Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
6_850A9CE91...92.exe
windows10-2004-x64
1_85775FE8A...C0.pdf
windows10-2004-x64
1_857C1A063...C.xlsx
windows10-2004-x64
1_861C5A066...68.jar
windows10-2004-x64
7_874D15677...9B.jar
windows10-2004-x64
7_8799F7153...1D.dll
windows10-2004-x64
1_88ECC22CD...A.html
windows10-2004-x64
1_89C4639AC...1C.jar
windows10-2004-x64
7_8A4455BF4...A8.dll
windows10-2004-x64
3_8A902ECF1...DD.jar
windows10-2004-x64
7_8AE3EAF93...D.html
windows10-2004-x64
1_8AF2F97B5...AF.jar
windows10-2004-x64
7_8CAD92531...44.jar
windows10-2004-x64
7_8EFD210D2...6A.jar
windows10-2004-x64
7_8FCD084FE...B4.jar
windows10-2004-x64
7_903967F51...E1.exe
windows10-2004-x64
1_90FA1CB64...2.xlsx
windows10-2004-x64
1_919844873...8.xlsx
windows10-2004-x64
1_93B373EF7...04.jar
windows10-2004-x64
7_93E97C33E...00.pdf
windows10-2004-x64
1_9420AD2F9...80.jar
windows10-2004-x64
7_94221BE39...A.xlsx
windows10-2004-x64
1_9452A5808...0.html
windows10-2004-x64
1_94C8A56AF...BE.dll
windows10-2004-x64
1_94DF584B0...86.dll
windows10-2004-x64
1_9582D6BA5...D.xlsx
windows10-2004-x64
1_96AA03667...22.dll
windows10-2004-x64
1_9752D5615...DA.dll
windows10-2004-x64
1ISSetup.dll
windows10-2004-x64
1StepOne So....3.msi
windows10-2004-x64
6instmsiw.exe
windows10-2004-x64
7setup.exe
windows10-2004-x64
7Analysis
-
max time kernel
423s -
max time network
459s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 08:01
Behavioral task
behavioral1
Sample
_850A9CE912B13565AF29B34E031CC792.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
_85775FE8A80EE9570FE7A08C75F4D5C0.pdf
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
_857C1A06388DBA2B12F1ABD19D5F03EC.xlsx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
_861C5A066E0E465A9C73D7A8BC735568.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
_874D1567799B7B9AFBEE570F7726949B.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
_8799F7153471BC8E3B333E972437C11D.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
_88ECC22CD04E30B687F996108FEE9A6A.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
_89C4639AC9A69DE25B22FD180B6C971C.jar
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
_8A4455BF480BBD2E5E1D2EE0DD0807A8.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
_8A902ECF1774235EEA788809EA57F5DD.jar
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
_8AE3EAF9387809565C1C3DD8855EEF8D.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
_8AF2F97B51B0701F1C5EE9E312FBBDAF.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
_8CAD92531FCEE9FA6989F889207CDA44.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
_8EFD210D2566AB9E39E038BBD504596A.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
_8FCD084FEA1DEADAC814BE0A01BAFCB4.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
_903967F51CF6ABB3C214038FB99275E1.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
_90FA1CB6450C62F6483E2BB820CB8C82.xlsx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
_91984487357AC165A53A9419BD22C1E8.xlsx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
_93B373EF77137C2F96A8769427AC4304.jar
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
_93E97C33EA3FADA1FF34686C2BDD6300.pdf
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
_9420AD2F98EF4A71E4810AE1456EE580.jar
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
_94221BE3900094783D8A807534FD05EA.xlsx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
_9452A580896DE44A8695C6D27604EDB0.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
_94C8A56AFEEC9D34E03A0A2DA14CF8BE.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
_94DF584B0D852F45ED59495B3083B186.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
_9582D6BA500CA815CE2C40FEB88634BD.xlsx
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
_96AA03667D6CB6E55CBC8FBA4385D622.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
_9752D56150AC6C43A8ED642651B834DA.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
ISSetup.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
StepOne Software v2.3.msi
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
instmsiw.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
setup.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
setup.exe
-
Size
964KB
-
MD5
d6b7eb2d91821193541e290ec91d7b34
-
SHA1
0b59231cadf2f168b6f13e37de8b616de5be0527
-
SHA256
73b291823bcc151e63191b8f7e9ae0990764b8567ae2a98e6cbb2f46c6a46780
-
SHA512
90c3bb968cbbcd082d4d4abb8dceed41eb8f64d29bc829e0f6c9b3b67ad856c24620cb30acc9c791c84376eed8d6f257c45859099d4226081df931538a58c29e
-
SSDEEP
24576:1gPE9E45lYqV6d+4oscKQg2tTLe4aQWJE:SL4cqodaKBYT6ZZC
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
pid Process 1644 ISBEW64.exe 2144 mDNSResponder.exe 1660 stepone.exe 4424 javaw.exe -
Loads dropped DLL 31 IoCs
pid Process 1072 MsiExec.exe 1072 MsiExec.exe 1072 MsiExec.exe 2920 setup.exe 2920 setup.exe 2920 setup.exe 2920 setup.exe 2920 setup.exe 2920 setup.exe 4716 MsiExec.exe 4716 MsiExec.exe 4716 MsiExec.exe 4716 MsiExec.exe 4716 MsiExec.exe 4716 MsiExec.exe 4716 MsiExec.exe 1172 MsiExec.exe 1172 MsiExec.exe 3780 MsiExec.exe 1172 MsiExec.exe 1172 MsiExec.exe 4716 MsiExec.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe 4424 javaw.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\F: cacls.exe File opened (read-only) \??\O: setup.exe File opened (read-only) \??\I: setup.exe File opened (read-only) \??\T: setup.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\B: setup.exe File opened (read-only) \??\U: setup.exe File opened (read-only) \??\W: setup.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Q: setup.exe File opened (read-only) \??\K: setup.exe File opened (read-only) \??\R: setup.exe File opened (read-only) \??\V: setup.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\G: setup.exe File opened (read-only) \??\S: setup.exe File opened (read-only) \??\X: setup.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: setup.exe File opened (read-only) \??\J: setup.exe File opened (read-only) \??\M: setup.exe File opened (read-only) \??\Y: setup.exe File opened (read-only) \??\Z: setup.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\A: setup.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\L: setup.exe File opened (read-only) \??\N: setup.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\E: setup.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\P: setup.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\dns-sd.exe msiexec.exe File created C:\Windows\SysWOW64\dnssd.dll msiexec.exe File created C:\Windows\SysWOW64\jdnsf4a2.rra setup.exe File opened for modification C:\Windows\SysWOW64\jdns_sd.dll setup.exe -
Drops file in Program Files directory 9 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\ISSetup.dll setup.exe File created C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\setuf444.rra setup.exe File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\setup.ini setup.exe File created C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\0x04f444.rra setup.exe File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\0x0409.ini setup.exe File created C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\setuf435.rra setup.exe File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\setup.exe setup.exe File created C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\ISSef444.rra setup.exe File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\1033.mst setup.exe -
Drops file in Windows directory 26 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSID499.tmp msiexec.exe File opened for modification C:\Windows\Installer\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\ARPPRODUCTICON.exe msiexec.exe File created C:\Windows\Installer\e5ad41a.msi msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSIED58.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIEDA7.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF385.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\SourceHash{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC} msiexec.exe File opened for modification C:\Windows\Installer\MSIF1CF.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID479.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID575.tmp msiexec.exe File opened for modification C:\Windows\Installer\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\NewShortcut2_7F27D5912224497FB7A76D7112586B74.exe msiexec.exe File opened for modification C:\Windows\Installer\MSID873.tmp msiexec.exe File opened for modification C:\Windows\Installer\e5ad41a.msi msiexec.exe File opened for modification C:\Windows\Installer\MSID920.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIDCDA.tmp msiexec.exe File created C:\Windows\Installer\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\ARPPRODUCTICON.exe msiexec.exe File created C:\Windows\Installer\e5ad41c.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSIDE63.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID459.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIDD1A.tmp msiexec.exe File created C:\Windows\Installer\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\NewShortcut1_7F27D5912224497FB7A76D7112586B74.exe msiexec.exe File opened for modification C:\Windows\Installer\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\NewShortcut1_7F27D5912224497FB7A76D7112586B74.exe msiexec.exe File created C:\Windows\Installer\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\NewShortcut2_7F27D5912224497FB7A76D7112586B74.exe msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000005cf4f6141e81f6580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800005cf4f6140000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809005cf4f614000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d5cf4f614000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000005cf4f61400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Modifies data under HKEY_USERS 12 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\F:\Applied Biosystems\StepOne Software v2.3\bin\stepone.exe = "WINXPSP2 RUNASADMIN" msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers msiexec.exe Key created \REGISTRY\USER\.DEFAULT msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Program Files (x86)\InstallShield Installation Information\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\setup.exe = "WINXPSP2 RUNASADMIN" msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell\Open\command\command = 47006300240052002600560041004c0032004000320036006a00790045002e006b0075002e00750041007a007400650063004d00610069006e003c0020002d006f002000220025003100220000000000 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell\Open\command msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\Version = "33751040" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\DeploymentFlags = "3" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell\Open\command\command = 47006300240052002600560041004c0032004000320036006a00790045002e006b0075002e00750041007a007400650063004d00610069006e003c0020002d006f002000220025003100220000000000 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\shell\Open\command msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\ = "StepOne Software single experiment document" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\ = "StepOne Software multiple experiment document" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell\ = "Open" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\shell\Open\command\command = 47006300240052002600560041004c0032004000320036006a00790045002e006b0075002e00750041007a007400650063004d00610069006e003c0020002d006f002000220025003100220000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecJRE msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D7D5CA1193CE83B4D9200F362FC3E192 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.eds\edsfile msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList\Media\1 = "DISK1;1" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\Clients = 3a0000000000 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell\Open\command\ = "\"F:\\Applied Biosystems\\StepOne Software v2.3\\bin\\stepone.exe\" -o \"%1\"" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\shell\ = "Open" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecConfig msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D7D5CA1193CE83B4D9200F362FC3E192\F805FDA0D02A33B4E92EF2D5C9FE6ECE msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell\Open\command\ = "\"F:\\Applied Biosystems\\StepOne Software v2.3\\bin\\stepone.exe\" -o \"%1\"" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.edm\ = "edmfile" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\ = "StepOne Software experiment template document" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecUpdates msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.eds\ = "edsfile" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecPerm msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AuthorizedLUAApp = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList\Media\DiskPrompt = "[1]" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell\Open\command msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\shell msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.edt\edtfile\ShellNew msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\PackageCode = "9BB7D981E98595D4892D9CE9883B29A1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList\PackageName = "StepOne Software v2.3.msi" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell\Open\ = "Open Inside &StepOne" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecMain msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AdvertiseFlags = "388" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\ProductIcon = "C:\\Windows\\Installer\\{0ADF508F-A20D-4B33-9EE2-2F5D9CEFE6EC}\\ARPPRODUCTICON.exe" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.eds msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.edm\edmfile msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\shell\Open\command\ = "\"F:\\Applied Biosystems\\StepOne Software v2.3\\bin\\stepone.exe\" -o \"%1\"" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.edt msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.edt\edtfile msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecDocs msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell\Open\ = "Open Inside &StepOne " msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\BonjourCore msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell\ = "Open" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\edtfile\shell\Open\ = "Open Inside &StepOne" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\ArialFont msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\Assignment = "1" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell\Open msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edmfile\shell\Open msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F805FDA0D02A33B4E92EF2D5C9FE6ECE\AztecData msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F805FDA0D02A33B4E92EF2D5C9FE6ECE\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\edsfile\shell msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.edm\edmfile\ShellNew msiexec.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 776 msiexec.exe 776 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeSecurityPrivilege 776 msiexec.exe Token: SeCreateTokenPrivilege 2920 setup.exe Token: SeAssignPrimaryTokenPrivilege 2920 setup.exe Token: SeLockMemoryPrivilege 2920 setup.exe Token: SeIncreaseQuotaPrivilege 2920 setup.exe Token: SeMachineAccountPrivilege 2920 setup.exe Token: SeTcbPrivilege 2920 setup.exe Token: SeSecurityPrivilege 2920 setup.exe Token: SeTakeOwnershipPrivilege 2920 setup.exe Token: SeLoadDriverPrivilege 2920 setup.exe Token: SeSystemProfilePrivilege 2920 setup.exe Token: SeSystemtimePrivilege 2920 setup.exe Token: SeProfSingleProcessPrivilege 2920 setup.exe Token: SeIncBasePriorityPrivilege 2920 setup.exe Token: SeCreatePagefilePrivilege 2920 setup.exe Token: SeCreatePermanentPrivilege 2920 setup.exe Token: SeBackupPrivilege 2920 setup.exe Token: SeRestorePrivilege 2920 setup.exe Token: SeShutdownPrivilege 2920 setup.exe Token: SeDebugPrivilege 2920 setup.exe Token: SeAuditPrivilege 2920 setup.exe Token: SeSystemEnvironmentPrivilege 2920 setup.exe Token: SeChangeNotifyPrivilege 2920 setup.exe Token: SeRemoteShutdownPrivilege 2920 setup.exe Token: SeUndockPrivilege 2920 setup.exe Token: SeSyncAgentPrivilege 2920 setup.exe Token: SeEnableDelegationPrivilege 2920 setup.exe Token: SeManageVolumePrivilege 2920 setup.exe Token: SeImpersonatePrivilege 2920 setup.exe Token: SeCreateGlobalPrivilege 2920 setup.exe Token: SeCreateTokenPrivilege 2920 setup.exe Token: SeAssignPrimaryTokenPrivilege 2920 setup.exe Token: SeLockMemoryPrivilege 2920 setup.exe Token: SeIncreaseQuotaPrivilege 2920 setup.exe Token: SeMachineAccountPrivilege 2920 setup.exe Token: SeTcbPrivilege 2920 setup.exe Token: SeSecurityPrivilege 2920 setup.exe Token: SeTakeOwnershipPrivilege 2920 setup.exe Token: SeLoadDriverPrivilege 2920 setup.exe Token: SeSystemProfilePrivilege 2920 setup.exe Token: SeSystemtimePrivilege 2920 setup.exe Token: SeProfSingleProcessPrivilege 2920 setup.exe Token: SeIncBasePriorityPrivilege 2920 setup.exe Token: SeCreatePagefilePrivilege 2920 setup.exe Token: SeCreatePermanentPrivilege 2920 setup.exe Token: SeBackupPrivilege 2920 setup.exe Token: SeRestorePrivilege 2920 setup.exe Token: SeShutdownPrivilege 2920 setup.exe Token: SeDebugPrivilege 2920 setup.exe Token: SeAuditPrivilege 2920 setup.exe Token: SeSystemEnvironmentPrivilege 2920 setup.exe Token: SeChangeNotifyPrivilege 2920 setup.exe Token: SeRemoteShutdownPrivilege 2920 setup.exe Token: SeUndockPrivilege 2920 setup.exe Token: SeSyncAgentPrivilege 2920 setup.exe Token: SeEnableDelegationPrivilege 2920 setup.exe Token: SeManageVolumePrivilege 2920 setup.exe Token: SeImpersonatePrivilege 2920 setup.exe Token: SeCreateGlobalPrivilege 2920 setup.exe Token: SeCreateTokenPrivilege 2920 setup.exe Token: SeAssignPrimaryTokenPrivilege 2920 setup.exe Token: SeLockMemoryPrivilege 2920 setup.exe Token: SeIncreaseQuotaPrivilege 2920 setup.exe Token: SeMachineAccountPrivilege 2920 setup.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2920 setup.exe -
Suspicious use of WriteProcessMemory 29 IoCs
description pid Process procid_target PID 776 wrote to memory of 1072 776 msiexec.exe 39 PID 776 wrote to memory of 1072 776 msiexec.exe 39 PID 776 wrote to memory of 1072 776 msiexec.exe 39 PID 2920 wrote to memory of 1644 2920 setup.exe 40 PID 2920 wrote to memory of 1644 2920 setup.exe 40 PID 776 wrote to memory of 4716 776 msiexec.exe 124 PID 776 wrote to memory of 4716 776 msiexec.exe 124 PID 776 wrote to memory of 4716 776 msiexec.exe 124 PID 776 wrote to memory of 1172 776 msiexec.exe 125 PID 776 wrote to memory of 1172 776 msiexec.exe 125 PID 776 wrote to memory of 1172 776 msiexec.exe 125 PID 776 wrote to memory of 3780 776 msiexec.exe 127 PID 776 wrote to memory of 3780 776 msiexec.exe 127 PID 776 wrote to memory of 3780 776 msiexec.exe 127 PID 2920 wrote to memory of 528 2920 setup.exe 142 PID 2920 wrote to memory of 528 2920 setup.exe 142 PID 2920 wrote to memory of 528 2920 setup.exe 142 PID 528 wrote to memory of 1312 528 cmd.exe 141 PID 528 wrote to memory of 1312 528 cmd.exe 141 PID 528 wrote to memory of 1312 528 cmd.exe 141 PID 2920 wrote to memory of 1516 2920 setup.exe 146 PID 2920 wrote to memory of 1516 2920 setup.exe 146 PID 2920 wrote to memory of 1516 2920 setup.exe 146 PID 1516 wrote to memory of 4976 1516 cmd.exe 145 PID 1516 wrote to memory of 4976 1516 cmd.exe 145 PID 1516 wrote to memory of 4976 1516 cmd.exe 145 PID 1660 wrote to memory of 4424 1660 stepone.exe 148 PID 1660 wrote to memory of 4424 1660 stepone.exe 148 PID 1660 wrote to memory of 4424 1660 stepone.exe 148 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Users\Admin\AppData\Local\Temp\{FE83935B-DD66-4ABC-BCBD-DB0EBB4C984D}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{FE83935B-DD66-4ABC-BCBD-DB0EBB4C984D}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{52A1E32F-7FEE-480D-B82B-A2692C60CFCF}2⤵
- Executes dropped EXE
PID:1644
-
-
C:\Windows\SysWOW64\cmd.execmd /C cacls "F:\Applied Biosystems\StepOne Software v2.3\" /T /E /C /G "Power Users":F2⤵
- Suspicious use of WriteProcessMemory
PID:528
-
-
C:\Windows\SysWOW64\cmd.execmd /C cacls "F:\Applied Biosystems\StepOne Software v2.3\" /T /E /C /G Users:F2⤵
- Suspicious use of WriteProcessMemory
PID:1516
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding DF827B449BD58333962CBF44C290BE8C C2⤵
- Loads dropped DLL
PID:1072
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 096193E437FD208CFBB8BAC9165CF5D42⤵
- Loads dropped DLL
PID:4716
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BC4C2AD8D776A6FDE4599C32CB7C34D5 E Global\MSI00002⤵
- Loads dropped DLL
PID:1172
-
-
C:\Windows\syswow64\MsiExec.exe"C:\Windows\syswow64\MsiExec.exe" /Y "F:\Applied Biosystems\StepOne Software v2.3\bonjour\mdnsNSP.dll"2⤵
- Loads dropped DLL
PID:3780
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
PID:3068
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵PID:1380
-
F:\Applied Biosystems\StepOne Software v2.3\bonjour\mDNSResponder.exe"F:\Applied Biosystems\StepOne Software v2.3\bonjour\mDNSResponder.exe"1⤵
- Executes dropped EXE
PID:2144
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4564
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:2156
-
C:\Windows\SysWOW64\cacls.execacls "F:\Applied Biosystems\StepOne Software v2.3\" /T /E /C /G "Power Users":F1⤵PID:1312
-
C:\Windows\SysWOW64\cacls.execacls "F:\Applied Biosystems\StepOne Software v2.3\" /T /E /C /G Users:F1⤵
- Enumerates connected drives
PID:4976
-
F:\Applied Biosystems\StepOne Software v2.3\bin\stepone.exe"F:\Applied Biosystems\StepOne Software v2.3\bin\stepone.exe"1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1660 -
F:\Applied Biosystems\StepOne Software v2.3\jre\bin\javaw.exe"F:/Applied Biosystems/StepOne Software v2.3/jre/bin/javaw.exe" "-Dosgi.configuration.area=F:/Applied Biosystems/StepOne Software v2.3/config/eclipse" "-Ddata=F:/Applied Biosystems/StepOne Software v2.3/config/eclipse/workspace" -Dcom.apldbio.core.security.db.DataSource=DerbyDataSource "-Dderby.system.home=F:/Applied Biosystems/StepOne Software v2.3" "-Dhome=F:/Applied Biosystems/StepOne Software v2.3" -Dswing.aatext=true -Duser.language=en -Duser.country=US -Dlogin=true -Xms128m -Xmx512m "-Xbootclasspath/p:F:/Applied Biosystems/StepOne Software v2.3/eclipse/plugins/com.apldbio.sds.platform_2.1.0/lib/jai_imageio.jar" -jar "F:\Applied Biosystems\StepOne Software v2.3\bin\..\eclipse\startup.jar" -os -ws -arch -launcher "F:\Applied Biosystems\StepOne Software v2.3\bin\stepone.exe" -name Stepone -showsplash 600 -exitdata 67c_24c -vm "F:/Applied Biosystems/StepOne Software v2.3/jre/bin/javaw.exe" -vmargs "-Dosgi.configuration.area=F:/Applied Biosystems/StepOne Software v2.3/config/eclipse" "-Ddata=F:/Applied Biosystems/StepOne Software v2.3/config/eclipse/workspace" -Dcom.apldbio.core.security.db.DataSource=DerbyDataSource "-Dderby.system.home=F:/Applied Biosystems/StepOne Software v2.3" "-Dhome=F:/Applied Biosystems/StepOne Software v2.3" -Dswing.aatext=true -Duser.language=en -Duser.country=US -Dlogin=true -Xms128m -Xmx512m "-Xbootclasspath/p:F:/Applied Biosystems/StepOne Software v2.3/eclipse/plugins/com.apldbio.sds.platform_2.1.0/lib/jai_imageio.jar" -jar "F:\Applied Biosystems\StepOne Software v2.3\bin\..\eclipse\startup.jar"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD514eb4237a5677e627a1483d8071d873e
SHA12e6607aa57b03813324bedb2aaf9434f32965cc0
SHA2568b1285006cbc901fd4ef4a02663a950ad5e04ea3c50f96d24062bdd1965652d4
SHA512a2f4e66845dbb2d8db33c853f14f0cd56eb272116f7a6e47a43e6cbe232688d69dbf2a5ec1e2d6f1d4f2f0c00ace29d43731c2a2d8703e69c1a95506d4f4ea05
-
Filesize
27KB
MD557ee4ba8a3ab571ca7dfb83faac78d68
SHA1d6498c83795ad0298be8346fe1abda5e359d9c61
SHA256aca60f071aa92daa3ac884c92cb62d9135b9b4ae5696a12982e7f67a5fdc65b7
SHA512eb99c082d13b34da942ad9e37b411a1e7222c0e5e24858bda0d62ba607d282dcd514e29c116bf6f0b3ffed6827021d6697381b3dacfbe241bfe57290826521a2
-
Filesize
76KB
MD557ef661a186462b93026dadd2ef04ebe
SHA19680cb708c3b06612c7c6d9ca278ce79f1bc2184
SHA256c3b2b0241891d166b5966d1dabfb51676e860f8f113819f0631b2a6f0bc51ad6
SHA5121c2c3d585ac7612835a4473f898d72b24a9565c7ea35c9bb7ca9854939439d4da926ad5b70bbf59e590b0462833f1090410556e2e9ced6a2d4ccceead1349918
-
Filesize
141KB
MD55dd01bcb406df249cd3094fa93e97f1c
SHA168b9d106d36fea4703ef08e49f507abfad5a39dc
SHA2565545e839f506700e8f7aa9b177200e8fcbc28665b9f418c59ba7e10f3878adc3
SHA5126d4f9621713493ab4408c452d558137bec89ef927878ac67d2f07ad9fd7f299afabc4507ed9fcb029a5a0011e7c0c6b38e453432be09d8269626213c9059ef1c
-
Filesize
96KB
MD556a3ca88af1fe2835b898b9588c34a41
SHA1ce12dde9b6ae16f63a2ad1bd5e8b3cc95831ce0e
SHA256f1fdc02da0ccd3be626a5c4ff5e6e91b865126a35c8fb5a1b0c9b4cc33bf7b13
SHA512877a2025c76f8d083e5fe60cb686b8b74990a11f4b78e1136cea70a7dc719ca7568fcdcb8dab0509903e58eb120f1e9919874d03cd220f67b7df7d78b2f3c0ed
-
Filesize
640B
MD562702e54894d85ff473f097053a59132
SHA1bf8dbc7784919d8e3ae39ecdcae18817c4118d3f
SHA2567a3916ecaf756e349a45459ac6e1f59bb32257e3b3224003edee4de29e799daa
SHA51253f1e5febe433f6b9f515d41cc88b9c32f5df69326aa454eb5f83d45f7da464daa2ed898f2a082441613e89e4d009ab2c227a6d7856dd024fbbc6ab892958755
-
Filesize
8KB
MD56143c5c570587f4a313db0e19eb6af06
SHA1edb04b496af505acca21f34340a1e3c26e0d7c0a
SHA25667bf392b14cc7b4f10bab746609a08e8164bb961e9bf48a29f9a3e7ff2ef28cb
SHA5121dfe7996b59ad4941bcbac3d19f8b03443d561e760dd0642e2fdb116a88ba813a51fe964bf22ede3361716e9144b84ae6a324a9e8c39a667b48f81b9bf97d55d
-
Filesize
8KB
MD50efc06bf0cbede5cab1dc263e0519014
SHA16d94df57dd67644e1a1679f720a65cee2ed5bde7
SHA256cb9790d486eb70a5dfe9f479af6d4a8f32c8c4866135faf30cd48b4bf4460fbb
SHA512aa08f79062d4162f454b4bb31ef36a7a1312842fc530dd31d2f34e02d4cb951b4e620ea8c27267acdc6de019166ed82816a372dbc1cd89b838650f58bdb30c21
-
Filesize
8KB
MD507f06d46846c7f132e0148dc771a5afe
SHA19f5e1da1a033750c2a66dc459a169fd195f4ae2b
SHA256471cdb1c68a104fd128e9c8b76198d7cc147b40a3f3e4a508c5810f62db8fcbf
SHA5124e4875d7c651b674a1f82f493ee4b34b93b6a07538e4874c67ab1a2d0dd19de053e270ed4b642a7fbbbec9b9c65000179ea55aaa126c724359e28531abdde777
-
F:\Applied Biosystems\StepOne Software v2.3\eclipse\plugins\com.apldbio.sds.experiment.calibration.aztec_2.1.0\config\sds7300-calib-puredye-96-SYBR.eds
Filesize13KB
MD500f46b0804aca3f1fa2eabe881e8451f
SHA18c25d03a1ca86465e331be1b7d30a7e255214018
SHA256029dda10f884c2c693bcc560526f03db64bdba062031b84875dc4d56bcc55caf
SHA5129db01f12b49105eeab6e119640a1fb8cdcbcd7feb4bbd57ed6e97a92bc7e5e3fddab11b3a22bce3e20bb8a7bd986bdec6288c4024eaf24def230d8d071ce0419
-
Filesize
27B
MD57da9aa0de33b521b3399a4ffd4078bdb
SHA1f188a712f77103d544d4acf91d13dbc664c67034
SHA2560a526439ed04845ce94f7e9ae55c689ad01e1493f3b30c5c2b434a31fa33a43d
SHA5129d2170571a58aed23f29fc465c2b14db3511e88907e017c010d452ecdf7a77299020d71f8b621a86e94dd2774a5418612d381e39335f92e287a4f451ee90cfb6
