7c9ee1384c56418801451ec83c68aa8813647e14f0fc937c2
-
Filesize
871B
MD57348ff16d5ac12eccfd1211a328258ee
SHA18ea0862202ee43e64f1c6f2f84437acfd91ea250
SHA256922caf52f120b3d75ef629cbe3eb8f67fcb86e7f280bde6f8432bd1864e2a527
SHA5124014a177e80d491f57ba7c6346e0c4c283249d2cceb866ed0645ad736f5f8df6aa33fff186fd7f4cbe28807f37df7b782ab52525d1eb22c167a0da9f1983a741
-
Filesize
6KB
MD53e86bd39bf342bd6b139a714bdefc9b4
SHA1930f880cd6f8a93c72f3437687674f30e7ff4ac8
SHA2567a2b8c03a40914f5055e570924bf65d2c6ca794f14bfb4e7b25f95eb8cf0cde3
SHA512caf2ec2ebd5062872791632e9e22ccd04db13e7a66c1a0eb12107a2e57a97938e1a470c6b538106f097f6199bb9745b3f298526fd102335b09020642dcf9da83
-
Filesize
7KB
MD59fc92b16f13f18b9e0181098d4481e62
SHA172e400cb42a2f33741e4bf8d78b6cc9e97686d05
SHA25629f6dbf4d5fe160e78d42f5e5559b2485cce552bba4d93cbd40aac57b84fbade
SHA512cc142b7d430ab6137a5b05ec5c5ab30c6714d829a47f54789bae2178c95c23e01f4cd86ce42318a97d96ae9dd3f08d468ce0adfb4f24b7b57086861fa0cc4285
-
Filesize
6KB
MD5e82bef04864206eb5117d18f73a816dd
SHA1f3d0777ea120e1b65a1bbfd116bd4686dd0b86a2
SHA256792c63df22e5bc8de043f63789c4a04c66bf4ad17da643b1850f9f2c412e63f0
SHA51283d5727a57bcd0ee07b270bc0f6663faf58b12cf679403bb8571576bbd09d0009d6373aa7bd32a661b1bcd0711a0c0e6dd0840e9ec9182b53391c32827536841
-
Filesize
7KB
MD5c896c91010f4a367f63544224dad4315
SHA14ffbfb3f6bd017838052fd1aa734f3ff24aae200
SHA256d228f5e46d05cc5bcdd11d2868831a0ca074eb09e2e41f5d57cc0b2791892ee7
SHA512666ceafbde2ee49f99a2ef68dae8a661cde8957ed521d6ee46b3445f327937ba5c25a7025a30094c4b9cdabb67b1e167aa42bb3d53627e166c020dd0ebcff528
-
Filesize
1KB
MD5de92f27292b703272a86a246ea879472
SHA1022c9f22a2c1ef429ffd629e6948263b966b5f97
SHA25615115e632ffa445df805355530ee7b258cd28f87ad8f311b31e29a88e5846fce
SHA512871fc33e963b710de240d20430144cc804ea5e901845904933a2e3f7947beeec439c41b075489e3b069bacf6e9f59ad1b02e72fcab32ef552d7a8855658b97dd
-
Filesize
1KB
MD525c987f77d84bf73e8fd25ff826dbcc3
SHA1340eca346c45d8a8d42b1f41278d41a24e0ef214
SHA25679fcbb75d35d1b4de14a383068a123fee72f812eb0787e4a6f1789a9483bb3ef
SHA512d2155e12b7b1ddae70be324475ae8e85c36d0e639d78439551bfcdeabd1b31ab7e0705f9be9e81cd53718d018d543b69ec40c21c26c36662fb55008e1307bbb3
-
Filesize
1KB
MD565b3771cf8001d2654125cce53e3c008
SHA1bbda983f22e901fb54ae2378a24fe22587b7e471
SHA2560fff267dff1a4d593831172617dcde2d2df46a1b4a8f48f5279bbdbff293d265
SHA51265806567390b90bacefa5a161cfd77ec09ef8cabfcbef67c6ca4a0438094916bfb3722598afbd9197634254b07258713a39b6630f2b8f4d02b3bac079dbec15b
-
Filesize
1KB
MD5f15b3687d604a72f067b7f24ffd2fcdc
SHA1e587638883896dcbbefa48981b3c61feff808de3
SHA256e007010e9b589ab4ef48f41a3a59446fdf0ac2922115835966912c7f6c91354b
SHA5122fb2f16b1653cc17b76b1eb11b4ed30a940f478e5c9edf00df87c3adfface4b051ca781198cd0487bd391eddcbe7285273f0556ebaa8390d6c01ff6c953beccd
-
Filesize
1KB
MD5ecbb01ead3c8397e8499f78edf430dbe
SHA1fcf60e9d47a9692fb2bfbef23085deeda177a195
SHA256148979cf809d7fb8e6903520eb71ce849ee660a33cb535d6b3d01b260b77d6db
SHA512ec81ba7c5f3e5f471bde92ddb163afc07439ac735357a0d7486c8ec08ae634999d26c112ceb3e02ab2a97d06cb204da2248b85ead8afae64fbc00ca9fa849d53
-
Filesize
1KB
MD50063411aa2aab85a78d90a54816c81e2
SHA1d9b998c419bb52a1020eed5f5f09d2dd9986d592
SHA256378a77517ec4a980cee7ec069c1df2f63d7847383d97dfee28d345fe0c7964b6
SHA51260b206f8703d5c461a3ffe094f5a88032b381e2f061cf9c4cded9f42a2f01176a5e692f11834bf0f8bfed943f97a69010301c2008cffe7e33a3fa222535bb194
-
Filesize
1KB
MD52a61a24cf932f2ec7ab525f0b1a92db2
SHA17bf442aa95b2a01ed4d8c49e88a58064e2a78d90
SHA256961939d989b0b7719f0fd6e85baeb15d49db9a6f510878bedf4eb382c9efbd0b
SHA5126731d86bc453efc7ccb279ba4cfe940ea1c6fb6efab4a7bf667dfb3800fcf384f6ff868e5ad6cb6899b4642db5834b9304b5b4310e373eba7887d1fd54071ace
-
Filesize
1KB
MD5a132fdca707ef1d43a1b48ec2a4f2a55
SHA1cd9fb7a6fd91399383bcd54e97f0d2e034d20679
SHA25600f566a9e8435e8a1dd977c17af4e6af153c5c5cd749e3be978089537103cc94
SHA512f2bccc8d49af4873e9fdd3199f3e36aa2d95e0ce627d663a7cad98ec3f1625280155644c978d0768ca13716e3c5db4871c0b0e85626de8554c83ba353e523140
-
Filesize
1KB
MD57af2474a501625ddf215908aea7e3f81
SHA12d5b3ae4184e1b3c94b8d92ac99c722a197bcaa6
SHA25669f63e8eeb671ed139ec02426156a0fc1dd899cf3e7ecf3b73867c2c09dae56a
SHA512bd5cfca180bc6bcf6986eb36619c12a62d1262a10474318a33503e9b1149222edc7620bc2ac36c946889b3e5c875681001c66b7d06a9cc9d979cf5d11c774537
-
Filesize
1KB
MD52214e47d61c1a6ba39856c19241caa9e
SHA162c8094e947d5cc21c3a94659a29c2e59319b493
SHA256e272a8f3c5d16188ad555214391b518dae53e6f2df62b33fbb375b5bfe8ff90b
SHA512c2ac4d8048f4134c38003c12909bb433865846b3bc742deabb322d015d0b4fbcbcb9b3e0a6b6e2c9ccc7b22dbb3ac25afd7809c1cb18d38fa86f06c9fcf048f6
-
Filesize
1KB
MD5250b55230bdef56d4d515014443e7e7c
SHA19efea0dceedd677acc8e09e0cf7b6ff890db1075
SHA256cece454189a44966faf2da8fae17c330c39f2cbf5f06af4c8a253fbb76115f39
SHA512a24ed895a7d0794c444d4c70f18ce8ed32ebaa19774beb1eb96cf76c90ab7b8a6d9a7e3c9f3ffa7f18e7b5d34aee97cd3f74e3c74518f53b6c0456e3477c49b4
-
Filesize
1KB
MD5cffb31f0ffcdae5e1c39709acce5c5ae
SHA12b5c6a8b06fc45af27aecd674015787913c2bf67
SHA256b075bd64f268d2177aeea92e9eb2ea03350f57157e5b9102d2f1a286f3acee11
SHA512dccf78e703985b8ef8f5fec2720b03894ff19784fed062a45b98f05a98cff3a839394c32c87ac3317e549478d8dfb574d57767c6d83fc6b8991d556b2160a3cf
-
Filesize
1KB
MD5f6afcaaf9f8943fce20bf4485d2b3f60
SHA17de4151fb64027c5ffa4102b42b3a9ba16ee6453
SHA25673d88055fe4ef96f45cf2c7b696ab64661855d8a05844a62b872d4c423ad7c22
SHA5128176b539c1d013ef3f53dc776a7e7b50363a1eb18c1fb76663eb688fd1c7637f860e7ba32809cb9d56c24ccd525d69dd9200f228c7b2db8e2e394efe4f9a44fa
-
Filesize
1KB
MD5827dcfb7d09a62b33ec19053a69e1913
SHA1a77248d210fa96eab46e2519eaaa405ba2045a35
SHA2565fbc1d54ef41cc79f41b98c1d11e962c3ffcab677791bfb0c0f42f8beaf48f2d
SHA5121e32a8d334058c7496c579efbb4e4a3cefa7ef0747eacd247c2e6ac985c95131f234eacb2722f7434d83a2eaadda06d5ba344d935568824492cdab5527996685
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5195b2465a94128a9b36058128eff96e3
SHA1d333b5b11da437a2680ca7ad19a7dc2bdab7ab5c
SHA2565479392d970f5b7f926d8d5f4222b0240ac37ec35a4cad157ef0e25ec27d6870
SHA5124b9cbb72491a229eaef97c6cd109f9a28880fae6bacbfe0cb779525f1d64c4e1ed2864840b8da505b40a222fd7963c337ea4c41b436775852cc4c47c32ca87e9
-
Filesize
12KB
MD52f7d40a2b5b2f3169941876c1ef255e0
SHA1bba74b782a7213f355cd44a80ccb60cb04bac8fd
SHA256e9f00cf12d599b34b572544c2d0b63cb94900f4904faa52c84224f233d99d714
SHA512f7280faf0c3908244192003aa6e50f3293c75d68bf60b0131e40bb4b53c981c7249755d697939a3af4dac090cb4a83852819587cd6b7d8e3a927bd6fafec4b88
-
Filesize
12KB
MD5fa62361cde5b0d6e688dc8d6f5e76a5d
SHA1987d0f336a099060b89b97f23e1f4b18b552d8e2
SHA256f12ab196f23d35b22d3bcc5b2436b4345a6fb6306d5db98d358a5724868680dd
SHA5128fe33ad21ac286211abd7635861d2e431a6ef73efed42342c1615ee12f24d85d655e081424cf904df3d5c9045e74295e1ff2eb7b18c67c9c37c8bf001a96a620
-
Filesize
12KB
MD5b900f424d769af8f23d2feeaabb0bda3
SHA11d7900250441453bc245516970cae96a428a4d20
SHA2561e31eac5ae0bd4f9b421dc768d962168f51306c01b4040cdcb26e44a579a7c89
SHA512abd8d44f66a89491346c91e9a192114c58006b3be2c1a071fd716ddb24a600d4eaa518b3433feee8c71b4b191278a1b0918e3f154fce49a1509a674deb0a48d3
-
Filesize
12KB
MD5971ddc4d80c1cea5246a32bd9c746dad
SHA140d3a8c0ef61b83c023d2efeb00c4f9275a732f9
SHA256d8c0941a9776f6ba08ba18152397137ea7091aee701f045b72ef8768d8bda8ea
SHA512c3cac204651f393a75d4415e5ec7e92ec53c3ac1c9518a47c4ad9856ea2a0ef3920c59186a1a4761d32885dac7f9d35700324d2ffe599f007d9ec1228dff7ab7
-
Filesize
12KB
MD52bad2c55ebf79fbe99b0c51f87c38939
SHA13512c2a120e595960a58eae7e571aa8c00bfb4e2
SHA25678655b3dfbc729d8877aa4278a1e01d0f822ffd25ab114a47fbf0322a91e6edc
SHA5122402e6665132bb5b3303060cfc6698c2adbab04aae68f77636ad79e7a3f8c6e1e9d46590a14746e71d4634256712c26efacfb35adab85a4a790942bf0343a1a4
-
Filesize
12KB
MD5c85e8e2d5e0dca9ac5e709f60d2c9734
SHA118218f765e6f3b660b1d6889bf69c6415790d2eb
SHA256db1d9febc74be56ff6a21b21ab14df8c003852cfbb843109c16f75554381a2b4
SHA512b9b2b3d427a1fcf1a03dcfd74b88ff25d59b854a4cae388680d7e9027402198c14389c3e0ce572807f13d461915cdb1524c3886727bb887a9ce3721358af1d23
-
Filesize
12KB
MD52eb0852fc4c6f8e48d8a4e88caba1f2e
SHA1322f139e7853cb87ec6513af40844527973f6b3d
SHA25652908d6e69e02160cd5b68cd99f079b04c7b409c81054614c3bcc1f81bf4b7a2
SHA51230a5dc49f7b4a9b1383d40cdf9ac2e05ac8986ec4954cb8bcec39624d84a3b7b9f5d23da77c720f46d48d0c99b9c4d6ce69a2a9afb4da53ad644152acbcb849a
-
Filesize
8KB
MD553ceec53ecfc76260de11aa23fd32e84
SHA1b6c8a241518ac52d87f7d277ec391d69a8e3a805
SHA2563d2c568fe51bb4915ca24224d036ab0bb26bada8727d3f576f48108f7af63574
SHA5126ed818d52c1d01e9720c78d92663acf54b42dd44d84c594898760275e6c9209db28477b4980585e3bb778b4360450db89e7c15d25779b296df2a3708eab96c53
-
Filesize
670KB
MD5d93d3f3f757bc50bcfcca8dd3c08eaf3
SHA1c20d7c9c4c673a9bdca0ddaf77761be2788ba6ff
SHA2567c71e740fba5726a98453b2e1733fa5a0323ef12b5dde937f001ab084d3021fb
SHA5125fa10c334ed68381c4a2edc836a67ccf348633fbb19339cd0b0b00ead7918bf7a65521bc85976ed4d3a7f83b67c78af70ee52c4cfadd8d81ff4cd95cd95a82ff
-
Filesize
382B
MD558593d940cbb471ad562e183116bac56
SHA12ba75c6d6b004ddfbff9a1a1027e0208b365891a
SHA256560d2097dffa347b7463d5bf5e266cf5d6fc922e2daa69374668aebf4cb66ad7
SHA512a926b0d2e5e6eaa0065f617bc1b18a2662c98b8203c6bd498f78bb6471a51d68b800c7b32ea5d111432a6a8be7dfc11aedaf77ec775b35f29ad36ba87e333d5f
-
Filesize
31KB
MD563d5b8e61960d4d6d89143703ce70acf
SHA15f9700dd77581d627e90a4016623b73e0bd6bede
SHA2560a8d025552a2f8629fd2188c855f75ed69b133b2f018284976aa51621cee2c1d
SHA512b280ebbd0a322e4c2905fae216b5a01d929fb8022fbddee12ecc43951d25263a58d20df8fcb86a16970ce576b479712bc6908cbfbae7d8f1aa28f5744d11c6c4
-
Filesize
658B
MD53886cf11a0820a21e50dd05197ab93ed
SHA1df2352ef4311e611073afa291ebc59f063a44df5
SHA256838627b51f88da0168dcc5673fe6b8d8c916f0dfae9a925a641109b75be27181
SHA512ad04d107ed8d8b57c141a5c47a41bbdda8f9cabd300db5e2e1d51a17fb6db33216de5ef54d0f5a9216ef475c14723266abe42c32ee84bd6ac8506b4060cf07b5
-
Filesize
797B
MD5afa18cf4aa2660392111763fb93a8c3d
SHA1c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA5124161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b
-
Filesize
590B
MD5716c043a6525f728255ea26867aeaa1b
SHA1bc073a89354de378cf6040074a1c46a73425ba3e
SHA25639ce1ede1fdf61b1753c9a2ca1f916f0c7d8c2bf1bed173ab3e91a1e0eb0f056
SHA51258de6abbe46d3de43abec07e64425ab592211a9467b50677ee80a584ae29546e0f94764d083a46c07e3e04b5febd86dfcedda906052d1ea36484a7a07845d444
-
Filesize
136B
MD58c8419f36b25a4d0f644cdedf7709cd7
SHA150b882ecab9d35c450bc8f0ee69116f7f21d80fe
SHA256aa46bc75edd21871b1723cf7fd6af81a67e441a501db45537cc26d1666dd236b
SHA512133c7401859cff8597162210296d2a4024e994aec399778a1c8aa7d7496e37ec09ca32ddb4ab5e83db8bd8a88482f1b86aea6eaa2f5abbf7d6c5d60e1495f673
-
Filesize
136B
MD578341b9155e4fee565d6da8d6bc4fec4
SHA13b4d48b01172ea07d32d9fe5ffe215a9838bc7eb
SHA2564ce682ed4d7634309ccacc8e1551f3c67c68e1ca8375f775cf08ffd4c0210606
SHA51204376e594f1be72b30447c8edae3cffe8df462b3a3e07f4ec023756a944ed4b2704caa0ce5797ed999cf0afd8c352c876f7526263181f682868f57319feaa1f8
-
Filesize
136B
MD53693ed146d3589c1a124aeb4a7e46daa
SHA16d2916805055f04092d5bb79f007b2283cfe01a6
SHA256df3146652fd9ff49f05c2add135852d450731710c2429c28e273ebf2cdfc22c4
SHA5128acea176c21467621ea100206ffdfcaff0267f4be6882dd837f8ee1721fed934ec15da650d7d162043b81993c8c2fa582ee58a997e14223d6b05ee297bac1264
-
Filesize
318B
MD5a261428b490a45438c0d55781a9c6e75
SHA1e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e
SHA2564288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44
SHA512304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40
-
Filesize
40KB
MD54b68fdec8e89b3983ceb5190a2924003
SHA145588547dc335d87ea5768512b9f3fc72ffd84a3
SHA256554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca
SHA512b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f
-
Filesize
224KB
MD55c7fb0927db37372da25f270708103a2
SHA1120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206
-
Filesize
184KB
MD5c9c341eaf04c89933ed28cbc2739d325
SHA1c5b7d47aef3bd33a24293138fcba3a5ff286c2a8
SHA2561a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7
SHA5127cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b
-
Filesize
414KB
MD5c850f942ccf6e45230169cc4bd9eb5c8
SHA151c647e2b150e781bd1910cac4061a2cee1daf89
SHA25686e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA5122b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9
-
Filesize
2KB
MD5a56d479405b23976f162f3a4a74e48aa
SHA1f4f433b3f56315e1d469148bdfd835469526262f
SHA25617d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
-
Filesize
225KB
MD5af2379cc4d607a45ac44d62135fb7015
SHA139b6d40906c7f7f080e6befa93324dddadcbd9fa
SHA25626b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739
SHA51269899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99
-
Filesize
32KB
MD5eb9324121994e5e41f1738b5af8944b1
SHA1aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA2562f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA5127f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2
-
Filesize
49KB
MD546bfd4f1d581d7c0121d2b19a005d3df
SHA15b063298bbd1670b4d39e1baef67f854b8dcba9d
SHA256683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96
SHA512b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5
-
Filesize
532KB
MD500add4a97311b2b8b6264674335caab6
SHA13688de985909cc9f9fa6e0a4f2e43d986fe6d0ec
SHA256812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f
SHA512aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70
-
Filesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
Filesize
201B
MD502b937ceef5da308c5689fcdb3fb12e9
SHA1fa5490ea513c1b0ee01038c18cb641a51f459507
SHA2565d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1
SHA512843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653
-
Filesize
628B
MD51e7a78c166e9e5bd7d28ae80b280fe09
SHA149daf5a0cd4decc606a0dc3ecfc2544ef395b75c
SHA2567cb0483e67076c60b761c19f936ce68dd4d4922ecaf7aacfe88a87c9c0e9df9e
SHA51295dcf50175c3095d4bc3858e3a28d5f43243d9bdf05ae85bfe52f3eb7e7fbe9a95f4c8eaeccb9d55cdf649ecc29213654647041a0dbd298c328293001f84ec45
-
Filesize
42KB
MD5980b08bac152aff3f9b0136b616affa5
SHA12a9c9601ea038f790cc29379c79407356a3d25a3
SHA256402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496
-
Filesize
236KB
MD5cf1416074cd7791ab80a18f9e7e219d9
SHA1276d2ec82c518d887a8a3608e51c56fa28716ded
SHA25678e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA5120bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5
-
Filesize
7.2MB
MD5f6d8913637f1d5d2dc846de70ce02dc5
SHA15fc9c6ab334db1f875fbc59a03f5506c478c6c3e
SHA2564e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187
SHA51221217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
72KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
1.2MB
-
Filesize
576KB
-
Filesize
760KB
-
Filesize
2.8MB
-
Filesize
620KB
-
Filesize
632KB
-
Filesize
172KB
-
Filesize
136KB
-
Filesize
688KB
-
Filesize
1.6MB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
5.6MB
-
Filesize
440KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
92KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB