Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
80s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
09/03/2023, 16:57
General
-
Target
Optimizer-14.9.exe
-
Size
2.1MB
-
MD5
0acd5fdeb1332e99679f9c5403fd5dbe
-
SHA1
9941abbb97c285b8528830cae8762b251e16991a
-
SHA256
cc81be39adcb8ea105c75106084f7b6809014aede70b52fd7eb2f41d5c7c288c
-
SHA512
d8ad8f65c8b02fab99a72345940ef35b70e4e366700aab95e7b6e344aa7758fd890b307a2a034091ea469ec3b000604a5cfcb9b081a2192b492ff46111f692f3
-
SSDEEP
24576:Z46Va9ejh8vRY4n+ED8GJWzWw3BA/ZTvQD0XY0AJBSjRlXP36RMG:Z46Va9ejh8vR8ED8GYzWw3EAJBSjh
Malware Config
Signatures
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Disables use of System Restore points 1 TTPs
-
Sets file execution options in registry 2 TTPs 6 IoCs
-
Stops running service(s) 3 TTPs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Launches sc.exe 3 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Disables Windows logging functionality 2 TTPs
Changes registry settings to disable Windows Event logging.
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies Control Panel 9 IoCs
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Modifies registry class 4 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Runs .reg file with regedit 1 IoCs
-
Runs net.exe
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 1 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Optimizer-14.9.exe"C:\Users\Admin\AppData\Local\Temp\Optimizer-14.9.exe"1⤵
- Modifies Windows Defender Real-time Protection settings
- Modifies visibility of file extensions in Explorer
- Sets file execution options in registry
- Modifies Control Panel
- Modifies Internet Explorer Phishing Filter
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C sc config "RemoteRegistry" start= disabled2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\sc.exesc config "RemoteRegistry" start= disabled3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\vssadmin.exe"vssadmin" delete shadows /for=c: /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C powercfg -h off2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg -h off3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C powercfg -h off2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg -h off3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\fsutil.exefsutil behavior set disablelastaccess 13⤵
-
-
-
C:\Windows\system32\cmd.execmd /c ""C:\ProgramData\Optimizer\Required\DisableOfficeTelemetryTasks.bat""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Office\OfficeTelemetryAgentFallBack2016"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Office\OfficeTelemetryAgentFallBack2016" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Office\OfficeTelemetryAgentLogOn2016"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Office\OfficeTelemetryAgentLogOn2016" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Office\OfficeTelemetryAgentFallBack"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Office\OfficeTelemetryAgentFallBack" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Office\OfficeTelemetryAgentLogOn"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Office\OfficeTelemetryAgentLogOn" /disable3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe" /s "C:\ProgramData\Optimizer\Required\DisableOfficeTelemetryTasks.reg"2⤵
- Runs .reg file with regedit
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB"2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB"3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent D2CEEC440E2074BD"2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent D2CEEC440E2074BD"3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks.exe /change /tn NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /disable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /disable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks.exe /change /tn NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /disable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /disable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks.exe /change /tn NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /disable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /disable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C net.exe stop NvTelemetryContainer2⤵
-
C:\Windows\system32\net.exenet.exe stop NvTelemetryContainer3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NvTelemetryContainer4⤵
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C sc.exe config NvTelemetryContainer start= disabled2⤵
-
C:\Windows\system32\sc.exesc.exe config NvTelemetryContainer start= disabled3⤵
- Launches sc.exe
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C sc.exe stop NvTelemetryContainer2⤵
-
C:\Windows\system32\sc.exesc.exe stop NvTelemetryContainer3⤵
- Launches sc.exe
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C icacls C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger /deny SYSTEM:`(OI`)`(CI`)F2⤵
-
C:\Windows\system32\icacls.exeicacls C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger /deny SYSTEM:`(OI`)`(CI`)F3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /c ""C:\ProgramData\Optimizer\Required\DisableTelemetryTasks.bat""2⤵
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Customer Experience Improvement Program\BthSQM"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\BthSQM" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Customer Experience Improvement Program\Uploader"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\Uploader" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Application Experience\ProgramDataUpdater"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Application Experience\StartupAppTask"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Application Experience\StartupAppTask" /disable"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Shell\FamilySafetyMonitor"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Shell\FamilySafetyMonitor" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Shell\FamilySafetyRefresh"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Shell\FamilySafetyRefresh" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Shell\FamilySafetyUpload"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Shell\FamilySafetyUpload" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Autochk\Proxy"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Autochk\Proxy" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Maintenance\WinSAT"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Maintenance\WinSAT" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Application Experience\AitAgent"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Application Experience\AitAgent" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Windows Error Reporting\QueueReporting"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\DiskFootprint\Diagnostics"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\DiskFootprint\Diagnostics" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\FileHistory\File History (maintenance mode)"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\FileHistory\File History (maintenance mode)" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\PI\Sqm-Tasks"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\PI\Sqm-Tasks" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\NetTrace\GatherNetworkInfo"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\NetTrace\GatherNetworkInfo" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\AppID\SmartScreenSpecific"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\AppID\SmartScreenSpecific" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Change /TN "\Microsoft\Windows\Time Synchronization\SynchronizeTime" /Disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\HelloFace\FODCleanupTask"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\HelloFace\FODCleanupTask" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Feedback\Siuf\DmClient"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Feedback\Siuf\DmClient" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Application Experience\PcaPatchDbTask"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Application Experience\PcaPatchDbTask" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Device Information\Device"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Device Information\Device" /disable3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /end /tn "\Microsoft\Windows\Device Information\Device User"3⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /change /tn "\Microsoft\Windows\Device Information\Device User" /disable3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Persistence
