Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02-02-2024 01:47
Static task
static1
Behavioral task
behavioral1
Sample
3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi
Resource
win7-20231215-en
General
-
Target
3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi
-
Size
17.1MB
-
MD5
b82ada91e8742234257d9cad38deebfe
-
SHA1
d1278efa9729f955de1dbfcfe53550e67212ff9b
-
SHA256
3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834
-
SHA512
676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b
-
SSDEEP
393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/
Malware Config
Signatures
-
Babadeda Crypter 1 IoCs
resource yara_rule behavioral2/files/0x0006000000023234-105.dat family_babadeda -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\V: msiexec.exe -
Drops file in Windows directory 8 IoCs
description ioc Process File created C:\Windows\Installer\e5779c4.msi msiexec.exe File opened for modification C:\Windows\Installer\e5779c4.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638} msiexec.exe File opened for modification C:\Windows\Installer\MSI7ABE.tmp msiexec.exe File created C:\Windows\Installer\e5779c6.msi msiexec.exe -
Executes dropped EXE 1 IoCs
pid Process 3520 dsw.exe -
Loads dropped DLL 19 IoCs
pid Process 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000083dd7964f79773090000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000083dd79640000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090083dd7964000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d83dd7964000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000083dd796400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1604 msiexec.exe 1604 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4776 msiexec.exe Token: SeIncreaseQuotaPrivilege 4776 msiexec.exe Token: SeSecurityPrivilege 1604 msiexec.exe Token: SeCreateTokenPrivilege 4776 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4776 msiexec.exe Token: SeLockMemoryPrivilege 4776 msiexec.exe Token: SeIncreaseQuotaPrivilege 4776 msiexec.exe Token: SeMachineAccountPrivilege 4776 msiexec.exe Token: SeTcbPrivilege 4776 msiexec.exe Token: SeSecurityPrivilege 4776 msiexec.exe Token: SeTakeOwnershipPrivilege 4776 msiexec.exe Token: SeLoadDriverPrivilege 4776 msiexec.exe Token: SeSystemProfilePrivilege 4776 msiexec.exe Token: SeSystemtimePrivilege 4776 msiexec.exe Token: SeProfSingleProcessPrivilege 4776 msiexec.exe Token: SeIncBasePriorityPrivilege 4776 msiexec.exe Token: SeCreatePagefilePrivilege 4776 msiexec.exe Token: SeCreatePermanentPrivilege 4776 msiexec.exe Token: SeBackupPrivilege 4776 msiexec.exe Token: SeRestorePrivilege 4776 msiexec.exe Token: SeShutdownPrivilege 4776 msiexec.exe Token: SeDebugPrivilege 4776 msiexec.exe Token: SeAuditPrivilege 4776 msiexec.exe Token: SeSystemEnvironmentPrivilege 4776 msiexec.exe Token: SeChangeNotifyPrivilege 4776 msiexec.exe Token: SeRemoteShutdownPrivilege 4776 msiexec.exe Token: SeUndockPrivilege 4776 msiexec.exe Token: SeSyncAgentPrivilege 4776 msiexec.exe Token: SeEnableDelegationPrivilege 4776 msiexec.exe Token: SeManageVolumePrivilege 4776 msiexec.exe Token: SeImpersonatePrivilege 4776 msiexec.exe Token: SeCreateGlobalPrivilege 4776 msiexec.exe Token: SeBackupPrivilege 4172 vssvc.exe Token: SeRestorePrivilege 4172 vssvc.exe Token: SeAuditPrivilege 4172 vssvc.exe Token: SeBackupPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe Token: SeTakeOwnershipPrivilege 1604 msiexec.exe Token: SeRestorePrivilege 1604 msiexec.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 4776 msiexec.exe 4776 msiexec.exe 3520 dsw.exe 3520 dsw.exe 3520 dsw.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 3520 dsw.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3520 dsw.exe 3520 dsw.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1604 wrote to memory of 4688 1604 msiexec.exe 96 PID 1604 wrote to memory of 4688 1604 msiexec.exe 96 PID 1604 wrote to memory of 3520 1604 msiexec.exe 98 PID 1604 wrote to memory of 3520 1604 msiexec.exe 98 PID 1604 wrote to memory of 3520 1604 msiexec.exe 98 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4776
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵PID:4688
-
-
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3520
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4172
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x344 0x4981⤵PID:4676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD52951e4755f94832de11a56dad6339019
SHA12bab9d6b0a68bb326e683e6ed27459c28b7ccd65
SHA256d49879164e14af59deeea72f89e583e04e88a39422aa9519143a9866f8d5b072
SHA512250a933cdcbcf9ea9fd0079011a19ec723324c3ba22b80a113a7e78c5eed06308bf7190426df8413bcb6264dd971ecb8639e2ab7bfc876f520642229fb58a13d
-
Filesize
183KB
MD5e8ab6afc4d1f7c9a28748951dfd49878
SHA12b16cf55b0ff533dfa3da2fd1967d8eabea53de7
SHA25634bb5de8f4c85ded207e669b21adfab1f40fb0c1bb89dd1ca832ebed261d1b9a
SHA5126f96280bb1314427a88bfbdb64f6638b7d9b725cde81054dcd510aaf1e73c2ae51a6b54913128419c7714192c8afab367fe6254bf6a12c80b26ecfa42ce5f8f8
-
Filesize
585KB
MD529d84c491e603bc1a2baa9c554a1d044
SHA14b3c64393ef56b5608586414ad582333fe283915
SHA2567a2c2b468865721b099309f7bc335aeed1523ba43281cc47cd406736ac8b5054
SHA512f9505925a41336c6c65bb8900280f48dc6d3ce593b432bd06c168a1023046ee35cf6fc0851109a730e222a69638a6af1778eae9f4971b4cf8c1d3579d518e98a
-
Filesize
379KB
MD5e98f595caa5ee23e8a3e46d83211da9d
SHA1a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938
-
Filesize
344KB
MD5538b2d0a5d2787c1fb92f3144c485ef0
SHA1e6a5b93643292798878722e7ef4e5eb581ec346a
SHA25635e49b4a3f03eb4c80603a99d1bc4ea05ab54c8229873e4d3a978e6fa77e6f75
SHA5122a4db6f8d782dd6660c780966e6d30a7708b4308150806ca9a5d07820dfe5c3cec2b9fedb00dc49292fb3399ac985c1184a7b87911f9f35ee276cea08c545939
-
Filesize
391KB
MD5bd71a16afa3d22d485d58fb07fe21a1a
SHA151b28f7cc77a2a09a5c3be620380964022146436
SHA25608f2420cbdfdd50c761f0f30be0dde8662e1f93408f2d7d71a5e8c18c3cd7f0a
SHA51265f5eacb3d5f570e222eff473ba05e85da36afc96c64a048a84011b6f4ad6cbf7d2933873bdaaaeda1da792a6cd5979ee44c01c366bf50942df6620e3bb3a197
-
Filesize
296KB
MD524b1b98aaca441dbbbd7e086f0e7ab02
SHA1e923aedfab046fcff7a31f033576e3dad24f84f3
SHA25698e4dbd260c19c5bf3afdd754303f65f61502122a3ad0bc3ed8a6ee59bc49a7c
SHA512f6341f6d0d46d3535ac96647d04866c27103a87435d84caa1f4acdf8d3e42978286df19529720a03b4be373def617e84b93c7c2b096aa02f9ec10a7dab32840d
-
Filesize
295KB
MD560304d3b6b85b64ada55683a78ee2894
SHA140d970a60228e3105428fdf298d320d0462997a5
SHA256c7267f4982c338891b43dad91f4c93c52ed979bcd7f00341775e7432c1ae48c9
SHA512479e2402d756ec1cb61ca68074057a2706acb97ce8ee00c3e628e843f16ac40bd61baf27f1254c5ccb4623c59df6a32945c3ebaa49c8d24912059ee2b5f9d3d7
-
Filesize
383KB
MD57090c7c4a10f1e763e471ff794c07fbc
SHA1eee208dced614e6ab2f841d94ea74b0f0d6a8a43
SHA25644fe744dc26a4455811c86738d568126eb0ba9580adca2703804d03526760c3a
SHA512c6c57a1c907db7353956510479a7b6dba94c24f16a302aeec105c1d778900e3d80d29ef246afcff26856e94970a3f45b3cad1d5a43cc25b2c888fa3a3df0eb17
-
Filesize
854KB
MD504cb9f33d9a854cd49badf1a26c4bdbd
SHA11498e6dfd9e4b79d9b537511981c3295d37a7013
SHA256c7cd06c4d7c7ccf46e60270d59c442e8100c9b1f5a76e76979a0f4affb58d4f2
SHA512b9496a4ba3af69f8b480a4676ddda5a72583c3dade4a2108f3c28a9c269351283ba332aa4cb821fbaf77edf3694ec1b300ce547a4e740a9c630d70bd1a31f89f
-
Filesize
661KB
MD5a5da2ed45d4131e08665f76fed925f96
SHA19c8060bb1ddab3203721198ae8fb25415701df6c
SHA2567eb158fff59729819577dce277c4f44de4551f8ea09a8edcd11eed5b237c526d
SHA51263199af851f9596e8ed82c9cff728699d74adb711241dff064262f8d3315746840056a4914cc361843516388b1264fddfee95310e069b71f41ffe4d50d87433c
-
Filesize
23KB
MD58630b25bf4206be33728b92827eaa9b7
SHA130ace4adbf807289064d090f2bbee58ceb526ac7
SHA2560e177c8d9d3cfadafee51e3e8d7048ccb41c7c9cabd99257daa304b626f7515f
SHA512461a746352a91864f63b6f83d64b14d5a0040e6998a5b658ac3a1ddc89fac6b3b195b74a527281656407596eea6a26ee0d0e0950121018a9468fa5d1818ce1b6
-
Filesize
694KB
MD5e65681d8df633f3e378fc5f066346fa1
SHA1636d039a3d279e5d6ce9afa7395aab876c01250a
SHA256cb56fa07c139df9a1549196ef89dac9d1302b3c84cec836dee40a110e3bb9c08
SHA512ce5df07ee1b86e99ccc344ae18b08cc609a358ea088033424cee9f90a1875664ff118013c28c2dc770cc71c6a12d920ae7ee04fbfad3e9ec8d06466880bdb956
-
Filesize
636KB
MD54e7934c043eabefa1aeb37a459b959b3
SHA117a52c81a8281ab76c0745f0bf647d2ac54897df
SHA25648a6140e2f6e07c31851f82127b150956042765b58c1222bd89af9f3eea702ec
SHA5124eec51e8e708b355aced2653212ddcc9061b8a4e64dcf46d68904a4137b7c85f522e428f6d0b2792a86c495015d57863a914fdf6294da48548e05634de96c614
-
Filesize
135KB
MD58e58fcc0672a66c827c6f90fa4b58538
SHA13e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA2566e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA5120e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768
-
Filesize
67KB
MD5d8ccb4b8235f31a3c73485fde18b0187
SHA1723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA2567bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA5128edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713
-
Filesize
27KB
MD55efb2702c0b3d8eeac563372a33a6ed0
SHA1c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA25640545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA5128119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794
-
Filesize
18KB
MD5ff3d92fe7a1bf86cba27bec4523c2665
SHA1c2184ec182c4c9686c732d9b27928bddac493b90
SHA2569754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA5126e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db
-
Filesize
31KB
MD5a6f27196423a3d1c0caa4a0caf98893a
SHA158b97697fa349b40071df4272b4efbd1dd295595
SHA256d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA5120a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0
-
Filesize
76KB
MD55199d6173a6deb45c275ef32af377c3c
SHA1e8989859b917cfa106b4519fefe4655c4325875b
SHA256a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA51280b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8
-
Filesize
64KB
MD55182cfb12cd17dac9e8c371ce8e25e5f
SHA178aa6bd589ba7da16da7dedca791a5101ae46c58
SHA25656680aa661e650d387f410db85fcbccd748b0d1ff6574257f9500662a29ba0f9
SHA512e29b06b2c132bf40490e3ede7c2b43212f47662990e925db6f34773da7193d6fec7b1a2b3073e87222b853e7eec12d0d79f80b75725dd032a98b4c75f38ca439
-
Filesize
75KB
MD546ede9ea58c0ac20baf444750311e3f8
SHA1246c36050419602960fca4ec6d2079ea0d91f46e
SHA2567ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7
-
Filesize
164KB
MD589e794bbd022ae1cafbf1516541d6ba5
SHA1a69f496680045e5f30b636e9f17429e0b3dd653e
