Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
19-07-2023 14:45
Static task
static1
Behavioral task
behavioral1
Sample
Apache_OpenOffice_4.1.14_Win_x86_install_es.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Apache_OpenOffice_4.1.14_Win_x86_install_es.exe
Resource
win10v2004-20230703-en
General
-
Target
Apache_OpenOffice_4.1.14_Win_x86_install_es.exe
-
Size
125.6MB
-
MD5
0f232b91ce2ada21c8cc5f6bbe47a328
-
SHA1
09a1cb1cf806ba4d6dafc36123b8f7e103152646
-
SHA256
b04b8d34bdfc50a0ef0c0a59529a5907f1d49f1a97ec959f21937d5ce04259c5
-
SHA512
b50f4281f93d756900b3230450d41416cbfeead837340882af707bde57430a55b2043ab330c3aa6ff2f72e962a70c26307d6237a54a30996df6af79163a971a5
-
SSDEEP
3145728:aqzlXQFAk8YlZJVI/XNFEnZDwQ8ZbFNL8PkhFpLOGtZeHDfk3Fmqd:dXQFtHlSfb+wQ8/N5Ttc43sU
Malware Config
Signatures
-
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.14\Desktop.ini MsiExec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Q: msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\OpenOffice 4\share\dtd\officedocument\1_0\library.dtd msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\dtd\officedocument\1_0\toolbar.dtd msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\symbols\Sign-RadioButton02-Unchecked.svg msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swxform\toolbar\fullscreenbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\htmlexpo\simfirs_.gif msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\help\es\schart.key msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\helplinker.dll msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\include\python2.7\patchlevel.h msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\idlelib\Icons\openfolder.gif msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\platform.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\pdb.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swxform\toolbar\alignmentbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\readmes\readme_es.html msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\basic\Depot\Currency.xba msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\wizard\web\styles\ibg.css msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\solver.dll msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\filecmp.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\heapq.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\education\Books.png msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\simpress\effects.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\sunjavaplugin.dll msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\_weakrefset.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\resource\updchkes.res msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\schart\toolbar\calloutshapes.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swreport\toolbar\alignmentbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\evtatt.dll msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\distutils\emxccompiler.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sdraw\toolbar\linesbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\distutils\unixccompiler.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\diagrams\Section-Cubes02-Blue.svg msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\environment\GreenFactory.png msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\finance\ATM01.png msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\symbols\Calendar.svg msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\epg.dll msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\diagrams\Venn08.svg msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\encodings\__init__.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\resource\wzies.res msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\autocorr\acor_nl-BE.dat msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\diagrams\Pillars02-LightBlue.svg msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\template\wizard\letter\km\off-modern_l.ott msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\htmlentitydefs.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\basic\Template\dialog.xlb msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\sounds\kongas.wav msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\include\python2.7\enumobject.h msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\resource\sdbtes.res msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sweb\toolbar\drawingobjectbar.xml msiexec.exe File opened for modification C:\Program Files (x86)\OpenOffice 4\program\setup.ini msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\wizard\form\styles\bgr.css msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\www-graf\bluplus.gif msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.18\lib\lib-tk\Tkdnd.py msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\desktophelper.txt msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\people\BusinessPerson-Female2.png msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\sg13.sdv msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\wizard\web\buttons\square-yellow.zip msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\program\UAccCOM.dll msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\flowchartshapes.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\www-back\daisy.jpg msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\scalc\toolbar\fontworkobjectbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\statusbar\statusbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\graphicobjectbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\mediaobjectbar.xml msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\xslt\export\wordml\ooo2wordml_table.xsl msiexec.exe File created C:\Program Files (x86)\OpenOffice 4\share\gallery\people\Surgeon-Female1.png msiexec.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\Fonts\DejaVuSerif.ttf msiexec.exe File created C:\Windows\Fonts\opens___.ttf msiexec.exe File created C:\Windows\assembly\pubpol38.dat msiexec.exe File opened for modification C:\Windows\Installer\MSIA9EA.tmp msiexec.exe File created C:\Windows\Fonts\DejaVuSansMono.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSerifCondensed-Italic.ttf msiexec.exe File opened for modification C:\Windows\assembly\pubpol4.dat msiexec.exe File opened for modification C:\Windows\assembly\pubpol38.dat msiexec.exe File opened for modification C:\Windows\assembly\pubpol39.dat msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSIAB42.tmp msiexec.exe File created C:\Windows\Fonts\DejaVuSansMono-Bold.ttf msiexec.exe File created C:\Windows\Fonts\GenBkBasBI.ttf msiexec.exe File created C:\Windows\assembly\tmp\IZV0N63B\M2YNWP1G msiexec.exe File created C:\Windows\Installer\f779b97.msi msiexec.exe File opened for modification C:\Windows\assembly\PublisherPolicy.tme msiexec.exe File opened for modification C:\Windows\Installer\MSI5399.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI9D78.tmp msiexec.exe File created C:\Windows\assembly\GACLock.dat msiexec.exe File created C:\Windows\Fonts\DejaVuSansCondensed-Oblique.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSerifCondensed-BoldItalic.ttf msiexec.exe File created C:\Windows\Fonts\GenBkBasR.ttf msiexec.exe File created C:\Windows\assembly\tmp\IZV0N63B\policy.1.0.cli_cppuhelper.dll msiexec.exe File created C:\Windows\assembly\tmp\F1GZ1OAA\policy.1.0.cli_oootypes.dll msiexec.exe File opened for modification C:\Windows\Installer\MSI9C6E.tmp msiexec.exe File created C:\Windows\Fonts\DejaVuSansMono-Oblique.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSans-Oblique.ttf msiexec.exe File created C:\Windows\Fonts\GenBasBI.ttf msiexec.exe File created C:\Windows\assembly\tmp\XRM3EOS4\cli_oootypes.dll msiexec.exe File created C:\Windows\Fonts\Caladea-Italic.ttf msiexec.exe File created C:\Windows\Installer\{31496BD0-D89C-4950-8515-6F963316852D}\soffice.ico msiexec.exe File created C:\Windows\Fonts\GenBasB.ttf msiexec.exe File created C:\Windows\assembly\tmp\F1GZ1OAA\AVY5K2MP msiexec.exe File opened for modification C:\Windows\Installer\{31496BD0-D89C-4950-8515-6F963316852D}\soffice.ico msiexec.exe File opened for modification C:\Windows\Installer\MSI5377.tmp msiexec.exe File created C:\Windows\assembly\tmp\M0QY9O7B\policy.1.0.cli_uretypes.dll msiexec.exe File created C:\Windows\assembly\tmp\M0QY9O7B\XFO9IZPM msiexec.exe File created C:\Windows\Fonts\Carlito-Italic.ttf msiexec.exe File created C:\Windows\Fonts\GenBasI.ttf msiexec.exe File created C:\Windows\assembly\pubpol42.dat msiexec.exe File opened for modification C:\Windows\assembly\pubpol37.dat msiexec.exe File opened for modification C:\Windows\Installer\f779b95.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI5447.tmp msiexec.exe File created C:\Windows\Installer\f779b95.ipi msiexec.exe File created C:\Windows\Fonts\Carlito-BoldItalic.ttf msiexec.exe File created C:\Windows\Fonts\Carlito-Regular.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSans-ExtraLight.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSans-BoldOblique.ttf msiexec.exe File created C:\Windows\assembly\pubpol40.dat msiexec.exe File opened for modification C:\Windows\Installer\MSI5388.tmp msiexec.exe File opened for modification C:\Windows\INF\setupapi.ev1 DrvInst.exe File created C:\Windows\assembly\tmp\I9WUV8O3\policy.1.0.cli_ure.dll msiexec.exe File created C:\Windows\Fonts\Caladea-Bold.ttf msiexec.exe File created C:\Windows\Fonts\Carlito-Bold.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSans-Bold.ttf msiexec.exe File created C:\Windows\Fonts\GenBkBasI.ttf msiexec.exe File created C:\Windows\assembly\pubpol39.dat msiexec.exe File opened for modification C:\Windows\assembly\pubpol40.dat msiexec.exe File created C:\Windows\assembly\tmp\LRUHZMUZ\cli_uretypes.dll msiexec.exe File created C:\Windows\assembly\tmp\I9WUV8O3\H4OE9DRA msiexec.exe File created C:\Windows\Fonts\Caladea-Regular.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSansCondensed-BoldOblique.ttf msiexec.exe File created C:\Windows\Fonts\DejaVuSerif-Bold.ttf msiexec.exe -
Executes dropped EXE 3 IoCs
pid Process 1492 setup.exe 2104 unopkg.exe 1580 unopkg.bin -
Loads dropped DLL 64 IoCs
pid Process 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 1492 setup.exe 1492 setup.exe 1492 setup.exe 3056 MsiExec.exe 3056 MsiExec.exe 3056 MsiExec.exe 3056 MsiExec.exe 3056 MsiExec.exe 3056 MsiExec.exe 1824 MsiExec.exe 1824 MsiExec.exe 1824 MsiExec.exe 1824 MsiExec.exe 1824 MsiExec.exe 1824 MsiExec.exe 1824 MsiExec.exe 2104 unopkg.exe 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin 1580 unopkg.bin -
Registers COM server for autorun 1 TTPs 18 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\shlxthdl\\propertyhdl_x64.dll" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\shlxthdl\\shlxthdl_x64.dll" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\shlxthdl\\ooofilt_x64.dll" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\shlxthdl\\shlxthdl_x64.dll" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\shlxthdl\\shlxthdl_x64.dll" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\shlxthdl\\shlxthdl_x64.dll" MsiExec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 46 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\opendocument.ImpressDocument.1\protocol\StdFileEditing\verb\-1 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\OpenOffice.Potx\shell\open\command msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\OpenOffice.Xlsx\shell\printto\command msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.soh\ = "soffice.StarConfigFile.6" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\verb msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\soffice.StarImpressDocument.6\shell\printto\command\ = "\"C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.exe\" -pt \"%2\" \"%1\"" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB69413C98D05945851F669336158D2\gm_r_Ure_Hidden msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\MiscStatus msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\OpenOffice.Pot\shell\new\command msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB69413C98D05945851F669336158D2\gm_p_Wrt = "gm_Prg" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB69413C98D05945851F669336158D2\gm_o_Winexplorerext = "gm_Optional" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\soffice.StarDrawTemplate.6\shell\open\command msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\soffice.StarMathDocument.6\DefaultIcon msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\DataFormats msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Xlt\ = "Plantilla de Microsoft Excel 97-2003" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Pptx\shell msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.WriterTemplate.1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Xltx\shell\print\command\ = "\"C:\\Program Files (x86)\\OpenOffice 4\\program\\\\scalc.exe\" -p \"%1\"" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.123 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Docm\shell\open msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Xlsb\shell msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ots\ = "opendocument.CalcTemplate.1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\soffice.StarWriterGlobalDocument.6\shell\print\command\ = "\"C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.exe\" -p \"%1\"" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\DataFormats\GetSet\0 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\opendocument.WriterTemplate.1 msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\opendocument.WriterDocument.1\protocol\StdFileEditing\verb\0 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.std\PersistentHandler\ = "{7BC0E713-5703-45BE-A29D-5D46D8B39262}" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32\ThreadingModel = "Apartment" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.ImpressDocument.1\shellex\PropertySheetHandlers msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.WriterTemplate.1\ = "Plantilla de texto de OpenDocument" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\soffice.StarImpressDocument.6\protocol\StdFileEditing msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\soffice.StarWriterDocument.6\shell\ = "open" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\soffice.StarCalcTemplate.6\shellex\PropertySheetHandlers\MyPropSheet1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.sun.star.ServiceManager.1\CLSID\ = "{82154420-0FBF-11d4-8313-005004526AB4}" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\InprocHandler32\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\inprocserv.dll" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.DatabaseDocument.1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.oasis.opendocument.formula\Extension = ".odf" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.odg\shellex\{00021500-0000-0000-C000-000000000046} msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.MathDocument.1\protocol msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.WriterWebTemplate.1\shellex\PropertySheetHandlers msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Software msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\soffice.StarDrawDocument.6\protocol\StdFileEditing\verb\-1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.docx\ = "OpenOffice.Docx" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\Programmable msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\Insertable msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.ImpressTemplate.1 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.CalcTemplate.1\shell\printto\command\ = "\"C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.exe\" -pt \"%2\" \"%1\"" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Potx\shell\print\command\ = "\"C:\\Program Files (x86)\\OpenOffice 4\\program\\\\simpress.exe\" -p \"%1\"" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB69413C98D05945851F669336158D2\gm_p_Calc = "gm_Prg" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\OpenOffice.Docm msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.std\OpenWithProgIDs\soffice.StarDrawTemplate.6 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.sxm\shellex\{00021500-0000-0000-C000-000000000046}\ = "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\office.Extension\CurVer msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Pptm\shell\printto msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB69413C98D05945851F669336158D2\gm_o_Onlineupdate = "gm_Optional" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.WriterGlobalDocument.1\shell\open\command\ = "\"C:\\Program Files (x86)\\OpenOffice 4\\program\\swriter.exe\" -o \"%1\"" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Xlsm msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6\DefaultIcon\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.exe,38" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\opendocument.CalcTemplate.1\shellex msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\DefaultIcon\ = "C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.exe,0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\VersionIndependentProgID\ = "opendocument.WriterDocument.1" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OpenOffice.Potm\shell\open\command msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\OpenOffice.Ppt\shell\print\command msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB69413C98D05945851F669336158D2\gm_p_Calc_MSO_Reg = "gm_p_Calc" msiexec.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 656 msiexec.exe 656 msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3024 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3024 msiexec.exe Token: SeIncreaseQuotaPrivilege 3024 msiexec.exe Token: SeRestorePrivilege 656 msiexec.exe Token: SeTakeOwnershipPrivilege 656 msiexec.exe Token: SeSecurityPrivilege 656 msiexec.exe Token: SeCreateTokenPrivilege 3024 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3024 msiexec.exe Token: SeLockMemoryPrivilege 3024 msiexec.exe Token: SeIncreaseQuotaPrivilege 3024 msiexec.exe Token: SeMachineAccountPrivilege 3024 msiexec.exe Token: SeTcbPrivilege 3024 msiexec.exe Token: SeSecurityPrivilege 3024 msiexec.exe Token: SeTakeOwnershipPrivilege 3024 msiexec.exe Token: SeLoadDriverPrivilege 3024 msiexec.exe Token: SeSystemProfilePrivilege 3024 msiexec.exe Token: SeSystemtimePrivilege 3024 msiexec.exe Token: SeProfSingleProcessPrivilege 3024 msiexec.exe Token: SeIncBasePriorityPrivilege 3024 msiexec.exe Token: SeCreatePagefilePrivilege 3024 msiexec.exe Token: SeCreatePermanentPrivilege 3024 msiexec.exe Token: SeBackupPrivilege 3024 msiexec.exe Token: SeRestorePrivilege 3024 msiexec.exe Token: SeShutdownPrivilege 3024 msiexec.exe Token: SeDebugPrivilege 3024 msiexec.exe Token: SeAuditPrivilege 3024 msiexec.exe Token: SeSystemEnvironmentPrivilege 3024 msiexec.exe Token: SeChangeNotifyPrivilege 3024 msiexec.exe Token: SeRemoteShutdownPrivilege 3024 msiexec.exe Token: SeUndockPrivilege 3024 msiexec.exe Token: SeSyncAgentPrivilege 3024 msiexec.exe Token: SeEnableDelegationPrivilege 3024 msiexec.exe Token: SeManageVolumePrivilege 3024 msiexec.exe Token: SeImpersonatePrivilege 3024 msiexec.exe Token: SeCreateGlobalPrivilege 3024 msiexec.exe Token: SeCreateTokenPrivilege 3024 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3024 msiexec.exe Token: SeLockMemoryPrivilege 3024 msiexec.exe Token: SeIncreaseQuotaPrivilege 3024 msiexec.exe Token: SeMachineAccountPrivilege 3024 msiexec.exe Token: SeTcbPrivilege 3024 msiexec.exe Token: SeSecurityPrivilege 3024 msiexec.exe Token: SeTakeOwnershipPrivilege 3024 msiexec.exe Token: SeLoadDriverPrivilege 3024 msiexec.exe Token: SeSystemProfilePrivilege 3024 msiexec.exe Token: SeSystemtimePrivilege 3024 msiexec.exe Token: SeProfSingleProcessPrivilege 3024 msiexec.exe Token: SeIncBasePriorityPrivilege 3024 msiexec.exe Token: SeCreatePagefilePrivilege 3024 msiexec.exe Token: SeCreatePermanentPrivilege 3024 msiexec.exe Token: SeBackupPrivilege 3024 msiexec.exe Token: SeRestorePrivilege 3024 msiexec.exe Token: SeShutdownPrivilege 3024 msiexec.exe Token: SeDebugPrivilege 3024 msiexec.exe Token: SeAuditPrivilege 3024 msiexec.exe Token: SeSystemEnvironmentPrivilege 3024 msiexec.exe Token: SeChangeNotifyPrivilege 3024 msiexec.exe Token: SeRemoteShutdownPrivilege 3024 msiexec.exe Token: SeUndockPrivilege 3024 msiexec.exe Token: SeSyncAgentPrivilege 3024 msiexec.exe Token: SeEnableDelegationPrivilege 3024 msiexec.exe Token: SeManageVolumePrivilege 3024 msiexec.exe Token: SeImpersonatePrivilege 3024 msiexec.exe Token: SeCreateGlobalPrivilege 3024 msiexec.exe Token: SeCreateTokenPrivilege 3024 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3024 msiexec.exe -
Suspicious use of WriteProcessMemory 36 IoCs
description pid Process procid_target PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1368 wrote to memory of 1492 1368 Apache_OpenOffice_4.1.14_Win_x86_install_es.exe 30 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 1492 wrote to memory of 3024 1492 setup.exe 31 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 3056 656 msiexec.exe 34 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 656 wrote to memory of 1824 656 msiexec.exe 38 PID 1824 wrote to memory of 2104 1824 MsiExec.exe 40 PID 1824 wrote to memory of 2104 1824 MsiExec.exe 40 PID 1824 wrote to memory of 2104 1824 MsiExec.exe 40 PID 1824 wrote to memory of 2104 1824 MsiExec.exe 40 PID 2104 wrote to memory of 1580 2104 unopkg.exe 41 PID 2104 wrote to memory of 1580 2104 unopkg.exe 41 PID 2104 wrote to memory of 1580 2104 unopkg.exe 41 PID 2104 wrote to memory of 1580 2104 unopkg.exe 41 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Apache_OpenOffice_4.1.14_Win_x86_install_es.exe"C:\Users\Admin\AppData\Local\Temp\Apache_OpenOffice_4.1.14_Win_x86_install_es.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Users\Admin\Desktop\OpenOffice 4.1.14 (es) Installation Files\setup.exe"C:\Users\Admin\Desktop\OpenOffice 4.1.14 (es) Installation Files\setup.exe" -lang 10342⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1492 -
C:\Windows\SysWOW64\msiexec.exeC:\Windows\SysWOW64\\msiexec.exe SETUP_USED=1 /I "C:\Users\Admin\Desktop\OpenOffice 4.1.14 (es) Installation Files\openoffice4114.msi"3⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3024
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:656 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 86C76E3C52C271DE1227243329EEB281 C2⤵
- Loads dropped DLL
PID:3056
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A305D0D17A1581916CDFC0FCC43203312⤵
- Drops desktop.ini file(s)
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Program Files (x86)\OpenOffice 4\program\unopkg.exe"C:\Program Files (x86)\OpenOffice 4\program\unopkg.exe" sync3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Program Files (x86)\OpenOffice 4\program\unopkg.bin"C:\Program Files (x86)\OpenOffice 4\program\unopkg.exe" sync "-env:INIFILENAME=vnd.sun.star.pathname:C:\Program Files (x86)\OpenOffice 4\program\redirect.ini" "-env:OOO_CWD=2C:\\Windows\\SysWOW64"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1580
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:2740
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000060" "00000000000002C4"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1432
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
588KB
MD576b06fa2f89f11d29fe65fbf8e2fd5ce
SHA19bfa662f34cde1c09f090ad333a42ec62e45bfd6
SHA256991bcbf58bf5eafe6408889d41a21b9f60949a07744de8706ed422ae15c78f4c
SHA5122554722a0b7f50b0566536144420ac30c3c006e94a9b9fd0a91e23af931495b073cb121d79952aaf845743a8d15b819cbe44080f7061fdff95e4cc96c5851a25
-
Filesize
20B
MD52eb2668d2bf13379fa3584b9a9867b46
SHA186ee9f040505bb2f9ad01472bfc6c3f10f6f0091
SHA256ab308562fd6f5404d34e923152ee70ff7bddaab2f421a6c58730ba731bd09182
SHA51215dec785f3fd190336f8561a827566d90865d174f33f6c7947da7b298734aad887f522d2fc625353c8a798e4c6cfeef27bec59131fdab3384dba0fcdd50f8415
-
Filesize
1.1MB
MD5d2713c9935a766519babb9c517a4bfd9
SHA102ab0cf759eef4c09a436d3638d5d9869ed33e78
SHA256599c1518b4de919775ff78c49e801639ca1ebbd12435ce27d1ba1c091e0cb250
SHA51244cb7e1976051a32c3cf9f15353168cabbc92b13f3956b994ab30f46574d871938734491ee2c3979ecd4731aa85235651fe50c0dc5dd5c67ec31a699c9161244
-
Filesize
232KB
MD5acdb8fa56c5b5a37088a9dd5555734fb
SHA1cb7a30fc68203e615930d61205fec00e3482ab32
SHA2567e3188e1a92330655d8ee68dac30d250ed4d03be23fa96052c7eb14bfb63fb10
SHA5129bb9810d565039dbee79d20e0b49f82c9838ebdf54357a9eeca4f0c98b958ed621500d735e007611550ec47ac4b005f5b5c3d572ed453420b34e2cb5358727fd
-
Filesize
574KB
MD53db4202be786997e123c907e503d507f
SHA1253aa73bd63e8ead6b7bd96971306c23cfe0561d
SHA2566a59e46256cd7dc50fafae35e961cebcc80b6253b88717d2a643d27261999f7b
SHA512a8bf5a56e6eb5b19c2b225745f8b556213456e442b0e8b647c4d4a8ddbc2933e2056fa9403d2734c5ecacae438f86eae563a2c69ba0627dc532fdcea3c1dadc9
-
Filesize
26KB
MD5ef5fb932dc4f9780ebc77afc28b9e889
SHA10a0361d2a42a1462a8813fed5e432eb84f69cb75
SHA25620fd7c00c06d7e5b471bdfc0ebcf25d4ba7cbfb801b43befeac38ddc65466b91
SHA512944d790c44afc961a68969acf4f80e888e562a71285bfb637cea4dd1408b8d4433a71ba440f6953ec5f79d9ae3a28e334afe9e34179f590d7a16151e57eb05d6
-
Filesize
54B
MD5472e9bc3de46961d70744c1ad932f44f
SHA194e39e169b64f363a36e64721f6f07c6444c5d34
SHA25627e2c33328e4e6b117f41deccc7be249e0f2b8f9120a3e3eecd3c852d0c3293e
SHA512c3e99efd3510319db52eccbd265a49c221aa8ee283e7693474953b442fbdd3531495d4f4bdf6073c5c2cf738cae6fa10b7cf1e3ee93aede9dc1398cd84ecc188
-
Filesize
1.7MB
MD5d1fd0c0ab75704a4b169c07adb020ac2
SHA18d9f56ebfea358fb27cb0edba644b93a99c53e6c
SHA256bbc70c531d15d198ceb0a33fc3bd739649a99fa5d92d779cbbbedf7bedd15251
SHA51225ddaa6acf620eeeaa56cee66d0858a5b41bd70a6febc6c3dbe44606bfaf892a2879a5831926d3e24aef3b009967af49137d26f08b06f1ff1082c27ce4bcffc0
-
Filesize
13KB
MD5f52fc073df8750add59a7d6326a6d09a
SHA1dc8d447c4cfa63a98191123b14cb0c3be17c3b30
SHA25672822523f546d4773724cecefe244b0e95e496897fb12c6693ba1edf8fd89005
SHA51255ca71050cc4627962894dcb91366ccde2653284e58b95a77c98ddb44beff017a49f76bf95bcce2b4e957cd99313f7df6cc3650950bcc42a4e81644920d25f38
-
Filesize
388B
MD54bf92323a4d172e65a2fb1c40760ddd4
SHA19ab408e75c0f61668ab751875397ac9abef11e46
SHA256225584868170e675c65bede7a57003fc2cff2170c6afcf7ebad8ed452d2d23c9
SHA51269c78782f42d875033027b6df020156a20cb9e884161614b41408d8057e98b0af5de6cac69780fc36e7f985710b692e454f507756b3599022e6cbafc81e719c9
-
Filesize
388B
MD54bf92323a4d172e65a2fb1c40760ddd4
SHA19ab408e75c0f61668ab751875397ac9abef11e46
SHA256225584868170e675c65bede7a57003fc2cff2170c6afcf7ebad8ed452d2d23c9
SHA51269c78782f42d875033027b6df020156a20cb9e884161614b41408d8057e98b0af5de6cac69780fc36e7f985710b692e454f507756b3599022e6cbafc81e719c9
-
Filesize
379KB
MD5997f551d1b0b25b6593b7b6ce435bcee
SHA17ab6394cb6630f87730fc79d40f9964650994bbe
SHA256f9dda85191dbdb76239b26fe94c638b192c2324fba92463f17b28710cd2d3547
SHA5120ce04ba79609eba9dbd64ad3d4fbd369904c016da14319e38ea44f642a4e1d061078e2577a5805986d3048a73d5c82d17c85d357a4510b775f7a357df9338231
-
Filesize
40KB
MD552ea39144ceceb72e903954558b781e3
SHA1bce11d3cad6363326c5bc6dc8dcb8a68903163b7
SHA256d4ff97caf4d422f45132968af7b590803600c5dd2e4f3d4a20cf70fca9f3fb9f
SHA512b554ed872b6c28e7c4bbcd3ea71babd14284ac3bba2449db15fc98c376a7e3549af4116c622b4c6581effe249b7b802cf531736f14474a4c135f973c34bacaac
-
Filesize
40KB
MD552ea39144ceceb72e903954558b781e3
SHA1bce11d3cad6363326c5bc6dc8dcb8a68903163b7
SHA256d4ff97caf4d422f45132968af7b590803600c5dd2e4f3d4a20cf70fca9f3fb9f
SHA512b554ed872b6c28e7c4bbcd3ea71babd14284ac3bba2449db15fc98c376a7e3549af4116c622b4c6581effe249b7b802cf531736f14474a4c135f973c34bacaac
-
Filesize
11KB
MD5b875c7ce091593026403eb9131cfbbd8
SHA1508a1dfc7c22698c0666924c6ca7db809ce57984
SHA256a67518192bb5f1757aba0c0d0de79cb742a65d934b255330ea54c5095f71cf42
SHA5123fafedcadb014d5266df97fff235900cc174a2c523ebe83b74a3a8d1da76bad5fab0fe61d39d2523db861027a20cc05f6699afe9c96b9d77d6234d791aade8d6
-
Filesize
11KB
MD5b875c7ce091593026403eb9131cfbbd8
SHA1508a1dfc7c22698c0666924c6ca7db809ce57984
SHA256a67518192bb5f1757aba0c0d0de79cb742a65d934b255330ea54c5095f71cf42
SHA5123fafedcadb014d5266df97fff235900cc174a2c523ebe83b74a3a8d1da76bad5fab0fe61d39d2523db861027a20cc05f6699afe9c96b9d77d6234d791aade8d6
-
Filesize
111KB
MD5fefe7adc435b9d00b1abe67a1401864a
SHA1e4c0b1d5096fc55db766c8f849177e0854b7ca49
SHA25676263eb3d51c77bbbb4f1065831b2ab7180785d29b42ca70167c7b679d20f1f3
SHA51243751a96a8aae38e8f981b1a302e245829afc6117d16a39d0cb4d119c0e074c38b8a71f1aedc74a45f80257f74b24db3e8dbe7ed381cb28bed94e6cbe3eac8ed
-
Filesize
1.1MB
MD5426a69c536c5c1c1cb96d73c172cb088
SHA19a5035059f3c17d053a7b20d7545c5aec080b21d
SHA2564f8226b310e5ca434246bc3106705a09d056532c613e15d9c9c29cbbf3433957
SHA51270dd63fdb6b2243b0dd9df7b3e3b9e6bff411484f11a676c6f769f209e9349aa2153a433f46c2fb8bad200634442d3e7909cb1773133125370eb9a32712395f7
-
Filesize
83KB
MD5f37c7f0aeb53078affbd8e86333b3466
SHA14514deec7c69d8eec44f70cea54df8f884ab27f2
SHA256b535f52f74618378bb2e740d208473aadbc9885941341943e7b6cf2d36d37b3f
SHA512b69c632b9de18d441bf14c750bb19a0869c12a562873f6bc9550be70b9abc526c42690e261d2549ea53f8894ba9c8f5585cfd3690f738fc985baf6fcb56a8ca9
-
Filesize
97KB
MD5e71830d4e1432b2e7b87f9ca7d1eb97e
SHA1e6e59faaf18127c961aaba362a93a1dff45bfe85
SHA2560af4ddeec2175898d3f691e77b118ff2a8a26449510a39b1f69271245e449d3a
SHA5122e1818ed469895aab5c12b73fe30df2aaa00a22a874d880db25f7ac1ac64696d38e38e2d7c998df44d52f8c847d4e84c82394d3bff2fe8fd1ec154e46bfe2852
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\arrowshapes.xml
Filesize3KB
MD530f29f8bc2364c8825209311c23a9400
SHA1800fab986f8ce90305505c8a7ed8fb888148f2cf
SHA2565d0513e99b61a44590b1166002fdb7718d0df17d2d530586674d42f8adfe3f86
SHA512c6859ba265381b45e2a219486dfd9b3ef9a21f53527acf371743c8d7bbf3a1e21cac9bbf50ae664cd9aca459afbfdb1638af528b78413cc0a2cc26c00a41e4b8
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\basicshapes.xml
Filesize2KB
MD57d8b3a8516f8f4ccaabb651abfba6d54
SHA1df4601c32d49d8fc92d8445a8e72588d089a0704
SHA256dee7c013eb81edaf12552a3c29d38daec3f43130425a9b5346170c713509fb53
SHA5123e399ac089b5d014f433dc97dae4d83fa85f8aab72a48817ee0ecda441e6529fca2f4d21512fc191dd5ac3f24c47300ac575a4e32dfffe3d9ccba8db411bceef
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\calloutshapes.xml
Filesize1KB
MD51a247cb922bdecd9c81adff1f9e8112a
SHA133fe2b304e13aa169c17a566bf48094645006073
SHA25616b646eeb085201568673b1344f4773043e6b3f3cdb2e52182b359672128de20
SHA512d5afd85d828ddbdb6f013284f404b13aebc1b46ddaffbeffa9e89c10998d8ec14813a718f20ef4dcad2554092c4574ef96bb46813e96802c22d25c27ceb65641
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\flowchartshapes.xml
Filesize3KB
MD5a745ac650ef734d5da5623e2aa2b05f8
SHA14f44caa998bf1195620f209bb134c8e0ae09fd35
SHA25641e78588d8a63dd70ef7d8ab47b8a4d9b0e48fac5c8afc23e0d95244de25e5e9
SHA512eb16d59a51db0660472c37de1f0b7eaf88820206785e6a5fd75e3b905ca89e45f336dca6a08e15e36de11be9e34d41d8fe7c59e8e585b53fd46b36396d7b2ae3
-
Filesize
1KB
MD51366f772d261555879c5e9712a25a9e6
SHA15746a20b7b50b7f7ce4eac7c1e1ce7b7990201e2
SHA256bbebfb9f8e8849ad7c5a6e7a0707a0e9ee0ddcc3ba2138d95475e795c44edca5
SHA5128a53e85260baf8be9a77707ada423d6521ae04852b87411c21177b5e0bac23150b62e288647b97b5577deb2941ed00a3a293d8f489907976199bae09b8424f7d
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sglobal\toolbar\symbolshapes.xml
Filesize2KB
MD51ae3802ebd301b83e3e38ef3edf746c8
SHA1c1e8dfe5b54a7af090b234c84427f1126ae674f9
SHA2564b81cbcfab864659d749b4cff35723af6088294f96ab0c5fd5ffa05d21c6db48
SHA512bb3910b4adcafe8ca5d4a938df04f3bc7c0e35f636d7753289dcb48369e297ecce48911cec4a509a1675193f7a6a37a97e908c9bab3d38e2bf602ddc3e7121b3
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\simpress\toolbar\alignmentbar.xml
Filesize1KB
MD5d1c31fd7d4ddf6ce3000b10f34023229
SHA1e9ceffd1dc84fbfef3ae7b68dc58c1a83ea6eb07
SHA256f7f015edf3c24fae02e45f559a479136b04e44effbb81974bde81806f3f825d9
SHA512e06d6c54ce1b048fd4f4aada8d2c14b5ac08d3ba37ce28ae39b2f5a369572679929d0e7c30ed35e3ffb78f50877c63ee790cfe08fa8a26980f2616c2041cfd00
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\simpress\toolbar\fullscreenbar.xml
Filesize1KB
MD500fdc7b8e6d9b0c1d388b76d78eaebaa
SHA1060617eff9cfde962240b4352e6451aaee786cfa
SHA256f97afab08fa6a00d709218dea414455e8e6c864558984bb479d4d51b1d3b4ade
SHA5127db0648674b3353882ae530aee6dd40964b3dfe1b71968bba1c62069c0db2d5a167be12ee7070e01018b5ebb08fe18eb5ec434fab0e5f28e5d0c646767d8a0dd
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sweb\toolbar\extrusionobjectbar.xml
Filesize1KB
MD5fc3d5734821626bec8a4bc02353e83a2
SHA1a7a1a26e7293f5ea98c53d9816d5f42f35ec1cd5
SHA256808ffa548becc0f938037c1bc7bc42454931034cdc7a0b95f77857f8ed0cc459
SHA512bdfe34a57a8d98c72c9ecfbd1d8d1e896d01807f972bc0b8456c015837bacb303efe890edc5647a87eacacfd06c782a93e0929a443fd36feed7e1e78e6bdf8a3
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sweb\toolbar\fontworkshapetype.xml
Filesize3KB
MD5706be7ccec83c53ca9d95fd121b86ae4
SHA17d98669581173da1b4bb5a48c22e497810988162
SHA256f5654328a53e761cfcf8c65a5cb142a31c11256dc59dd3af335078c63de7bede
SHA512d7eb8e1bc26cb6e5c14310e0a67d6aa55f009e9f3f92d5aee130050a6473b2060dcc4f1c4b4c0dfe3286c12daa667154a31800bcded9eca0cf871600b6477394
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sweb\toolbar\formtextobjectbar.xml
Filesize2KB
MD5b0f92b9f81fab83e9866a56428b7d7b6
SHA1e02b296282b0a2aa63dc4c33bf041ae4aa82d638
SHA25602ba423d57d621d501500f9c196db6556e73db0431061b21b781c4c895b4aa79
SHA512322520cc7bc82d73d77fb692c4f0d344ea4f4a603f18de180a96d53787a495acc3aa5d76e92c8b1c162aeaaac7eacef32f2d3031b1cd5c1fca4201ac12039aec
-
Filesize
1KB
MD5a07c7cec7aedf6f61b7dc3d7694061b9
SHA1d8a6a629513096652686ba51ce4284ae2575a2e1
SHA2568b2e3b9abb67c6db5696a0d68bd600bcb3458731cf2ea616fe0e0ff3eff843b3
SHA512ca5428bfcefd86ec280c256e35ea9c68a255bd3b8fd90b0190080b05bdb5f1fd7686b2bc19a536b1350a1192866fff4aabc5902ff238ea17e284b9d0b2e7f00d
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\sweb\toolbar\mediaobjectbar.xml
Filesize1KB
MD572beb1f519e22b6a9677c58c91298140
SHA1a253196b6b1ab392af2397a5591e0e732f817658
SHA2565d6f0eee652fc4651764980e0baf885d8771e7af759874d888c6ff1c6591cc26
SHA512c1f0376aac7335021053da1516b97240de4f114514b6f6121835405702a926aaf87a3145f49789d2184a77aaf4cbade84f6d3a4197e100ac5d3728ca5ee2a5a0
-
Filesize
1KB
MD514fe0fb9e4e9e65665dda5a29d07e86a
SHA1b8e994ec3c393216d1cc70d567a7f8f526e26232
SHA25681f3f2ec040df98abbc94f145473690cb235ae9ac6e59328bef0d85c8709e4ac
SHA512b7b0d3b0fee487b641e08cf5911ddae5cfdd9689e55d624c4e1b700e6b6a004301a26c050aa33a08d3384c30e15f798d6319b91f6575a10447163b82d2a23a4e
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swform\toolbar\fontworkobjectbar.xml
Filesize1KB
MD5f188ef8ec133668e1fad929841f1b62b
SHA18a32d62ff456f9005b779c9a6d8fd2bb37a285af
SHA256bc3d21918a05255ac829190edb88fa7a0267a67268c16639fc89c8b91a5e1d0f
SHA512c683c609366da53e42c453df92403953398b0d6ed7667d7a538c15c3aa0f61700a247d28c0d9e360b2c016a7e18aa8b6bb5c69bc190cda11d091f8a9d2b9ac91
-
Filesize
1KB
MD57b3a2c5315329dbeb486324baec32c12
SHA1c4f3184baea574d6f4b353f655234d575e701b2a
SHA2567570333d0d991e73d4636fd58d48753953b8428937035deff2acf164acadc0b9
SHA5127c7b7e51e1df8af637ca0de4cb49c854f10ff533a400b16dc16dd3b1d3ec963687faca641fc259793292bfaf519520e3fdc0cf3edc0faca9448d4c7d6b1bba1b
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swreport\toolbar\formsfilterbar.xml
Filesize1KB
MD51e44ad8078e1ebe7605a4aa76bdc2d90
SHA16b50ee854e5b768beb23379b0c793f807ce30882
SHA256b6b088657c5bc989e2eeff22e570a4ff6369beee17ab4d16b84ef55fd6892d61
SHA512dc97358a4169652a123ad2a03da0cc0fcd71a89996291a629041d269aed73fe8111e870b0f47efcd63fed913d023711c5c4ac93abe92ec03584b1757caf83203
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swreport\toolbar\formsnavigationbar.xml
Filesize2KB
MD5b1f3cb470ba66617f3a2ddeda085d9ef
SHA16a8fe23317da1515ac8c700cfb2c224c62e12eb8
SHA256559abb8e5c82de5bd7ea5e583d688314811ca936443303db9d4d9cb3606ecf1f
SHA5122d38adb199e5c3e50065d5ddf6b39b3cb7d481828f645e81b6c790b8b4f94f8e865b45780c436a4aa3ad3cb0356b3cd731b3414d877e16d55fbea94a8e0d8d78
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\bezierobjectbar.xml
Filesize2KB
MD5fc98b5953c38b1fbe98f10b40d023d9c
SHA15df9b7b56182d635b8c9dd0897930377f80c3e42
SHA25612d3e8010994824400d82e727f515362b089eaa9de9864a8432ea1a887f04362
SHA512e7db8cba0bdb056d213a47c822c62d28d5be9d5a53fe6df2ee6803226078ced14f646953fe4ebd5ea96b7c4b823643dbbc3d8cd3f2e7a5de1b267006fea7891f
-
Filesize
2KB
MD53f67ff4d745e46ab22fcb45cbd959e6c
SHA15e1c6b87314f4c7f64a1533e57b48607d31b0467
SHA256fb4dbd459dc0d9f9f2f4f8b416d0342ebdfb1ed5a12307e5b3ac38f584fd0a89
SHA512981a213cb63443d41f2cb09e66eb4aee2cbcc79b94a50a3f3ed88aa8f1d8ddce4f06f6b67e1a5170851ebebbddb28e6aafe671815b6b661bae49946198f93085
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\drawtextobjectbar.xml
Filesize2KB
MD5d27a50775647f0c6be6cb113b789cf1a
SHA1e0dd5e3af2f7b19dfe9002c9468636540564d581
SHA2568ac250b5ac870e3380c861f1456a46359bfe17a2745078cb9dd10e9f7942e87d
SHA512efb087341b5bc6123f7e886533b5991c1f84f5d58cb6985f65be3464ec27182550dced73b9bff52237c8f68c0ca71fca766ce508dead645e83472ce1b0d11345
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\frameobjectbar.xml
Filesize2KB
MD5e47929623d3455afeb35b23b51e2b97d
SHA1a11df2e2c65cb67c54a4d08db05755667c9332d6
SHA256400da96f17ec52ab6291ce9707334b7b85db728a6a08e2869ac1328557bbf9f7
SHA5122f398343df03e7cc967cabb1b77049984d7e73fd34d844acc8a35ed3dd9ce8616b13c3644439cbb7678a905574374ac7caa173ecfbd650f265a41ca6be66dcff
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\numobjectbar.xml
Filesize2KB
MD5ea1675555d11147963a6c761d162ee84
SHA1115285b4c32fd6295a6bda4f27c97d4db0932c76
SHA256aa9b2afbd4d8c3402bd16691b957b9a4a97c8f7f1de98d3ff60a2e49f7f22bd0
SHA512430960b3ceed3556192b0610797269be9ac82a9e8feb9ba081a4a93462dddd2cd55c36ce94b499a713762fc136845013f41a6e2ee5e73921593ef8b5fc080d93
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\oleobjectbar.xml
Filesize2KB
MD5a7ad2c06c538b44af1e34d9c62d27aeb
SHA14e1ffa158711aa5729eb22e272d7369d2bf5c2aa
SHA256a11119c981fc23eaabd207022cb94c9adf0f6e1cef12f85eb1b0003551e0fadb
SHA51277f8758590d45af207d9a067d4fc5e15a8c27c6f9d13cc009364ca102ae78dd007ad1d36a47550571805c3b6c8a63c2c946e2b6a34973647b70300ae1c738c12
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\optimizetablebar.xml
Filesize1KB
MD5f38dde850334bfaf560a8beb427ea479
SHA134de34784782775f4e7c182e288f0ffb9667594f
SHA2568347cd391d8e3735f97b2c99fe4ba13180224afce87c9abf96c05fc2eaa5c12c
SHA512a7eea3a67da2751e931691cbe2ca139ea85fb541dce221ea7f71f99719a3ca59840938ceea3b28175466e8788a544d220d4152f56721dffdc62bfc0d1a0a9531
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\previewobjectbar.xml
Filesize2KB
MD5e3a6f8ecd58e5bfe0a7744d9edd595b8
SHA1a4d19de35f3fe89ad38e5e6c028dfa659ccfc2da
SHA256c46892997c975aeef2ad1f7d42be0ddf162febde321f8c4ca9585804193a170c
SHA51298d14e430658dc665c5b942a7bd65aec7d33fa816be87eda4bdfc6af2ac02df1f07f8caeb6602c1b7580d5bf5075674c1db6273fc43743f6cbc32d2356915bfa
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swriter\toolbar\tableobjectbar.xml
Filesize2KB
MD5239c15a89a05b82e3ebef46a1b7a90d1
SHA12d9dcffa44a102473ab322701a563b385c126851
SHA256f5ad2d306ea4f031123b6a8dc2da3bdeb0ed848e603a1aeca122409789e3301a
SHA512c26222f45a2009c10a526298d9da48b7f979c87fc94bcb4fe9d6897e78bb206669093bf8dd5c7fda6dc47c7459a046a4c39c721909b0175b3dbaeb2f974a6b7f
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swxform\toolbar\drawingobjectbar.xml
Filesize3KB
MD57165ffb260809d3b568c68b96b8d265d
SHA1ed1cf5f68e975c7babc382283f986ba9bb84b777
SHA256f4e1f4ad94dbfa9c5c433959ea6328bdaa58e204cfebb4417e897d7817928738
SHA5121ac6e32e342ae9a298a81e17bc468517da7387e78906fb60df1fb6233ca6e8b48b5f7321d4804d4b8870614ccf133175dda906d751efcec76f22a30b3f16c470
-
Filesize
1KB
MD5d53725e2d4d5bc5b9f57416b7e8f4dd7
SHA1fe51dc0a181c2f12876e7216c6d8c13cea418326
SHA256258e1ee7154758d023542bee788036a9c3de06fb41010122baecc285ac5d587b
SHA5129f80441294ccca1ce70ca9fca6c20f2055ef7cc9cba1e57ae0451fb11f80ad72c0f48fcde4fba0ee7ed41013b1ae5d46774cccf6dbffd5b136fc04028c4fa337
-
C:\Program Files (x86)\OpenOffice 4\share\config\soffice.cfg\modules\swxform\toolbar\textobjectbar.xml
Filesize3KB
MD5cb901c53f8a48785f9aa1f0de1c24b76
SHA152eb883554ef8fbed3e88859dde1698463ddb8de
SHA25603a2db3b9149c2c68919ca7fb2980e1bd1874f2af2b79e49fde542619c81902f
SHA5122da355c2de1f25236d71385d59f7c64c254e84bc4fde8451ff7c730293a41da5a53f51d52ef34e90dce933a802369b4d81ee8be160beb506faecbb9c323eaeeb
-
Filesize
38KB
MD551aa9946e7844c63a8888f2634c0ff83
SHA1d7d21ae072d571bd98b827fdab0da536ff19a59a
SHA2568999caecd70b2a6c51be6dd549cdec59f74d333d5ef22767902fc7b1682cd541
SHA512594f9dac7a2642e91b4857a7fa84e96d6ad9909831dc7309b72aaa9edf5301f91ab65d7fae302c3bc25ac4723b9135475cfbbc206d7939ecf99ee5e09c798522
-
Filesize
2KB
MD558b26eb6ab03be973425381f1de81aeb
SHA183c8ac739ac0069d7b6fefd84b9317c457b9a821
SHA25665365530165a871772e21962a5d7dda107d8d010f329bf59c878eabc3465bbe4
SHA512837b1ef7212aed8b8f8106a40a9ea61b14b97f03e455aff35847ea609023fb4ddd454c9546f0cb61acaa434fefa3330069993d7b0ee17102e4fd40d0e4a556b7
-
Filesize
2KB
MD5a2e85f463600039026ff7fb5374991a1
SHA186eb0eb3038f602f4c3b769b7f330cbcb536341a
SHA256b11bb3e78931d10e339748d89ca60269021df5ca963d117d137a0b70b6195103
SHA51230a56b1cb62795ef7475c8ccdd4c3220c0e4c64be93993edef21b6e8ab64029b04ef0bbf853503b6b6e49b31dd5434b9c0c8652969945e5bc3ebb5f00a9b4a31
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
88KB
MD5b9eae586172e00ff15c06071d1c7bb7b
SHA1a68a58912541093e449fc36645a033e6488da9b4
SHA2563301de5633e202f71238e42208a6f090e4b2a0f0d2f57d427f2f8c744c1f8b4b
SHA5129ddfdcad90d6aa88ad995f4f925c3cb32d79e0eddea1b988e3a573364e309602f7ae2ee2e4df0b5dc0c74054e1adbf9bf79eaf3da23cdfd474e8019d10498a9f
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
15KB
MD5ece25721125d55aa26cdfe019c871476
SHA1b87685ae482553823bf95e73e790de48dc0c11ba
SHA256c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA5124e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
Filesize
1KB
MD5fba9f861ab6eb7ccfebf58b784385239
SHA1ca7d513efa26e877aa7e4250a45a285938838ad3
SHA25690eb6280c3b9b8c8e150c195b3edcf0e85024835e3537399b1c2b8b655e73ff5
SHA5122ce2ad2c70f0f6d77cf6ab02a326499fcc76c632bfc2563def04bd76c3a53de7ed51b98144d59b808e3e1a9ab3c49280bd92be150a07cb82a8e8f7000f3bf26a
-
Filesize
115.8MB
MD57b8f16437a286ceab0dbd0dfda83a1a7
SHA10a9ad23c600a9158171a1d398f592ec959daa81a
SHA2567bd7865599896d5c5d4ac3158aedfbe90192fe62e6f7108359b32bf788c0894c
SHA512673a282f72078dc63b195610bace26de403609e350073124c211cad33df308fad4c2350cd309430e140fe68c4cde3fe7d4c91a0069459dafa1081ff295664ec9
-
Filesize
2.4MB
MD55e8ae79ab1a0e167daa34b8d71c03fe4
SHA1e3bbaf3d1a73b4909dd6511ae41bad88b860a650
SHA25601bebbc4ea64f0ceaf4a4bc8012538a81b212ab44eeb051c2937daeec9cf1e02
SHA512994e56dd27a2fdbc26c6dbe94e2287c71c45e781f902c0208fc65a74d030c99a553e25ead4140a0c731c17db72d00483f70453b05b1cd57f709a60546d6d643f
-
Filesize
468KB
MD53b25aaa2c67dbb96a99918939f5005ae
SHA1324ae2ffaa925c7c730ad1476eb4caaf8b40b276
SHA2567e3a2f9c75d2007f630016f4bcd3d1b88d74a8219105ef3d25e6af8680c3b35e
SHA5124f865b0dda57754c58a8e7ac34f9659165ca1ed7a02d21bddc28d343a9cfe585ceab19d502c672517b31cce59babe3d2d7c83371f26e6dbc2609fd0118021a87
-
Filesize
468KB
MD53b25aaa2c67dbb96a99918939f5005ae
SHA1324ae2ffaa925c7c730ad1476eb4caaf8b40b276
SHA2567e3a2f9c75d2007f630016f4bcd3d1b88d74a8219105ef3d25e6af8680c3b35e
SHA5124f865b0dda57754c58a8e7ac34f9659165ca1ed7a02d21bddc28d343a9cfe585ceab19d502c672517b31cce59babe3d2d7c83371f26e6dbc2609fd0118021a87
-
Filesize
282B
MD507d5e1fedf9f0e4c44b767960ebe34a7
SHA14f86b9a2ff97192e36dc4897f163da3a63107f45
SHA2561340f5bc8e41706f509132449e26f25a0fc51606e68800f23fb10eefcb2f8cf1
SHA512f092acec2b97271274a91912a6792bf797e0953fc110d7c53b100e8a350a2bff378fa251c0b839ae3776e0650f7e4b32a3c6b8d39f5e13a90e8d4ce550ef53fb
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
129KB
MD5734de72415b2b3c07e84006787a60655
SHA15d91fbc5abb5a9d5e3e02df06565ead09ebce90a
SHA256422a0104d3dc8d4d4c8368c9049c45d4062e15ffd2ea89511e6343b6d3062129
SHA512bc8041823d2a402b48a2dfa198f814d4560d743e51ea3317b8a2ad56c867615dd015d4d65bf56eab3b230ec3b6b57d4b7b95fa925a21171bfc621297f8da100e
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
131KB
MD5b46c8cc89d42d879f3866bd92302cde1
SHA1f5b335327d46037d4ef11ba835fff2d00013253d
SHA2565bca2900867bfb90d9ec1180ae6a2d89903b4804b193826533c5d826b2f4b1a5
SHA512f9b8b622a2251ca31cfa307aad6edcba09c9f24cf8507a15356e26a719a95c0a55f2a3979f511ce825a2642d723e382d066f937300627497a6670096a52d8116
-
Filesize
130KB
MD59cc9c7cb97e936665d3aaf0fb99c76bf
SHA1f311875a05d72dede7fccde15c54a0994a49c2d8
SHA25668b83dca2d4dfe2860775a5f378dda222823f8a823490797cf25466f8f250742
SHA512097262aa57200e67fd2ccc33d59766d8cb17ab115d6484210fa0e0bdd815d56b5effcba5685f9bd6f5b485afbbaa645ecf6a488aecf59435bfb6509b91d9fea8
-
Filesize
2.4MB
MD55e8ae79ab1a0e167daa34b8d71c03fe4
SHA1e3bbaf3d1a73b4909dd6511ae41bad88b860a650
SHA25601bebbc4ea64f0ceaf4a4bc8012538a81b212ab44eeb051c2937daeec9cf1e02
SHA512994e56dd27a2fdbc26c6dbe94e2287c71c45e781f902c0208fc65a74d030c99a553e25ead4140a0c731c17db72d00483f70453b05b1cd57f709a60546d6d643f
-
Filesize
114KB
MD536bbbdf17d1d677aed1584b1ff7d9a81
SHA1410a438db5749061fc6fd39be85d1209db4a1e0c
SHA256677af5fc4262f17bbc8dd1fcde5cdbc43da95d01fc7f54d5e23f2f43df50c07e
SHA512660db4f5236213d7672cb9ccd0cef300baad4f1e0971a57b68c8c09faeaea03f6376ca88f7f1cc79aa81a45ca8bba38d1846a5e99686c54374a06f7fc00e2c97
-
Filesize
62KB
MD5a328bcd21654ea2c084b4b911a999042
SHA1a65a7bfb9ca2538d77a45ac022da3a8189e8a733
SHA256729f35f225866fc401f89532299280c87fbffb4f294ba259fe4901577b9c5e49
SHA51257c072b355ea6afaa55ba7b4f765ba9d78ed29832c233567654f525eed76f46e4a55de80bf82ffcfb36ef9742600d4700f570565d17a387015e0bd3c7ff9260f
-
C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\23.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
Filesize3KB
MD56a7dd9499fa87e14cf1bda619f1b0228
SHA136aff3fdce8baefafcf28d463f2a30b22f8a0700
SHA256fdd7c72722b626be294cff64897f9eb39c6220676a7d103c4ae9bb336865ce1f
SHA512f76a98bcfabd1e91aa9218fdc30f96325e5cae286bf119f55aaa273daf0bce107689edb66ebf5bc254ce47c2f96a3f3e44fe6f5aa5eae262ad692ed7d93b3498
-
Filesize
11KB
MD528972de9a8a77eea476e51458b371290
SHA17b7cf28be9547d8134f12695bb07039e0ecc521f
SHA256ec6bff6008163dfefdae76486fd29582440c5c8e55c7b20291732e1a990e4137
SHA512eb580499778a6ff3cf3e4cae31275e9bdfcd824acd4ac3377002e18daa0a06d1b3a9bdf31b40a2fe49a7bf739ff25ea687fcd1d5b54a21898392f514b6e1a97c
-
Filesize
900KB
MD57c9f43536f84d1f69890f17ce7c7d6c3
SHA1228f74b3f4d945f2396ea7e60a84ef7eccba7ae1
SHA256f376ecc5dac7a50757bb00d1de7234a6bd893844a612996d86173f48a174618c
SHA5128774c6c194df00bcceae07966d675fbe4d9ccef0b4d95ad30785cf84bb52ec06420707626ff9d66c2b15ba920ba538c04029bc404a6a62858d6d2a6f823d52bb
-
Filesize
7KB
MD544c4b36b61cadb167eec8b5a28e133a9
SHA1df14cd9192126fa6e44d73d3dc478227a3401dbf
SHA256d782b7ef096f1dda5b815fede8d8660de35aa31f94e02995eae882635b052317
SHA512ba89e0aa38be27eb27ae10736d515785a82d96567d2e03e1eee98c5fc7483a21989f74de56a971adb3c1bf2c94cfbb2724ea2c13f91ad72f7f533a6bd4535772
-
Filesize
116KB
MD5fa3a161f5742adf98b74493063e66ef4
SHA11e927b22c2c1f90c074854259c5481c6e0c07a82
SHA256fba634d127761d16542419b456f2eb0b143c8f21b47b22788320270f02e3ab36
SHA512c96095b58099ce6705e239cb7abcea7895ce5687c7ace4a21396c8b94e07aaf3feacd8c264cbe8c128bcca72bd5bcccf2adee250d5bc7249d7ecb1c327b2e41d
-
C:\Windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\20.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
Filesize3KB
MD56487b31c84ddf982bc96f56a8e80ba39
SHA147ccbccf6239bd27f7a1bd5b2b05ce1ef443a17a
SHA256c2971aebcc5c899fcc0c1123b46bc9d51715aa83b894eff9b87389ba58a45d08
SHA512f5b07bb2eac8191f3100ef9e409e2bb20b57e875ddf612cbbf7de2d1db51d430629a51beacbdea8b5caaef0d54fb85de7ef3ec672d4f27ec8b55bf47175622ad
-
C:\Windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\9.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
Filesize3KB
MD5f102dc1febefa4e005c18c17ba0ad70f
SHA144df30224ef44769037a55d57c29aa68ad805d0a
SHA25610e3f2e0e779f54a5ef30137aee83650d9b3e6da5a0d953ff8e881e58f480136
SHA512f229805234041917380b67b7c2707bcf1cf1226adb8868ce007913e987a684d438282c4db786daf46cc02522d2ee00034f6fcb86709419ac3a6f2bcd07ff3446
-
Filesize
3KB
MD55bf4519ceee3012848fd1d4b4bed5cde
SHA1314bf09175c5585d3ff62943faf83e0e6e60fcdc
SHA256144b5b2071c52970456ff5b1ac3b15d7cc09b2f950f56430c1683202345d1ced
SHA512eb86f3eef367cf689fc716187bb8a17e2bb116c2e22288cb956b414403ee895ab192639b938694ef35c15b14cf979e2c9ce30148d7644c8af9066e0294eb2008
-
C:\Windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\9.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
Filesize3KB
MD57e7d103558bb6a1f489407e226db19ac
SHA1a3a9edf64193d9d1fb8f6a73d2ccd95305d7e9b1
SHA25672fc2cb9ccee004d7a560522ea0fce654b8d3d20fc77c966404dbd620cf99209
SHA512dd4861ccecd761f4476378c71e115bc85c226a014ca9ce25cd59ee1ec8ce386b9e73ea4773e62a44c47336934f84e2d27553f91c335880907e2fdc3951a906d3
-
Filesize
1.1MB
MD5d2713c9935a766519babb9c517a4bfd9
SHA102ab0cf759eef4c09a436d3638d5d9869ed33e78
SHA256599c1518b4de919775ff78c49e801639ca1ebbd12435ce27d1ba1c091e0cb250
SHA51244cb7e1976051a32c3cf9f15353168cabbc92b13f3956b994ab30f46574d871938734491ee2c3979ecd4731aa85235651fe50c0dc5dd5c67ec31a699c9161244
-
Filesize
232KB
MD5acdb8fa56c5b5a37088a9dd5555734fb
SHA1cb7a30fc68203e615930d61205fec00e3482ab32
SHA2567e3188e1a92330655d8ee68dac30d250ed4d03be23fa96052c7eb14bfb63fb10
SHA5129bb9810d565039dbee79d20e0b49f82c9838ebdf54357a9eeca4f0c98b958ed621500d735e007611550ec47ac4b005f5b5c3d572ed453420b34e2cb5358727fd
-
Filesize
574KB
MD53db4202be786997e123c907e503d507f
SHA1253aa73bd63e8ead6b7bd96971306c23cfe0561d
SHA2566a59e46256cd7dc50fafae35e961cebcc80b6253b88717d2a643d27261999f7b
SHA512a8bf5a56e6eb5b19c2b225745f8b556213456e442b0e8b647c4d4a8ddbc2933e2056fa9403d2734c5ecacae438f86eae563a2c69ba0627dc532fdcea3c1dadc9
-
Filesize
26KB
MD5ef5fb932dc4f9780ebc77afc28b9e889
SHA10a0361d2a42a1462a8813fed5e432eb84f69cb75
SHA25620fd7c00c06d7e5b471bdfc0ebcf25d4ba7cbfb801b43befeac38ddc65466b91
SHA512944d790c44afc961a68969acf4f80e888e562a71285bfb637cea4dd1408b8d4433a71ba440f6953ec5f79d9ae3a28e334afe9e34179f590d7a16151e57eb05d6
-
Filesize
1.7MB
MD5d1fd0c0ab75704a4b169c07adb020ac2
SHA18d9f56ebfea358fb27cb0edba644b93a99c53e6c
SHA256bbc70c531d15d198ceb0a33fc3bd739649a99fa5d92d779cbbbedf7bedd15251
SHA51225ddaa6acf620eeeaa56cee66d0858a5b41bd70a6febc6c3dbe44606bfaf892a2879a5831926d3e24aef3b009967af49137d26f08b06f1ff1082c27ce4bcffc0
-
Filesize
13KB
MD5f52fc073df8750add59a7d6326a6d09a
SHA1dc8d447c4cfa63a98191123b14cb0c3be17c3b30
SHA25672822523f546d4773724cecefe244b0e95e496897fb12c6693ba1edf8fd89005
SHA51255ca71050cc4627962894dcb91366ccde2653284e58b95a77c98ddb44beff017a49f76bf95bcce2b4e957cd99313f7df6cc3650950bcc42a4e81644920d25f38
-
Filesize
379KB
MD5997f551d1b0b25b6593b7b6ce435bcee
SHA17ab6394cb6630f87730fc79d40f9964650994bbe
SHA256f9dda85191dbdb76239b26fe94c638b192c2324fba92463f17b28710cd2d3547
SHA5120ce04ba79609eba9dbd64ad3d4fbd369904c016da14319e38ea44f642a4e1d061078e2577a5805986d3048a73d5c82d17c85d357a4510b775f7a357df9338231
-
Filesize
40KB
MD552ea39144ceceb72e903954558b781e3
SHA1bce11d3cad6363326c5bc6dc8dcb8a68903163b7
SHA256d4ff97caf4d422f45132968af7b590803600c5dd2e4f3d4a20cf70fca9f3fb9f
SHA512b554ed872b6c28e7c4bbcd3ea71babd14284ac3bba2449db15fc98c376a7e3549af4116c622b4c6581effe249b7b802cf531736f14474a4c135f973c34bacaac
-
Filesize
11KB
MD5b875c7ce091593026403eb9131cfbbd8
SHA1508a1dfc7c22698c0666924c6ca7db809ce57984
SHA256a67518192bb5f1757aba0c0d0de79cb742a65d934b255330ea54c5095f71cf42
SHA5123fafedcadb014d5266df97fff235900cc174a2c523ebe83b74a3a8d1da76bad5fab0fe61d39d2523db861027a20cc05f6699afe9c96b9d77d6234d791aade8d6
-
Filesize
111KB
MD5fefe7adc435b9d00b1abe67a1401864a
SHA1e4c0b1d5096fc55db766c8f849177e0854b7ca49
SHA25676263eb3d51c77bbbb4f1065831b2ab7180785d29b42ca70167c7b679d20f1f3
SHA51243751a96a8aae38e8f981b1a302e245829afc6117d16a39d0cb4d119c0e074c38b8a71f1aedc74a45f80257f74b24db3e8dbe7ed381cb28bed94e6cbe3eac8ed
-
Filesize
1.1MB
MD5426a69c536c5c1c1cb96d73c172cb088
SHA19a5035059f3c17d053a7b20d7545c5aec080b21d
SHA2564f8226b310e5ca434246bc3106705a09d056532c613e15d9c9c29cbbf3433957
SHA51270dd63fdb6b2243b0dd9df7b3e3b9e6bff411484f11a676c6f769f209e9349aa2153a433f46c2fb8bad200634442d3e7909cb1773133125370eb9a32712395f7
-
Filesize
83KB
MD5f37c7f0aeb53078affbd8e86333b3466
SHA14514deec7c69d8eec44f70cea54df8f884ab27f2
SHA256b535f52f74618378bb2e740d208473aadbc9885941341943e7b6cf2d36d37b3f
SHA512b69c632b9de18d441bf14c750bb19a0869c12a562873f6bc9550be70b9abc526c42690e261d2549ea53f8894ba9c8f5585cfd3690f738fc985baf6fcb56a8ca9
-
Filesize
97KB
MD5e71830d4e1432b2e7b87f9ca7d1eb97e
SHA1e6e59faaf18127c961aaba362a93a1dff45bfe85
SHA2560af4ddeec2175898d3f691e77b118ff2a8a26449510a39b1f69271245e449d3a
SHA5122e1818ed469895aab5c12b73fe30df2aaa00a22a874d880db25f7ac1ac64696d38e38e2d7c998df44d52f8c847d4e84c82394d3bff2fe8fd1ec154e46bfe2852
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
88KB
MD5b9eae586172e00ff15c06071d1c7bb7b
SHA1a68a58912541093e449fc36645a033e6488da9b4
SHA2563301de5633e202f71238e42208a6f090e4b2a0f0d2f57d427f2f8c744c1f8b4b
SHA5129ddfdcad90d6aa88ad995f4f925c3cb32d79e0eddea1b988e3a573364e309602f7ae2ee2e4df0b5dc0c74054e1adbf9bf79eaf3da23cdfd474e8019d10498a9f
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
15KB
MD5ece25721125d55aa26cdfe019c871476
SHA1b87685ae482553823bf95e73e790de48dc0c11ba
SHA256c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA5124e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
Filesize
15KB
MD5ece25721125d55aa26cdfe019c871476
SHA1b87685ae482553823bf95e73e790de48dc0c11ba
SHA256c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA5124e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
Filesize
468KB
MD53b25aaa2c67dbb96a99918939f5005ae
SHA1324ae2ffaa925c7c730ad1476eb4caaf8b40b276
SHA2567e3a2f9c75d2007f630016f4bcd3d1b88d74a8219105ef3d25e6af8680c3b35e
SHA5124f865b0dda57754c58a8e7ac34f9659165ca1ed7a02d21bddc28d343a9cfe585ceab19d502c672517b31cce59babe3d2d7c83371f26e6dbc2609fd0118021a87
-
Filesize
468KB
MD53b25aaa2c67dbb96a99918939f5005ae
SHA1324ae2ffaa925c7c730ad1476eb4caaf8b40b276
SHA2567e3a2f9c75d2007f630016f4bcd3d1b88d74a8219105ef3d25e6af8680c3b35e
SHA5124f865b0dda57754c58a8e7ac34f9659165ca1ed7a02d21bddc28d343a9cfe585ceab19d502c672517b31cce59babe3d2d7c83371f26e6dbc2609fd0118021a87
-
Filesize
468KB
MD53b25aaa2c67dbb96a99918939f5005ae
SHA1324ae2ffaa925c7c730ad1476eb4caaf8b40b276
SHA2567e3a2f9c75d2007f630016f4bcd3d1b88d74a8219105ef3d25e6af8680c3b35e
SHA5124f865b0dda57754c58a8e7ac34f9659165ca1ed7a02d21bddc28d343a9cfe585ceab19d502c672517b31cce59babe3d2d7c83371f26e6dbc2609fd0118021a87
-
Filesize
468KB
MD53b25aaa2c67dbb96a99918939f5005ae
SHA1324ae2ffaa925c7c730ad1476eb4caaf8b40b276
SHA2567e3a2f9c75d2007f630016f4bcd3d1b88d74a8219105ef3d25e6af8680c3b35e
SHA5124f865b0dda57754c58a8e7ac34f9659165ca1ed7a02d21bddc28d343a9cfe585ceab19d502c672517b31cce59babe3d2d7c83371f26e6dbc2609fd0118021a87
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
129KB
MD5734de72415b2b3c07e84006787a60655
SHA15d91fbc5abb5a9d5e3e02df06565ead09ebce90a
SHA256422a0104d3dc8d4d4c8368c9049c45d4062e15ffd2ea89511e6343b6d3062129
SHA512bc8041823d2a402b48a2dfa198f814d4560d743e51ea3317b8a2ad56c867615dd015d4d65bf56eab3b230ec3b6b57d4b7b95fa925a21171bfc621297f8da100e
-
Filesize
164KB
MD5d09d2d3c21e4c3b58eee71415184b8c5
SHA1b2e26c7d728a3f7dc169486d7e375dce02d0adac
SHA25603c231ef639969c5a83e2ba69dea6d23682b41f54868c84bd0fc486ac80c7dd3
SHA512861b67fdde64896a8b7b7d90d3a8b708cc4755e0d0d0bbda18f4fd6f7a5df03b1643ba53e385551ca4b50bbb61f523043e2734342f552a2615104d6b1100a650
-
Filesize
131KB
MD5b46c8cc89d42d879f3866bd92302cde1
SHA1f5b335327d46037d4ef11ba835fff2d00013253d
SHA2565bca2900867bfb90d9ec1180ae6a2d89903b4804b193826533c5d826b2f4b1a5
SHA512f9b8b622a2251ca31cfa307aad6edcba09c9f24cf8507a15356e26a719a95c0a55f2a3979f511ce825a2642d723e382d066f937300627497a6670096a52d8116
-
Filesize
130KB
MD59cc9c7cb97e936665d3aaf0fb99c76bf
SHA1f311875a05d72dede7fccde15c54a0994a49c2d8
SHA25668b83dca2d4dfe2860775a5f378dda222823f8a823490797cf25466f8f250742
SHA512097262aa57200e67fd2ccc33d59766d8cb17ab115d6484210fa0e0bdd815d56b5effcba5685f9bd6f5b485afbbaa645ecf6a488aecf59435bfb6509b91d9fea8