Analysis
-
max time kernel
330s -
max time network
331s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250207-es -
resource tags
-
submitted
08-02-2025 10:35
General
-
Target
https://github.com/goddamnnoob/Malware-1/blob/master/MEMZ-Clean.bat
Malware Config
Extracted
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet family
-
Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 5 IoCs
-
Modifies Windows Defender notification settings 3 TTPs 5 IoCs
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file 1 IoCs
-
Stops running service(s) 4 TTPs
-
Drops startup file 2 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 38 IoCs
-
Loads dropped DLL 9 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Using powershell.exe command.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 1 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 3 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 30 IoCs
-
Launches sc.exe 10 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 24 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 49 IoCs
-
Suspicious use of SetWindowsHookEx 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/goddamnnoob/Malware-1/blob/master/MEMZ-Clean.bat1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffca872cc40,0x7ffca872cc4c,0x7ffca872cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1736 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1832 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2416 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3144 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3172 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4780 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5196,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=5204 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4644,i,9796796942355364144,10315755193096537163,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1080 /prefetch:82⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUZENjM1NTUtRUUyNC00RTNFLTk1MEYtQTlGNzdGNDAyREI0fSIgdXNlcmlkPSJ7QzJCNjhFOTYtNkE2My00Q0VFLThEMUItODJGQTNDQjkyNjRFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RkZENTJDQTItMjVCNS00OUI2LUIwMzMtQ0FFQ0YwNUY5NjJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTQ0IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwMzc1NTYwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDkxNDgwMDU3OSIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\716996bb-e3e2-42d9-b095-f059eb6f260f_Malware-1-master.zip.60f\Malware-1-master\5.exe"C:\Users\Admin\AppData\Local\Temp\716996bb-e3e2-42d9-b095-f059eb6f260f_Malware-1-master.zip.60f\Malware-1-master\5.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\716996bb-e3e2-42d9-b095-f059eb6f260f_Malware-1-master.zip.60f\Malware-1-master\5.exe"C:\Users\Admin\AppData\Local\Temp\716996bb-e3e2-42d9-b095-f059eb6f260f_Malware-1-master.zip.60f\Malware-1-master\5.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\butterflyondesktop.exe"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\butterflyondesktop.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-OE8JD.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-OE8JD.tmp\butterflyondesktop.tmp" /SL5="$802E6,2719719,54272,C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffc920f46f8,0x7ffc920f4708,0x7ffc920f47184⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4076 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=284 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12180689655516997432,5091874356601673201,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:14⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\MicrosoftEdge_X64_132.0.2957.140.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6b409a818,0x7ff6b409a824,0x7ff6b409a8303⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD5013E8-3042-4F58-9724-EFCA067CEF8A}\EDGEMITMP_D98D1.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6b409a818,0x7ff6b409a824,0x7ff6b409a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7b1b8a818,0x7ff7b1b8a824,0x7ff7b1b8a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7b1b8a818,0x7ff7b1b8a824,0x7ff7b1b8a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\dividernetsh.exe"C:\Windows\SysWOW64\dividernetsh.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dividernetsh.exe"C:\Windows\SysWOW64\dividernetsh.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\dividernetsh.exe"C:\Windows\SysWOW64\dividernetsh.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\WannaCry.EXE"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\WannaCry.EXE"1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 103661739011069.bat2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\cmd.exe
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tzqlwyndqnw150" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\tasksche.exe\"" /f2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tzqlwyndqnw150" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\tasksche.exe\"" /f3⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskse.exetaskse.exe C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\youwin.exe"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\youwin.exe"1⤵
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender notification settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe/c sc stop WinDefend2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc stop WinDefend3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c sc delete WinDefend2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc delete WinDefend3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c powershell Set-MpPreference -DisableRealtimeMonitoring $true2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableRealtimeMonitoring $true3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Roaming\NetSf\youwin.exeC:\Users\Admin\AppData\Roaming\NetSf\youwin.exe2⤵
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender notification settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe/c sc stop WinDefend3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc stop WinDefend4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c sc delete WinDefend3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc delete WinDefend4⤵
- Launches sc.exe
-
-
-
C:\Windows\SysWOW64\cmd.exe/c powershell Set-MpPreference -DisableRealtimeMonitoring $true3⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableRealtimeMonitoring $true4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe3⤵
- Adds Run key to start application
-
C:\Windows\SYSTEM32\regini.exeregini C:\Users\Admin\AppData\Local\Temp\tmp0514⤵
-
-
C:\Windows\SYSTEM32\regini.exeregini C:\Users\Admin\AppData\Local\Temp\tmp0514⤵
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\youwin.exe"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\youwin.exe"1⤵
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender notification settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe/c sc stop WinDefend2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc stop WinDefend3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c sc delete WinDefend2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc delete WinDefend3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c powershell Set-MpPreference -DisableRealtimeMonitoring $true2⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableRealtimeMonitoring $true3⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Default\AppData\Roaming\youwin.exeC:\Users\Default\AppData\Roaming\youwin.exe2⤵
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender notification settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe/c sc stop WinDefend3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc stop WinDefend4⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c sc delete WinDefend3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc delete WinDefend4⤵
- Launches sc.exe
-
-
-
C:\Windows\SysWOW64\cmd.exe/c powershell Set-MpPreference -DisableRealtimeMonitoring $true3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableRealtimeMonitoring $true4⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Roaming\NetSf\youwin.exeC:\Users\Admin\AppData\Roaming\NetSf\youwin.exe3⤵
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender notification settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe/c sc stop WinDefend4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc stop WinDefend5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c sc delete WinDefend4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\sc.exesc delete WinDefend5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe/c powershell Set-MpPreference -DisableRealtimeMonitoring $true4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Set-MpPreference -DisableRealtimeMonitoring $true5⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe4⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUZENjM1NTUtRUUyNC00RTNFLTk1MEYtQTlGNzdGNDAyREI0fSIgdXNlcmlkPSJ7QzJCNjhFOTYtNkE2My00Q0VFLThEMUItODJGQTNDQjkyNjRFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2MTY2Mzk0NS01NDcwLTQ3NjktOEI5Ri1BRTcyREUzNzc4REN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjQxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjEiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezkyRTJGREE2LTRGNUUtNDlEQS04MTVDLURBMDdEMUQxQUM3Q30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM0MTY3MDEzODE1NDgwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTI5MzYzNzczIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5MjkzODM3NTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2MTM2NTkyMjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTYxNTc2MCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1NM1VtbUZOQ1BKZTB2cVdJR001VEdLUUYlMmY4bzd4WkRXVk43dm5iRDRNWTVydFI3cE9hQWFVZ2RtOUtKTWdKdGh1Y0FEdzI0ell2JTJmd3Q0VFElMmYwbnNpQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2MTM2NTkyMjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzA3NDAwMzZhLTRlMTgtNDU2ZC05NmZhLWQxZDljNGNhNDY3Nj9QMT0xNzM5NjE1NzYwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU0zVW1tRk5DUEplMHZxV0lHTTVUR0tRRiUyZjhvN3haRFdWTjd2bmJENE1ZNXJ0UjdwT2FBYVVnZG05S0pNZ0p0aHVjQUR3MjR6WXYlMmZ3dDRUUSUyZjBuc2lBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc3MTgwMjE2IiB0b3RhbD0iMTc3MTgwMjE2IiBkb3dubG9hZF90aW1lX21zPSI2MjE2NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjEzODE1NTc5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2Mjc0MDk1MDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNDg5NTc5ODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5NDIiIGRvd25sb2FkX3RpbWVfbXM9IjY4NDM5IiBkb3dubG9hZGVkPSIxNzcxODAyMTYiIHRvdGFsPSIxNzcxODAyMTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYyMTU1Ii8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxIiByPSIxIiBhZD0iNjYxMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7Q0NBMDY3NEYtOENDQS00ODU4LUE1ODEtQ0ZGMzhDRjEwNzJCfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NjA4IiBjb2hvcnQ9InJyZkAwLjkxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjEiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezAyMDZDNjU4LTQ0NUMtNERBQi04QzY2LTgwMkRERUE5REVGOX0iLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\MEMZ-Clean.exe"C:\Users\Admin\Downloads\Malware-1-master\Malware-1-master\MEMZ-Clean.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x12c,0x15c,0x7ffc920f46f8,0x7ffc920f4708,0x7ffc920f47183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x12c,0x15c,0x7ffc920f46f8,0x7ffc920f4708,0x7ffc920f47183⤵
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122883⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4fc 0x2441⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Browser Extensions
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify Tools
2Indicator Removal
1File Deletion
1Modify Registry
9Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
6.6MB
MD5b4c8ad75087b8634d4f04dc6f92da9aa
SHA17efaa2472521c79d58c4ef18a258cc573704fb5d
SHA256522a25568bb503cf8b44807661f31f0921dee91d37691bf399868733205690bf
SHA5125094505b33a848badcffd6b3b93aad9ad73f391e201dee052376c4f8573ba351f0b8c102131216088ffb38d0ed7b5fe70ba95c3ac2c33a50c993584fe7c435e3
-
Filesize
2KB
MD57f3cbb6ae24dfb7e6cab1dd556c9329b
SHA115536ae3185b36bc800c9d1da64332e6f4218dc1
SHA256010e9beba6ca82886486d5f49bc3fc02689572100e1c98c4878b825b42531a2c
SHA5129808236e73ee541c0c28c0c835620c18274285d1d7f0bcb48a0b47f38405f52b1b8426e69352b5655eea89247791abc8433ce4690481a7c92e9f2128d4c1cd4b
-
Filesize
2KB
MD5755b69f1dc9f10999e057f5fa2422959
SHA18c55f4a96122b376bdecac230dcad950bbd478ae
SHA2564549e9b45dc892a7248dfa3c292e29e4840cb870b13ff2e5da5b56e7cf0daab6
SHA512d37e6325c044eeb31985604c503684fe57179c4908a504964a7c61916426b063754aa4c81ad12edd09a4a67f5fe4fcaf4212eef07a3faae01e25903989eb090f
-
Filesize
3KB
MD5dda98b8baf50d3b81647e1e1dc427388
SHA189b663ca854189ad81ec75f22d0a3cc880ffb0ca
SHA256189d38f5227e18b09b5f59ce475e3b8125c0867a096642dfb51d3e40ca034a7b
SHA5127f24aa55938b5918e89ff76f76605ec93f81721bb3a3bc90d5fa782b03c70bf7a839580e923a3753f2c38e76c5ceaee00d231309e82fe189de1d8cb0585a0054
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD51d02931a6d33567e2d123be756e8afc5
SHA1d6833f0e33ab362334b1bb16389e9c4adb6b5848
SHA25633ca565cb1abb6c13fe6360398b60d80d50919fce48970664ba6f5d122afcd1c
SHA5128507df9b226c6ddc8139191f0c8b02652e77384889ced503409c64fabeb6a64b1e27f74fdc1d84f2c4e3ab7718950ec5f524ab3ce4ff22a1968c5fe8c8497d16
-
Filesize
1KB
MD5f086ee7be6a7a1db4c58432131036880
SHA148642bfb5985770e53dbc00237dc1158146fdcfd
SHA256179a351f801269b41c886769febd7719cf653708f9e307f0b88547933656761d
SHA5125365090a4dd6ad26c578e9066f6f51c860b8b07440fd308d7621db684a2b0d19c82827fe7e636989adc4c1928eb14da607d204c57ba9ec1a3fe7d29e0efec821
-
Filesize
1KB
MD58b3fb50ed14bffaf49b3f25bd5366604
SHA16365437a52356a38ad1497334d5822d1a3a8fa3d
SHA256d00b61f3630c03cdb5bb6687f58a4ed28f1ab05cbca286d9d419c49786f4fdd1
SHA5122bcbef1ba84d6b41dfcb44abcf40ff21634132ad5003c3ec9b33d960a1d506e5bae8d4482fd07016ffe8e65e91d3a5d10e1b7d0fdfb4eb3c298ee474da9485f4
-
Filesize
1KB
MD5cc9a1df46da054508360b155c9386fcd
SHA1b456b8a7697a134a1f36ab4bc1755f1bcefaf2db
SHA256efb08b818a71c28b318e679003cf9e9a6cae4783a98f3b600da5f8cf2c464b17
SHA51273b636c556cf0655d572f66f31036d77761f02d3426f78e21da92520e0825717c59728b6f659803eb901a54940fa66ef5899e86be2a577a4accc0ae00ca16a2c
-
Filesize
9KB
MD5f8602f1195ffbd10b1d3db93513555eb
SHA11687004ad869c77314fdfc722a1284d3f7c21c63
SHA256fbc6c89be8551abf5ac4037359d9d9887972a6ab4b9b7bd5cc723d28b0760438
SHA512419bbbb8ce0652cd33f825922cc4c5b74ff69fe224091c7442e6e47d847ad74153700087588f7223e4c71384cd2fd127e9d2d972161e175aee01f3113105309a
-
Filesize
9KB
MD5324ab9c12f33eece268b82588314e8ee
SHA1d58d6e683b410ea6cba9266cf2b1bab2cc2d3906
SHA256855b09dcbe8864a64a6953d114d0c1aa647623d4b91d107bd5ffe3fb6d07b33d
SHA512d8d2cb51057589bb6f0e90529a00d2a432d11b35d0ad5cdcaeb7292a27e7a3c030dc64da79546e77d64a8aea3d79e28bc7847a5849b14605f444d3d9f31b277c
-
Filesize
9KB
MD5f159710e44a416f45ce240667bd53d34
SHA100b4cbc96b926f998567ed9cf198731e392b26c6
SHA256c3c8e6ae9abac660c0fa615fede217731c27d83da3dfa0bc4f7dc3681b04a3c6
SHA512ad02002f4f0b16727dac2dd85d01fccd186036bd75d25f350d3586fc693c924196793e89738df317c422d8456c05d652561fee924b9bcd300e2af2ebb7199ffc
-
Filesize
9KB
MD57dc8bbf9bae8783cafd0d106e59bfd0d
SHA16cc5c552887dedb8ff6a544f83c0afb883bc3bb7
SHA256e7696e932fb44b1e8ea5d8b3235daa6b1058a30d8ad5ed785559cb7a8e07d5fd
SHA512808310e613217f003be1a4df8a9cd07dacd5eaf55a5f57184522f46432661d6ee0190ade371b442211e4733a5c56fc477e11b20cdedd3524adfbc6a3edfeedb6
-
Filesize
9KB
MD50c82e9a9fcb8ab4ee466865a22bfc4b1
SHA195380d3b41e5211da909e05e95854daef0fc42b8
SHA256a0f85f5eb087cf9d97f78d35972cfdc6c887be7900c866947030471da6073b19
SHA5122f198b3e7b44ca24ffbf6f90825145706840ddd97f0a570513bdb56f3145c8e1619f97f0289a2a1b7858ab090e2827df57fa356d71d7689b5fa276613d7e273b
-
Filesize
8KB
MD537a75b2b71a78026ab2f8065fb5173da
SHA1af11a773c173a0102204752816869f7c1affc696
SHA256ab2d0ece3146b699c4a3269c17f927dc6527fb3a105c71b4f1671595281bb713
SHA512de22895a467cb26585118b1065c6244ca59f44c45b397a0efd04f19f4602bb763e13fdbd1a96fdb32b79f21a5a1e7adb751cec92f834d19b334a30c1ae77b31c
-
Filesize
9KB
MD5cd0a1872f62aaad7218b0c4d7586c70a
SHA1a5a894832add6727d501b2319431db7341267e8b
SHA2563e6c69511222c2f2a91599b4c671bf9f21278a4cff228d872b525125d3d70340
SHA512af407f2c9b86bcab57cd6a45f9f90a8d1c746691708fa0a0f24b0b4ba04e2465bbdf8e3e50af6c3f2c56479ee41dae69e5874387cfaac420a3532f14b79a05ef
-
Filesize
9KB
MD590def73145b2c9d5b181875e5219b7af
SHA16c3e582e3aa0d37b16e07881665ebfa13ffbcd92
SHA256bceeab85a25096818c3c05081e65a3a399105e2d297a1d55ba95b571e719eb63
SHA51255657758c857b82b5ebe7834e3d6034448cc11f135f6574ff707ddeb28ca2b26ad558d091fc0e5ccf686bdaa4aac107f8043a343758327d9af9d13efa1b8e4e3
-
Filesize
8KB
MD5b923cf02a16c9724e7c857b83eb27fd3
SHA1bee9a4c45b447edcf2b928cde607f3122323522a
SHA2567dd73d1e773128f72adb2ae0be4da963e4b51814147edc495508cfb6364ba64e
SHA51265fc122fa03cf1cdb2a02cef788aa5c55c96619055b108bb71f8e81724ffdb6d29f5678aa2c27293ea5b00c8096408ebdf4b59533a7b2166a445432bcc61fb03
-
Filesize
8KB
MD5cf0c0c749749f1cffe2b213dbd55b066
SHA12d6b1739420d6612bda818ee4db51fc5e64fcc71
SHA2568de5a775f6adb3d48513dd751c4f9c6f516ebe9abf6c95a60631e1486eb119c2
SHA512d1f0e4e2b8ca16c695860d42e285612ad0dac4753b0e5dc9a68201ee933e0f8c604414cccae6bb025acf9642474bf1473030b27f2ca10888718c5b12d4bcb0e5
-
Filesize
9KB
MD54ba09639b128425ecfc67881a5d01b06
SHA1646530c6fd3de0a88a42699de3fc6bbca7b3eb98
SHA256848963be3f678dc640b542f13fce477e67f102057cb1ccc0ed0173a200e81bfc
SHA512edf47fa5636dd7e5c93def2a1f6f0ae59dcb18eb1cc15d8b44696d28f03e6acbfc111536a039c68431692cfdae461b67886a2e3140d299dad618e233dbe0c82c
-
Filesize
9KB
MD51407b8c55240b6228daedd84e983a0a9
SHA102cfc84a3065380afba10fde4bed55fac4e9e371
SHA25617addc7a1ac601bf7b6ac918be66a95619f5f70f5c5e8e32b42321f6225987f2
SHA5124add2bc94eb5e273c4585799cc0f7c80b102aa289d8c65c127f48d51b94db070e68d10e4c6863c78a38286a51fcb31462538ccd6a78c419f61787233e306a3fe
-
Filesize
9KB
MD5af01a2716378275d690731a018102115
SHA1b5ee298813b00b9ccd3aed7a4cd1d79843bc8c33
SHA256df39998908eb1962942eb02d5d6e7bd0e98c510f5a5c47f092c19a840fc5da72
SHA512b638b3ac42c183dc2f9f12f404a063d62072c64e1031dbb59d59b3a37c797dc9a62e9294e9a1166d500f72c930b583efc2610cd7ae4e95e70080642c8833d816
-
Filesize
9KB
MD5089859d3a1fc5e3f79dd9df0f88c6ab7
SHA1dccb7ec70eb45b149eb5a433362cbb3db2106e03
SHA256fbbfc546207a6393e7b063ef9d30a77cb17fbafa736469036ca04cd9e8ad9686
SHA5125faece22937870cc806a8c415a734aa7e9bc92cb37a06a481edff9093d6c7a1830b8d55e9c0f7df017a0c86b6249dbb5e37b8a6f189aeb243564d0b933b872d8
-
Filesize
9KB
MD560a7df95b891cf7122459c1056e9feb0
SHA1d930477f5be24c4e44bb5eaedd015b80441059e9
SHA256393db444c6679b5b73322ddd16dccb2857f2464b1343f862f4ec57447a3d7c1d
SHA512a50c18c1ca678fe0e8cacc3969c8643bbbd79443b19ff3ea1b0a9386f46d0459e2ba4f45f330cf992588f9ad72a607bfc075da0b818c9cf94d97ba227cf41c33
-
Filesize
8KB
MD587626b5adb7bf77530ae07c6a0eebfb7
SHA188e9e5df756538d8be8d29c4d90d1a8ea2467491
SHA256992c8d77860964a6f67e9983f5eec1138eb769f5d3507fd6d94f7c3d4f308f08
SHA51223c245aa3ce73b1c449293f9f8294bf2cd27d2f35d9cc2c03b24c36cec7b6ea8ce8edad617a6858d3bff14dcb34f8d6f79193bb6c178ca9aece47249b3c68af5
-
Filesize
9KB
MD5494f7ce620b7ee8f99b26cc4d7f7e64e
SHA1858e38c05271cfa64574b1814fa348e0681ccee4
SHA25652f5c66ca25dab8ab3c239c2fb862ddebf7c469481bdd657f18bd4314ca7d8dc
SHA5126b43874d135d6bb228319072310a7f6c56217902643b0c4c43c3827617daf71d68cc353cfaafa82c164ebcab35f77b6f75eed655506154a152477c70c6db509b
-
Filesize
9KB
MD5c4f49df73a443cc52f0d6139bf528c96
SHA1409f619e908b7ff6250713eec778a39895261344
SHA256084cd29c6801ae565ced4a9aa51f7db400ef214621d424f2522df9a6bf48f1d1
SHA512762165082e3732981a22133117042dc23394d3dbd731dc01e668082dc678c6e4b7ed9ff96f2ded582b9e17b9219e1cd02424f654a2efbc43287d9c7e3121fbbb
-
Filesize
9KB
MD58bd21f62b607eca0a2b590145b1d293a
SHA1476cf6af4fd84142db1b9d3709a5af93ad78cb83
SHA25680599339f391e05e75ae70176ec59ca412147571574746aee9aa6e3dfa0789b8
SHA51285b3ecf7e17f47be2f4ec5fd519018b47f9ada8433338e13ef96d738fce11dfa4d964959a665d5f2ef3c3010dadf77d7cd05c45bf6120bcb199b17994d069318
-
Filesize
9KB
MD545e7f69ee8814540858860175775efcc
SHA1f5dfd3097fe4f5921b393c4544d0aa35f329634b
SHA2564a603ff3c03a4d04d775230886db514b87644b4593ce3219e06231e5436596fa
SHA512d4dd3eefc338dfcead54fb6673216d85d2d6c52ed972555686b41cfeaadae8ec8234dc61b9dfb68cbe19d1b776609bb3af3131f0b544f59901edf201a67372ab
-
Filesize
9KB
MD5f1ac4ed8fad38c3d8c28f3ad8355c6fd
SHA1cb6fa24fbbe33a8904dc571ad5da4a41fd37622f
SHA2564d21de1ef422ee7a5a9193fa2ff8ba16d7509569d05e9e888857ad5bd30d314e
SHA512c47de9b3a7b9d85b24ed5400dfc1095527b64db4fc47278a7aba248f4782f1913f4018364670900c6c2689b4c40635868a8cd4c7e7be5523e2246b6e1517954d
-
Filesize
9KB
MD53029c8566bbb2b98b9293f2e09e2cfec
SHA189248f4949611b658a4f3261b0e84658c1cd33eb
SHA256f4a3d85fdfd505896ede12c6a8914c6e5652c30397152c89afb35029d71f32d9
SHA512c528506cb4992e4d12139ad45d5bcd96d94acd82f4e0b252158d20f6de498ad4c9f955da97837f55b3d181f6242b05fcc18a7bef80d5ca1a874981dfd513bbe8
-
Filesize
123KB
MD521699246824bf6f375c320a3737c9736
SHA128309df57ce22118bc46805a2d1d2b45f79aed6a
SHA2560b724b840f5cf37dcfc868c2eea1dcd4bbc3231c89ed3219b25c11042b8b1d04
SHA512c72cb71bbf196ff2d194803413cbcee0686656ecd746e8aefa5bc8d6493629535150818dc056be213010375ea4481dd5cf278efdc40f6ac920d6de40eb458d1f
-
Filesize
123KB
MD531977d0486595b162e7b19ad0cace4a4
SHA1ea63c802c961531bdc75ef1853ab2fe38fe4d020
SHA2563359bbe1f02c246b968b51e7128a2aaeabc84927e21a440ec29eee394280b28b
SHA5129da19c99bee37a31f00d88f7d996255c98ffa0e4cd452bbc547fcd8fecff9449fb4e8724864495d21fe936587965dc22b0b547a1a21dd1b498b422de3b61f9a6
-
Filesize
152B
MD51a5e8201f031ff9882d47fd461908108
SHA160e05c7472ee49b6f13b5c2bcc56bd28bdab68d2
SHA25679d2416dde70a38ee9fdb920e7ee16de89902dbe83a7b6561f644b1707c2ce38
SHA512cea63b90757d46b82c025572b21183b555065366ade395e1efa6370a74d4878b6d1fc445992e83fc910dd7b087edc5ba77c9cc1aa4e78186b6c509a9c9f718e1
-
Filesize
792B
MD56d2958202d68a5f52b24584542683abe
SHA140723dffe7e2cf2b705bc723002cda1d9b241180
SHA256daf73263be5c4dfd80ed241d34c50eb5cf18363415594cd1540192d3baa4d71d
SHA5127a5b300334f28bfae99ec04dcda0430bbc2f6ff648a28c89ab566958e1849971ded967e2c72d88b56fb444a8259cc6107d6cdea6c03037948e0717625254d5ae
-
Filesize
816B
MD519a857d86f92cf51babaf6ce88b926d7
SHA1d4e81f43da36aa9ff1eaa4f0271569673e7b207d
SHA256debe29571c25cb6b8967e47830c0bb91238f37cacf935d1eda3ec3d9c81128de
SHA5121c34dca3a2801c7655cefb874771e4d968ebeb86720a4547f11773c6a08bf6bc9a53c0d30a6c47dcd803aa130dc05455634ca350e80ee0d7e4c5ec9c653e99e9
-
Filesize
768B
MD58d5a7f7400652ae2db4408387e3191c9
SHA1a44eb3acb9c767c4df689d0ef4f801bb620110bc
SHA256aef6bea2002e091b8e72fa713e2183fdd2d18dad36797d6de766655e2f73322e
SHA512a7370e65395fb4da5f20e2f41812c3d64efed803087a9eb50703618b299b54bc7f418764fe46f0cb2104d452f3aa63da72d6cae11aa35bc8e747f6c0ee9d3b01
-
Filesize
3KB
MD5fda4a61e19701cef0f4e0ca4a2094fad
SHA1d9e805154f165aa5e848c42f71fd4f611a82f7ae
SHA2567b8b1d1ec20419de8628203c2ee87e7c84e18e2b22444e3f3965eac9b03a1fb9
SHA512c4cad6edc4b5716fecc54f780303ed8858eacbae185976ec26a5dd75708a0101146513a553b1fc6dff3ed52ba194236ed049b71d07b3812a1b7f964be8534631
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD52cfa6274ca751e50c1f5dd8a9f491d1a
SHA1bb463d168aa39361a9dce4d8c35d04930362c638
SHA25651beafe0693d3f39a36ccbfbd32ac232d214061d427761d9aa18a2dbbec3b4f4
SHA512c7a3fdc1add48adca6742f9e2da427ed42439d698435847808a33545c2444b9db2387ccfe606387dc5e9cae2e89adf73bb32e21096147a405753bbab8d1e9185
-
Filesize
2KB
MD56e989fcb992b07d257057f0d0b2db5cd
SHA188ad89a52be71be48ec45645da1ab5445ce9d697
SHA2561ce25abee725810758668a4133fcaeeffc7dbe93a84c03ace1ff704fe6cd561b
SHA512a719569a850cfd03dce0939005ce4e8cf0dedd349696ce995008ea1487eb8dce8d180e11138cbeb5c12993f4761e5cba727cc44e03ff74a7724b7f884401230b
-
Filesize
7KB
MD5c07af6a85ceda5358bfb633ef5702598
SHA1d53c76241feb141055690bf9ed020d1fca3db163
SHA2561b93eb3fa95f1816551ce5a0f16af09ca4977a540816f7dfb4bf27761f4ffd79
SHA5124dc9287c70d3d0eb6a43b65b38fc5069e8aa9664bf4f576902de3a9b504e00623cdda2839a56560a16f5518b3d43d70f717a26fc5a3bbdba026f26c354fe956b
-
Filesize
7KB
MD5767d02b43157de9763ba8f225830b6cb
SHA13fb301ad34a0eda9d563c88b2d03634000881927
SHA256cd3f171723d79267d5cde65bd86fe202dc0ab286eb39899e8bd938bdced6bbdc
SHA512b628557199c7fb74dc6dcbc8f2c6e4d2ef5213f42fdf21c448cadc6ad690a1a46aadf401e4bb0a6d36181d43c7c28ddce6213aff9dbce165c56eca4e81763aff
-
Filesize
8KB
MD580eb8d514f691c9d5335e4c5f69dc12e
SHA1b77da26cbdafce58674dfda6fe28a959f8bc096d
SHA2562e3390a5134b89b8ceb21ea974325a46a822c619b21fb81c3e7565a001804d0c
SHA51261d5f077c58da769403c067bfe4181aeb0f9fe6c15c37f5737647634ab4fff7f7933044edb0e92c635b4011bf5d58b8fe898ac23152792fe965b70d32be8ece0
-
Filesize
5KB
MD55f1ff76e4eb9edaa03d8070c8f4ebd86
SHA1271d9144fa9ecaf2c40d07e86b954d6f23b6a609
SHA2568d03cbb1763190cd7cfd3fb93febb8a83ca169eb9e82c33a56c13541e79a1cfb
SHA5125e8aab6f0ebb138400b01c6fd741081f8b2742de1ac0f913ded7c840cce4c49bbef0e39b8f9fc20a8d0efe965107ee59c6ee75f8a8f81918eb45fe61fc3c8332
-
Filesize
7KB
MD559cd0daa669d0c8b5668b1550181b5e9
SHA1c43f8a28387bd6bf9fbb974999f8e4dda3c44e13
SHA256765328daffa4a0dedb46137c4a1c9e11698c2c2735339772f112b502b531dab5
SHA512ee1a3ba203b383972825abbcf9aa9890ea018d386ffd14d7f5ca7ca0d4a22d20e1bc4fc87678b5d10a8bb1df62ed73f84a109e87f4c7f3668205f51dfeb9a556
-
Filesize
24KB
MD5da9131b2f8a151462d1144bf57ab14ed
SHA15c9a951616ec2347e415de0c2c646dd9896c21e4
SHA2566c8f728a738707d0b8d056c3692a6561e305d93f0ded75a33e845fb057814b9d
SHA512f0d3e4bcbc7239441e46b13fe889a80212033a999206c0e68c3b329d36b3acc7ad8cc08b41e75badc7d4bde1fcf08f86da6f26cc32b46ab071a663fd41c42033
-
Filesize
707B
MD5b8d43828eb7f5eb3fe7bb58cd4a7f8a2
SHA1f8e81c6cdde398bbde087519b9a193533fd78fb9
SHA256046317dc547ef131c71d151abbe7e80c3e71adaba2788157b5161c72129a923b
SHA512459e762b9873bf08fe30006200059b329c535c4aab858d6805692d91455126d493adc460ffabe62c43a8b37337b32efc49499463ab079307eefb50391d5cd83d
-
Filesize
707B
MD59bdce5f2ed25297b992f65e22bbbd5b1
SHA1cbbfb5c0722e579cdb8005e3ca9a93fb4313fc06
SHA256a043d67d32356be1107dea87c56f7427171e2826a3fb50f5fd233af4521108c4
SHA512ea18dd2b8133b5685f1273e614eb253e2186bcafc1ed17dbb513edf3ada25eb2b5f7e45ca0b9cefbb9e728a047c3ad441f8a0a4e35379774e75ee3dfc87abb77
-
Filesize
539B
MD5b6027c6a5f503271b746b29ede058170
SHA144329d3fdf1331960f41ecbee3daf8effe4eb690
SHA256e33b80915040f3a83a98e418bcb2d9691c0624778cfadc7ff7e7778f7b53958a
SHA51271ed4b6e4beb0004a31fd0de878fee50f703a1c44f4661f7a57ef47e9299e33c387ffa0dede76829b9ac904f382ff5095265e300c6391ab4482935a6bdae6d85
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c95c47dec10bc5978561343d01658e7a
SHA1464e5dc737e23e0397401d789e2763205965e50f
SHA2562d8be4e388b11dc04a7858f36d7114d523cd39d87eb7e2374c03b2688ac0b1e0
SHA5129f152e2bd82244f642097db2e152435fd896121ad20fa6f4db9af969621470c6677a2f0aadd98524fa80afb5a13979928fd5cf6e5a554dd08aff52b6f5be89e8
-
Filesize
11KB
MD59204cd509c5bb3e4d1f39eb22d03d5be
SHA12e77449b7b8fdfd95f02560e165830b18ac6fcce
SHA2568f60bfdf84888887b85913faa1af5ceeb89c1811920448d559b53d79b96d4dbf
SHA512170c0228d52f7f75a2357d4239cfe80ccb7035a5f176e9ba168f4083c8c65f6f9a181e9a6f7536a7d07aaa267167f145bc62f50eb8c1c5ae9b8915fb935c3894
-
Filesize
11KB
MD54e18bc80f30f625af3bdacae544cdb2d
SHA1e845496878a41c6f465a53425be8e280fac92a57
SHA256e79fe1a32e818368bfcb2c2a8dfba2c4420a8be7e8b25264cbf93f1f5d9fa7c9
SHA512b1b0a2dcc9433bfc7f5499270bd4e0f865bd865d7568c048170ca29a0be17f730f433b671544939d7dc5078fbfa89df78cd23ee207380bd3052e9c92e23c79f0
-
Filesize
11KB
MD571090cee98537d213218be971826de8b
SHA159c06f531798afeb691257d2a118171052ab1563
SHA256524e77b02460d3e9b0591a387ec7666f9ee14b8c7792d3e0fc4719ce26f87a35
SHA5124ce693430402d7dee7fb14b916d63f89f44848f6dc578d0656f97a6375bdfe7fe42a0648389723690f9f132c33972e234bbb9e097c269774da5dc9a0f677f709
-
Filesize
10KB
MD5bb68886d93a48481abb7321ea3ca8baf
SHA1cb8e386ca4576fee7b8e215e92567eb1522b12b7
SHA256178eee5845d217ebea089e478cd54bef7ce0ff4ad3a7fa9be03e499a03d27358
SHA512219416148b84967d8f19a6432947cd4425ed72fb154f3500ecd7e1b954bada6e46736b6799660c52d02ab0e9947a88efee65eb200b77388a4f94498dc9e63fb0
-
Filesize
10KB
MD55f913fa115b0f2a1e8495ba2e69f7b1f
SHA1f9bd7df68e5fda7418706d4818062133152b3576
SHA256ba4f62b05faca21c12cbdb5dddebf43c207dbb0229219000e9ba4fbf4db95d00
SHA5123133778eca82a4ccff6f0d902cae2966fac73271d5b09a4f5c21c037a5c70b26789d0cb5e482eed3875fc568abd10ba2488ed9c9e4b1967cef51a08ead46424a
-
Filesize
11KB
MD53b26f36189bb216f13f00f162785694c
SHA1f78c5395672d62914cb09e87bedebccbb74dfcbb
SHA256b7a18f7da14f5660853e6ef052bec5675ac997d16ea557810514cb1a6844eb7f
SHA512ccbc346b635a1dc4308053b282afb055e3af1c16b912666eb0218fcddc849479a108e0d007cb759beaa556f1e0829f0ab0d2be0dbf85a04b53a289aba73d0cae
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
13.3MB
MD52b7e3911d34114aef741abc1fd9fb93b
SHA1bbf9b2d0b497e13afadc47a11ff8073b6eb8fc12
SHA25636a2ef672e590db510bdf93a29a35c25ddc7b1c4f54daeb8585e133d6822b399
SHA5123d3a0a6e190fba8bc4c9d32fd8be37a493244cc8dcd5333f83d82cd61cbf24f659c0135a2d5355b20afd34e3b042699b73d2548c83df0397f1a0bde888c08132
-
Filesize
45.4MB
MD5ef37386fefe6fbbf646805a591add083
SHA11abfc73d9a379c796036de72e5f7961b4295bf5e
SHA2562ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c
SHA512112cccdada7554db108f3fd469e72fc0568aadbcad33b75a2046018827c5542d5fdcb6b454eb7bb0f58a6ea00e65bcd503a807222e1f21cc9a0f087c89453d3e
-
Filesize
933B
MD57e6b6da7c61fcb66f3f30166871def5b
SHA100f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA2564a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3
-
Filesize
1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
-
Filesize
780B
MD593f33b83f1f263e2419006d6026e7bc1
SHA11a4b36c56430a56af2e0ecabd754bf00067ce488
SHA256ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4
SHA51245bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac
-
Filesize
46KB
MD595673b0f968c0f55b32204361940d184
SHA181e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA25640b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA5127601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92
-
Filesize
53KB
MD50252d45ca21c8e43c9742285c48e91ad
SHA15c14551d2736eef3a1c1970cc492206e531703c1
SHA256845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA5121bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755
-
Filesize
77KB
MD52efc3690d67cd073a9406a25005f7cea
SHA152c07f98870eabace6ec370b7eb562751e8067e9
SHA2565c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA5120766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c
-
Filesize
38KB
MD517194003fa70ce477326ce2f6deeb270
SHA1e325988f68d327743926ea317abb9882f347fa73
SHA2563f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c
-
Filesize
39KB
MD5537efeecdfa94cc421e58fd82a58ba9e
SHA13609456e16bc16ba447979f3aa69221290ec17d0
SHA2565afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b
-
Filesize
36KB
MD52c5a3b81d5c4715b7bea01033367fcb5
SHA1b548b45da8463e17199daafd34c23591f94e82cd
SHA256a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3
-
Filesize
36KB
MD57a8d499407c6a647c03c4471a67eaad7
SHA1d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA2562c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12
-
Filesize
36KB
MD5fe68c2dc0d2419b38f44d83f2fcf232e
SHA16c6e49949957215aa2f3dfb72207d249adf36283
SHA25626fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810
-
Filesize
36KB
MD508b9e69b57e4c9b966664f8e1c27ab09
SHA12da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4
-
Filesize
37KB
MD535c2f97eea8819b1caebd23fee732d8f
SHA1e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA2561adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
-
Filesize
37KB
MD54e57113a6bf6b88fdd32782a4a381274
SHA10fccbc91f0f94453d91670c6794f71348711061d
SHA2569bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA5124f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9
-
Filesize
36KB
MD53d59bbb5553fe03a89f817819540f469
SHA126781d4b06ff704800b463d0f1fca3afd923a9fe
SHA2562adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA51295719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac
-
Filesize
47KB
MD5fb4e8718fea95bb7479727fde80cb424
SHA11088c7653cba385fe994e9ae34a6595898f20aeb
SHA256e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA51224db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb
-
Filesize
36KB
MD53788f91c694dfc48e12417ce93356b0f
SHA1eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA25623e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd
-
Filesize
36KB
MD530a200f78498990095b36f574b6e8690
SHA1c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA25649f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511
-
Filesize
79KB
MD5b77e1221f7ecd0b5d696cb66cda1609e
SHA151eb7a254a33d05edf188ded653005dc82de8a46
SHA2567e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc
-
Filesize
89KB
MD56735cb43fe44832b061eeb3f5956b099
SHA1d636daf64d524f81367ea92fdafa3726c909bee1
SHA256552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA51260272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e
-
Filesize
40KB
MD5c33afb4ecc04ee1bcc6975bea49abe40
SHA1fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA5120d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44
-
Filesize
36KB
MD5ff70cc7c00951084175d12128ce02399
SHA175ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19
-
Filesize
38KB
MD5e79d7f2833a9c2e2553c7fe04a1b63f4
SHA13d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de
-
Filesize
37KB
MD5fa948f7d8dfb21ceddd6794f2d56b44f
SHA1ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA5120d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a
-
Filesize
50KB
MD5313e0ececd24f4fa1504118a11bc7986
SHA1e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA25670c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730
-
Filesize
46KB
MD5452615db2336d60af7e2057481e4cab5
SHA1442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA25602932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA5127613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f
-
Filesize
40KB
MD5c911aba4ab1da6c28cf86338ab2ab6cc
SHA1fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA5123491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a
-
Filesize
36KB
MD58d61648d34cba8ae9d1e2a219019add1
SHA12091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA25672f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA51268489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079
-
Filesize
37KB
MD5c7a19984eb9f37198652eaf2fd1ee25c
SHA106eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA51243dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020
-
Filesize
41KB
MD5531ba6b1a5460fc9446946f91cc8c94b
SHA1cc56978681bd546fd82d87926b5d9905c92a5803
SHA2566db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9
-
Filesize
91KB
MD58419be28a0dcec3f55823620922b00fa
SHA12e4791f9cdfca8abf345d606f313d22b36c46b92
SHA2561f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA5128fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386
-
Filesize
864B
MD53e0020fc529b1c2a061016dd2469ba96
SHA1c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA5125ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf
-
Filesize
69KB
MD525b25629d06fcdff24d50f338719bd5f
SHA1e7150c1e108512bc4b8776047ac2831b30bfa03a
SHA25654d680f7d373eb9817008644185bc7f03250e85ce12b1f31ff6c329cfd8a2759
SHA5129d2962dc8849e676da963f4efe18574ec480c2eb19cb4b6e439a8dc222f80ac496c6bd48add8694e8e9f641cc6c3872f4f7348ca8e655502c8da7b171ae550dc
-
Filesize
97KB
MD54e01da66f3975cb52e9681916c7d77fa
SHA12715a21306907d5253de4a40e4941fdcda83da19
SHA2567a15ad8eb1eb2af737d042f42ac98806908d707c87d953ccef3e9639c9ef4093
SHA512ee09ccc8ae663551a44f44b70ee57dd20b1848949ab2d7f0f9a8de7dadd44dcd9e2c4b2c7376517e6162024061c35b6d3383a8e24f0a0f259bee7cabfe05a9e5
-
Filesize
98KB
MD5397195eb163abedcf8646410f1ba7ff7
SHA13dfcd0e9ce6b070c762727872f06d06459ea2c10
SHA2566d0059d247bd1cf4fbfdd5518673662e495c5d549d88d2c43d7dd89955a6e3b6
SHA512a7e4938db2017814e749f9462a57087efcddc443329a95c87a88f840b38a8adc14e56e2636b96215b6a2752f1dbea7d0c25148514dd00eaa97d1cd6e7b062331
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
652KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
652KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
400KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
16KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
16KB
-
Filesize
64KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
652KB
-
Filesize
64KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
216KB
-
Filesize
104KB
-
Filesize
296KB
-
Filesize
136KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
600KB
-
Filesize
520KB
-
Filesize
3.3MB
-
Filesize
200KB
-
Filesize
6.5MB
-
Filesize
40KB
-
Filesize
304KB
-
Filesize
1.0MB
-
Filesize
120KB
-
Filesize
304KB
-
Filesize
6.8MB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
400KB
-
Filesize
304KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
136KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
3.0MB
-
Filesize
136KB
-
Filesize
2.1MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
476KB
-
Filesize
112KB
-
Filesize
2.1MB
-
Filesize
520KB
-
Filesize
520KB