SHA2567d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA51216455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000
-
Filesize
141KB
MD5b6022150de5aeab34849ade53a9ac397
SHA1203d9458c92fc0628a84c483f17043ce468fa62f
SHA256c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA5122286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade
-
Filesize
77KB
MD51be3c1262d06acbce1400889c28234d5
SHA11a5f3c89afc83b468e14451b94b2d6e916533b33
SHA2568c7537d764b0533731143841e9075bf8c640838df6955b180fad90a54bf567c5
SHA51278616089f5969e8d924f0e7f512d222a8e023307f01a3e8f250f4a07e38cb4afd1908023e1375a2d46c41f19e0ef33ba8bec97317d16f4e068ea2ec4e6d17ddb
-
Filesize
31KB
MD5d31da7583083c1370f3c6b9c15f363cc
SHA11ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266
-
Filesize
21KB
MD5cdfbe254cc64959fc0fc1200f41f34c0
SHA14e0919a8a5c4b23441e51965eaaa77f485584c01
SHA2569513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA51263704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610
-
Filesize
168KB
MD59cf887b886af7c897e8cafe5dc70afb7
SHA198bb097b998dff54a1aea8917c236db17c0a9aef
SHA256819702b3ed0647beac115c5a601fb8372d67633a8be4099b8b5360d22f9572f5
SHA512d7f790d95bee1dcb5a3ae62c6a85fe7b36ab357fea83862a21e3a31ca1e27cfc9d46e4c6def80c7d439c30e93235141e1e3efdd84e77b8a87af06fa5b7ec24f9
-
Filesize
336KB
MD56d375e8ba7af357bd13bfcc5cd08e49e
SHA1f73ec8dab6264fc67c2b216bc9df62b28f3c3945
SHA256deeb3a5b6bd7f3cdbfa420c28d76645366284a3a57e2dc63ce7850a9ae155ade
SHA5121d3b44174eb624389a781f4e41eef7e2f055a4b51ed1c26fcd551357bd642e3e22b3087a558948ac5c6b34afeb8c8ffcbb5f85ecc2581dd5d0b01712b74a827c
-
Filesize
57KB
MD59f6c96fff7958530c9891017557b7da8
SHA1c4fc536d83d06915b72c9805a653c901b402b24e
SHA2560a7c1820e4c66a7d79164e7850e46fc38e9938d030f81d1eca23387fbd49effe
SHA51296c3b59c4e4e117ec66efa49c2a7b8b07082aafce67c075de0811f2c25d4c2b9d091bfd722a4c54de5d21f52759da6acceaf897d41e4008c9a84c149b1cead7e
-
Filesize
65KB
MD581e242f512d2f2beebf4792479f1287e
SHA1b270d1c42576e27e6965d9bd8cfe8d108cd2e2bd
SHA256730963841d3a312cc09ff35585ad9f735ed5dfde3a0a6efe02014fd165e0e7be
SHA512ca5040dc20170eb1e60b5bb0b308dde2f5439fde42618a3cc805ce1753e27e97055139803ef07500288f47b7737e69e28a62decc47ec32c5b3d168e484c2d721
-
Filesize
385KB
MD5c14003b894a19f0eccaf196cdb1b740e
SHA1b33345f8653e124f0ce416b60475564470772593
SHA256123e39a6cf5263742333ab9968914f79d6ec7277e2e27e7b498073f842bfa2e1
SHA512b0d6710cdae85fca7e00c99ca0ae90a698ea760210b9f94f5804578c08dc248945c1905dbd13d93e452a67651cd20bb614b286231d219495e5854154a85a8381
-
Filesize
289KB
MD53723f786d4fff9dbe179f2eb7c722118
SHA15773fa9085d04aa043a8289fd217f885824a3165
SHA256e73fd512913ef6405cdd7f41057b3fa5f116ffca972da4c8fe8631d8c0a7db60
SHA5125b9717f0cfcd66e9cda8a33ca119f3f947fd6881b15a31366986f78acdfe6084a6fff6f95b579930a16537c65500c052c588f506dc015f052e49092b88333d70
-
Filesize
2.3MB
MD596c606ec97aa906737d2d5401dccbe1d
SHA187ca3e90cce3bd3b58781fe0d9a38dae8815843b
SHA2563350ce1f0deb3d979dedfd48143fe9a69969bdddd3eba31856222bc560aaea10
SHA5120979f42cf0f038f7775a2fb412503945f5d09ee8a35a195e90a178256035f134395be2f228cc052ccfd4cf118f7019f74edf98797a7776b0a90bd26caed0ce23
-
\??\Volume{6479dd83-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{692bc860-7961-4659-b081-69a5a0fc47c6}_OnDiskSnapshotProp
Filesize6KB
MD587125b19052c3c5468e6e348f4979f6c
SHA1b256859be4f57832776c22cb69e6a2168dde1ab7
SHA256e36d4dccb01541944e6d5f8dba41c13cd45a90cb65abdbfbf93b50f685aae358
SHA512c9640f3ad760ab3153fbd47ac1d44520144aa1fce0ee5cfbb5db8557e39b4e8eefe59eb9a81072e07fe601d1482c0b88278cdff48e695d835c98cfea855454dd