Hidden Files and Directories
1Modify Existing Service
2Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD524c8a4a835a55211dd99e00688a8ab54
SHA186f7acc9933c94fa6329b6bb95c7089c80605210
SHA2562ee9cd453ff0057c4e85b95a1531e47b4d284fa7d69b3fd46241a0a2f16cdb34
SHA5120cdd1a5b855b4c8949d5365991111e7eb5dc9211b8fd2705a5260b7b1b0df881bc693721e095800c19323104a348d6a077f146e4a75bd3830110f41da9cdce75
-
Filesize
789B
MD5a0138d1905f70d4aa1af22c10c8039d7
SHA14820ccf2f419a7f03a455f513155b898e3f0c4fa
SHA256eddfa1c1a7af4b9332ca5bfefdfa17ff12248e449a3188af05800a536d465ab4
SHA5120d6c2d5f68759b261440257fd60cb01cea231163269af48762b3abcef7f4dbe566fd1d0c7b6461cea44ab5974efe9cfa5bf5b6ecce07bdcc5119cd095e65d271
-
Filesize
789B
MD5a0138d1905f70d4aa1af22c10c8039d7
SHA14820ccf2f419a7f03a455f513155b898e3f0c4fa
SHA256eddfa1c1a7af4b9332ca5bfefdfa17ff12248e449a3188af05800a536d465ab4
SHA5120d6c2d5f68759b261440257fd60cb01cea231163269af48762b3abcef7f4dbe566fd1d0c7b6461cea44ab5974efe9cfa5bf5b6ecce07bdcc5119cd095e65d271
-
Filesize
289B
MD5cc9959c976ec578e99adb50949128da0
SHA1b7a5556a82c70fa899c4175fe90301d21782593e
SHA256cbb7abb8aa100eb5ea50621bb31bb7c774bffefe7471fbfe959bcea2332bfbfc
SHA512ed55cee448db0ed95e494f9b8e68cde7fcb913dc3276b3267cf7cf54c734d02c569c0630c2df91cd6a7908b558b0fe789f38ca9dff40ae4f6c004f9f998fbac0
-
Filesize
2KB
MD5fed75b5cb9d9f4ec5ee22b8fd304ccf7
SHA11b4bdac9ac71fdee3bae90e52fcec60c88d7fa9d
SHA256d884c0d04ba09b113d9439d2f8c0b7ed322111ae2e3ed802f6a95278ff8e0ac2
SHA51236bed8311050f8c79e766678c59bb65177630279af8b4d2302aaf6146157887e1fb744785ac7f3290519778a592fb4d90fb7b7b9420e7346efdfec1085bf34e9
-
Filesize
2KB
MD5fed75b5cb9d9f4ec5ee22b8fd304ccf7
SHA11b4bdac9ac71fdee3bae90e52fcec60c88d7fa9d
SHA256d884c0d04ba09b113d9439d2f8c0b7ed322111ae2e3ed802f6a95278ff8e0ac2
SHA51236bed8311050f8c79e766678c59bb65177630279af8b4d2302aaf6146157887e1fb744785ac7f3290519778a592fb4d90fb7b7b9420e7346efdfec1085bf34e9
-
Filesize
649B
MD52446deb7e8dfd6336a44e1d53df9cf33
SHA1b293c203ce60d883e541f84331fbffbe439e455a
SHA25661b217ef0ff73b6f35d8ff86096f2db483785cb7532687ebdf0d4cd029ebab2a
SHA512d4b522d0c8b1b691b7f5b1968689c690eb886ad767e5fc42b98be1a9afb24f302e16f1243fdc368da147717bb195bfd3761b7049beb03873c9bf7ccc4a3562f6
-
Filesize
5KB
MD5cb03c3144aaff8fb1c3497c403c2b60f
SHA1ba4380abb20eaaeb638cdb142452def731817212
SHA256abd9b7c86e9186c4af174c2a630629588ec89a716d3ff04d357d2610e490c8d3
SHA512d76cf1fa9662bbafc931eb3720213e30a99de34ae0d92ff90a52a761555fc934fc9822c6beeddb882fabf990b30b17e8bf35b8acbc9d9898618d38fc259e9660
-
Filesize
5KB
MD5cb03c3144aaff8fb1c3497c403c2b60f
SHA1ba4380abb20eaaeb638cdb142452def731817212
SHA256abd9b7c86e9186c4af174c2a630629588ec89a716d3ff04d357d2610e490c8d3
SHA512d76cf1fa9662bbafc931eb3720213e30a99de34ae0d92ff90a52a761555fc934fc9822c6beeddb882fabf990b30b17e8bf35b8acbc9d9898618d38fc259e9660
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
Filesize
342B
MD59cd96566b342b1b5e986203c3038d29a
SHA161a4feffc66a150914613491c95fd4e28fb1ab43
SHA2560e97c604af8d65a3e26f0898bda983683ef61cbae8b8c7b4e61a4144212589e6
SHA51218b031da5c1d5e209b3b2d9247adad26e76245d09d9d12f3eb21a8ed1122d8ca8031003aaf290b6506cb2460675c76e09204fcda82b94665ab49e157059e1c5f
-
Filesize
342B
MD599d9be5d305ec3f3cd182b95191bda5e
SHA14a3c6aea58fbfdf3b8fd88517444926d2c5aebc3
SHA256766c7c434e8da23b0fbb5f91b6b0b5763bca500c79bcc69868297f3ac8eb19f8
SHA512190465fc2933c189d26ef3c4bff64553d593e557152aae383518adb79b54a4f9bfe4bb513971a8297f5e0a4218e6008732eac5af682e45627c92619f0f344875
-
Filesize
342B
MD5d58126a91bbb4bc16b5cf8da14a458bc
SHA1492738be7c764b0f1b88033752fc8c9ab6ebaadd
SHA256922f722b0fc16cfc44935691be81c9e94e559a702618f25bea5b91a124b3b2c5
SHA512d4e01eca0170bc282b1518e42650168aba3b05539693c9e315fbf29f432de69a6e4365f47e311383a5a068cb6bdd0834612abd19f05d929ab26511b9860492cd
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
2.1MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
712KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB