Analysis
-
max time kernel
59s -
max time network
67s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/06/2024, 15:39
Static task
static1
Behavioral task
behavioral1
Sample
SigmaXL_Version_10_Setup.msi
Resource
win11-20240508-en
General
-
Target
SigmaXL_Version_10_Setup.msi
-
Size
466.2MB
-
MD5
858644f644187332e8daf89ba6c1404a
-
SHA1
4bd31861280865fea64cd59ef614d04eb634799f
-
SHA256
d33e30f08fa2e2a19906054c40e7d19c7a34451026fd30b2072c91e720616222
-
SHA512
0b365e3f0f7dc0057f497a2c39d6ec4beb0f24b92e7e179fb64153c3e64788adeedb6f23d7cfee00a7917c86feafe612f366684bf78ddc85e5591b40a7d39757
-
SSDEEP
12582912:2lFbtYt9XISflm3v0UcyYrDkH9m3LrHQ4bzhJuWBht7:2lFbENmf0UcGeHQ4XhJuWb
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\E: MSIEXEC.EXE File opened (read-only) \??\R: MSIEXEC.EXE File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: MSIEXEC.EXE File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\O: MSIEXEC.EXE File opened (read-only) \??\X: MSIEXEC.EXE File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\N: MSIEXEC.EXE File opened (read-only) \??\Q: MSIEXEC.EXE File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\P: MSIEXEC.EXE File opened (read-only) \??\K: MSIEXEC.EXE File opened (read-only) \??\T: MSIEXEC.EXE File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: MSIEXEC.EXE File opened (read-only) \??\B: MSIEXEC.EXE File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Z: MSIEXEC.EXE File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Y: MSIEXEC.EXE File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\H: MSIEXEC.EXE File opened (read-only) \??\M: MSIEXEC.EXE File opened (read-only) \??\V: MSIEXEC.EXE File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\I: MSIEXEC.EXE File opened (read-only) \??\L: MSIEXEC.EXE File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\W: MSIEXEC.EXE File opened (read-only) \??\J: MSIEXEC.EXE File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\A: msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\SigmaXL\V10\Sample Data\Attribute Data - U Chart Defects.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\TurboActivate.dat msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_XYZ_Interp.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\1 Sample Equivalence - CI Mean.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Montgomery Table 9.1.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_ADBC_V7.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Chemical Process Concentration - Series A.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_RSM.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L8 Seven Factor.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\C Chart Template.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_DMAIC_2016_Ribbon.xlam msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\One-Way Chi-Square Exact.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Customer Data.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Tolerance_Interval.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\GageRRCharts.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Sample Size and Difference Worksheet.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\tbbmalloc.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L27 Thirteen Factor.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\TurboActivate.exe msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\libiomp5md.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Attribute C ARL Calculator.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Conover Grass Type Experiment.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_DOE.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\DLIB\xyz_interp_761.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\2 Proportions Test CI.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Rare Events Prob G.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Stimulant Test.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\TurboActivate.x64.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\DLIB\signal.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Individuals.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Wafer Thickness.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Catapult DOE Data for Adv MReg.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\cityhash.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\DLIB\arima_stl.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\readstat.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_ANOM.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\GLM GageRR (Crossed) Metrics without Interaction.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Shewhart ARL Calculator.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\RSM Example - Cake Bake Data for Adv MReg.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Forecast.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\EWMA ARL Calculator JN.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\G Chart Template.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\GLM GageRR (Nested) Metrics.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\g.gkf msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\EWMA ARL Calculator.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\FMEA_V8.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Descriptive.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L9 Four Factor.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\1 Proportion Test CI.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Mobile Cellular Subscriptions per 100 people by Region and Year.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\zlib.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L16 Eight Factor.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Monthly Airline Passengers - Modified for Control Charts.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Taguchi\Taguchi L8 Six Factor.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Attribute Data.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\Sample Data\Monthly Airline Passengers - Missing Values.xlsx msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_ARL.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\SigmaXL_GE_Gage_linearity_Bias.gcg msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\1 Poisson Rate Test CI.xlsm msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\SigmaXL_DMAIC_2016_Ribbon.xlam msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\TurboActivate.exe msiexec.exe File created C:\Program Files\SigmaXL\V10\SigmaXL_Support_Files\xls.dll msiexec.exe File created C:\Program Files\SigmaXL\V10\SXL_Stats\Attribute MSA.xlsm msiexec.exe -
Drops file in Windows directory 22 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI63E5.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\ARPPRODUCTICON.exe msiexec.exe File opened for modification C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\UNINST_Uninstall_S_86A8AA8FC5374446B85D3419441965DB.exe msiexec.exe File created C:\Windows\Installer\e586243.msi msiexec.exe File opened for modification C:\Windows\Installer\e58623f.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\Installer\SourceHash{8FC20039-94AD-47B5-8C24-8CFD0B7B2069} msiexec.exe File created C:\Windows\SystemTemp\~DF2D0DCCC3BA46E844.TMP msiexec.exe File created C:\Windows\Installer\e58623f.msi msiexec.exe File opened for modification C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\ARPPRODUCTICON.exe msiexec.exe File created C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\UNINST_Uninstall_S_86A8AA8FC5374446B85D3419441965DB.exe msiexec.exe File created C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut10_B9C4D019D8C042959C28E61D4368901B.exe msiexec.exe File opened for modification C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut10_B9C4D019D8C042959C28E61D4368901B.exe msiexec.exe File created C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut11_630B57E167964E56A130CD36498C0FE7.exe msiexec.exe File opened for modification C:\Windows\Installer\MSI6648.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI6A50.tmp msiexec.exe File opened for modification C:\Windows\Installer\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\NewShortcut11_630B57E167964E56A130CD36498C0FE7.exe msiexec.exe File created C:\Windows\SystemTemp\~DF83678F7B4237667D.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF6857A590A526C08E.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF152BD4CFD4B54B68.TMP msiexec.exe -
Executes dropped EXE 22 IoCs
pid Process 1136 ISBEW64.exe 1160 ISBEW64.exe 892 ISBEW64.exe 5080 ISBEW64.exe 832 ISBEW64.exe 3656 ISBEW64.exe 4216 ISBEW64.exe 1644 ISBEW64.exe 4764 ISBEW64.exe 1940 ISBEW64.exe 4592 SigmaXL_Version_10_64-Bit.exe 780 SigmaXL_Version_10_64-Bit.exe 2324 ISBEW64.exe 1696 ISBEW64.exe 4624 ISBEW64.exe 2640 ISBEW64.exe 4300 ISBEW64.exe 872 ISBEW64.exe 4544 ISBEW64.exe 4412 ISBEW64.exe 2508 ISBEW64.exe 1412 ISBEW64.exe -
Loads dropped DLL 12 IoCs
pid Process 4164 MsiExec.exe 4164 MsiExec.exe 4164 MsiExec.exe 4164 MsiExec.exe 4164 MsiExec.exe 4164 MsiExec.exe 4164 MsiExec.exe 2772 MsiExec.exe 2772 MsiExec.exe 2772 MsiExec.exe 2772 MsiExec.exe 2772 MsiExec.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe -
Modifies registry class 24 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EB889732E30533E49BDE05F6A645B524\93002CF8DA495B74C842C8DFB0B70296 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Downloaded Installations\\{AA7A84DF-16EB-4C0D-BB6E-3D3693A63EC4}\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Downloaded Installations\\{AA7A84DF-16EB-4C0D-BB6E-3D3693A63EC4}\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\93002CF8DA495B74C842C8DFB0B70296 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\ProductIcon = "C:\\Windows\\Installer\\{8FC20039-94AD-47B5-8C24-8CFD0B7B2069}\\ARPPRODUCTICON.exe" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\InstanceType = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\93002CF8DA495B74C842C8DFB0B70296\Excel_x64 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\PackageCode = "FD48A7AABE61D0C4BBE6D363396AE34C" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Media\DiskPrompt = "[1]" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Language = "1033" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EB889732E30533E49BDE05F6A645B524 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\AdvertiseFlags = "388" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\AuthorizedLUAApp = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\PackageName = "SigmaXL_Version_10_64-Bit.msi" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\SourceList\Media\1 = "DISK1;1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\ProductName = "SigmaXL" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Version = "167903232" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Assignment = "1" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\93002CF8DA495B74C842C8DFB0B70296\Clients = 3a0000000000 msiexec.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4248 msiexec.exe 4248 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2624 msiexec.exe Token: SeIncreaseQuotaPrivilege 2624 msiexec.exe Token: SeSecurityPrivilege 4248 msiexec.exe Token: SeCreateTokenPrivilege 2624 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2624 msiexec.exe Token: SeLockMemoryPrivilege 2624 msiexec.exe Token: SeIncreaseQuotaPrivilege 2624 msiexec.exe Token: SeMachineAccountPrivilege 2624 msiexec.exe Token: SeTcbPrivilege 2624 msiexec.exe Token: SeSecurityPrivilege 2624 msiexec.exe Token: SeTakeOwnershipPrivilege 2624 msiexec.exe Token: SeLoadDriverPrivilege 2624 msiexec.exe Token: SeSystemProfilePrivilege 2624 msiexec.exe Token: SeSystemtimePrivilege 2624 msiexec.exe Token: SeProfSingleProcessPrivilege 2624 msiexec.exe Token: SeIncBasePriorityPrivilege 2624 msiexec.exe Token: SeCreatePagefilePrivilege 2624 msiexec.exe Token: SeCreatePermanentPrivilege 2624 msiexec.exe Token: SeBackupPrivilege 2624 msiexec.exe Token: SeRestorePrivilege 2624 msiexec.exe Token: SeShutdownPrivilege 2624 msiexec.exe Token: SeDebugPrivilege 2624 msiexec.exe Token: SeAuditPrivilege 2624 msiexec.exe Token: SeSystemEnvironmentPrivilege 2624 msiexec.exe Token: SeChangeNotifyPrivilege 2624 msiexec.exe Token: SeRemoteShutdownPrivilege 2624 msiexec.exe Token: SeUndockPrivilege 2624 msiexec.exe Token: SeSyncAgentPrivilege 2624 msiexec.exe Token: SeEnableDelegationPrivilege 2624 msiexec.exe Token: SeManageVolumePrivilege 2624 msiexec.exe Token: SeImpersonatePrivilege 2624 msiexec.exe Token: SeCreateGlobalPrivilege 2624 msiexec.exe Token: SeCreateTokenPrivilege 2624 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2624 msiexec.exe Token: SeLockMemoryPrivilege 2624 msiexec.exe Token: SeIncreaseQuotaPrivilege 2624 msiexec.exe Token: SeMachineAccountPrivilege 2624 msiexec.exe Token: SeTcbPrivilege 2624 msiexec.exe Token: SeSecurityPrivilege 2624 msiexec.exe Token: SeTakeOwnershipPrivilege 2624 msiexec.exe Token: SeLoadDriverPrivilege 2624 msiexec.exe Token: SeSystemProfilePrivilege 2624 msiexec.exe Token: SeSystemtimePrivilege 2624 msiexec.exe Token: SeProfSingleProcessPrivilege 2624 msiexec.exe Token: SeIncBasePriorityPrivilege 2624 msiexec.exe Token: SeCreatePagefilePrivilege 2624 msiexec.exe Token: SeCreatePermanentPrivilege 2624 msiexec.exe Token: SeBackupPrivilege 2624 msiexec.exe Token: SeRestorePrivilege 2624 msiexec.exe Token: SeShutdownPrivilege 2624 msiexec.exe Token: SeDebugPrivilege 2624 msiexec.exe Token: SeAuditPrivilege 2624 msiexec.exe Token: SeSystemEnvironmentPrivilege 2624 msiexec.exe Token: SeChangeNotifyPrivilege 2624 msiexec.exe Token: SeRemoteShutdownPrivilege 2624 msiexec.exe Token: SeUndockPrivilege 2624 msiexec.exe Token: SeSyncAgentPrivilege 2624 msiexec.exe Token: SeEnableDelegationPrivilege 2624 msiexec.exe Token: SeManageVolumePrivilege 2624 msiexec.exe Token: SeImpersonatePrivilege 2624 msiexec.exe Token: SeCreateGlobalPrivilege 2624 msiexec.exe Token: SeCreateTokenPrivilege 2624 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2624 msiexec.exe Token: SeLockMemoryPrivilege 2624 msiexec.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2624 msiexec.exe 4164 MsiExec.exe 2624 msiexec.exe -
Suspicious use of WriteProcessMemory 57 IoCs
description pid Process procid_target PID 4248 wrote to memory of 4164 4248 msiexec.exe 81 PID 4248 wrote to memory of 4164 4248 msiexec.exe 81 PID 4248 wrote to memory of 4164 4248 msiexec.exe 81 PID 4164 wrote to memory of 1136 4164 MsiExec.exe 82 PID 4164 wrote to memory of 1136 4164 MsiExec.exe 82 PID 4164 wrote to memory of 1160 4164 MsiExec.exe 83 PID 4164 wrote to memory of 1160 4164 MsiExec.exe 83 PID 4164 wrote to memory of 892 4164 MsiExec.exe 84 PID 4164 wrote to memory of 892 4164 MsiExec.exe 84 PID 4164 wrote to memory of 5080 4164 MsiExec.exe 85 PID 4164 wrote to memory of 5080 4164 MsiExec.exe 85 PID 4164 wrote to memory of 832 4164 MsiExec.exe 86 PID 4164 wrote to memory of 832 4164 MsiExec.exe 86 PID 4164 wrote to memory of 3656 4164 MsiExec.exe 87 PID 4164 wrote to memory of 3656 4164 MsiExec.exe 87 PID 4164 wrote to memory of 4216 4164 MsiExec.exe 88 PID 4164 wrote to memory of 4216 4164 MsiExec.exe 88 PID 4164 wrote to memory of 1644 4164 MsiExec.exe 89 PID 4164 wrote to memory of 1644 4164 MsiExec.exe 89 PID 4164 wrote to memory of 4764 4164 MsiExec.exe 90 PID 4164 wrote to memory of 4764 4164 MsiExec.exe 90 PID 4164 wrote to memory of 1940 4164 MsiExec.exe 91 PID 4164 wrote to memory of 1940 4164 MsiExec.exe 91 PID 4164 wrote to memory of 4592 4164 MsiExec.exe 92 PID 4164 wrote to memory of 4592 4164 MsiExec.exe 92 PID 4164 wrote to memory of 4592 4164 MsiExec.exe 92 PID 4592 wrote to memory of 780 4592 SigmaXL_Version_10_64-Bit.exe 93 PID 4592 wrote to memory of 780 4592 SigmaXL_Version_10_64-Bit.exe 93 PID 4592 wrote to memory of 780 4592 SigmaXL_Version_10_64-Bit.exe 93 PID 780 wrote to memory of 1556 780 SigmaXL_Version_10_64-Bit.exe 94 PID 780 wrote to memory of 1556 780 SigmaXL_Version_10_64-Bit.exe 94 PID 4248 wrote to memory of 2772 4248 msiexec.exe 96 PID 4248 wrote to memory of 2772 4248 msiexec.exe 96 PID 4248 wrote to memory of 2772 4248 msiexec.exe 96 PID 2772 wrote to memory of 2324 2772 MsiExec.exe 98 PID 2772 wrote to memory of 2324 2772 MsiExec.exe 98 PID 2772 wrote to memory of 1696 2772 MsiExec.exe 99 PID 2772 wrote to memory of 1696 2772 MsiExec.exe 99 PID 2772 wrote to memory of 4624 2772 MsiExec.exe 100 PID 2772 wrote to memory of 4624 2772 MsiExec.exe 100 PID 2772 wrote to memory of 2640 2772 MsiExec.exe 101 PID 2772 wrote to memory of 2640 2772 MsiExec.exe 101 PID 2772 wrote to memory of 4300 2772 MsiExec.exe 102 PID 2772 wrote to memory of 4300 2772 MsiExec.exe 102 PID 2772 wrote to memory of 872 2772 MsiExec.exe 103 PID 2772 wrote to memory of 872 2772 MsiExec.exe 103 PID 2772 wrote to memory of 4544 2772 MsiExec.exe 104 PID 2772 wrote to memory of 4544 2772 MsiExec.exe 104 PID 2772 wrote to memory of 4412 2772 MsiExec.exe 105 PID 2772 wrote to memory of 4412 2772 MsiExec.exe 105 PID 2772 wrote to memory of 2508 2772 MsiExec.exe 106 PID 2772 wrote to memory of 2508 2772 MsiExec.exe 106 PID 2772 wrote to memory of 1412 2772 MsiExec.exe 107 PID 2772 wrote to memory of 1412 2772 MsiExec.exe 107 PID 780 wrote to memory of 5040 780 SigmaXL_Version_10_64-Bit.exe 109 PID 780 wrote to memory of 5040 780 SigmaXL_Version_10_64-Bit.exe 109 PID 780 wrote to memory of 5040 780 SigmaXL_Version_10_64-Bit.exe 109
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SigmaXL_Version_10_Setup.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2624
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4248 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 7B1564D62A21318F8F885397B4AE4646 U2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4164 -
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{24EDE6C2-3FD4-4D0E-88A5-0FF4F1B7EC51}3⤵
- Executes dropped EXE
PID:1136
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10A04516-BC9D-4699-9146-99E390827917}3⤵
- Executes dropped EXE
PID:1160
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3652401E-D09C-40D4-B9BE-3D50051E0A7E}3⤵
- Executes dropped EXE
PID:892
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D5EFC7E4-B8B2-4159-9F4B-854F0813C77C}3⤵
- Executes dropped EXE
PID:5080
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{80115D54-1C42-40A0-8BB5-9AE52C100F2C}3⤵
- Executes dropped EXE
PID:832
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0FEC10DB-BC4A-4842-B9DC-5DB124DE89D0}3⤵
- Executes dropped EXE
PID:3656
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82058BBB-7157-491C-A99A-262D073C0F04}3⤵
- Executes dropped EXE
PID:4216
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8040AACB-2267-4434-96A7-C126E9520369}3⤵
- Executes dropped EXE
PID:1644
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7DA6F577-F1C9-4E39-8090-2638FFDD2A23}3⤵
- Executes dropped EXE
PID:4764
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{103F8B32-50FE-4FED-8F7A-7314891B93E2}3⤵
- Executes dropped EXE
PID:1940
-
-
C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\SigmaXL_Version_10_64-Bit.exe"C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\SigmaXL_Version_10_64-Bit.exe" /s /v/qn /V"AUTOLOADPLUGIN=FALSE"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4592 -
C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\SigmaXL_Version_10_64-Bit.exeC:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}\SigmaXL_Version_10_64-Bit.exe /q"C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}\SigmaXL_Version_10_64-Bit.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}" /s /v/qn /V"AUTOLOADPLUGIN=FALSE" /IS_temp4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:780 -
C:\Windows\system32\MSIEXEC.EXE"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{AA7A84DF-16EB-4C0D-BB6E-3D3693A63EC4}\SigmaXL_Version_10_64-Bit.msi" /qn AUTOLOADPLUGIN=FALSE SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\{8D4D3401-10AA-45E3-BCFD-592177748515}" SETUPEXENAME="SigmaXL_Version_10_64-Bit.exe"5⤵
- Enumerates connected drives
PID:1556
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{DB3B100A-F685-46D9-B934-6013A2A4E9FE}"5⤵PID:5040
-
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2F09C2164A4AA0782E9B23C8B9330F2D2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{108FA52B-ADB3-4922-9FE2-BEEB4A53BEAF}3⤵
- Executes dropped EXE
PID:2324
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1E82868D-6056-436C-8D74-6A44B4F7E5B0}3⤵
- Executes dropped EXE
PID:1696
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0BA5B277-039A-4D74-ACBD-DAA55D5126F3}3⤵
- Executes dropped EXE
PID:4624
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4EB9993-C998-4D14-8B8A-899AC56E0F9B}3⤵
- Executes dropped EXE
PID:2640
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8958F86-4083-44BD-A6E7-7E0BA2DC5700}3⤵
- Executes dropped EXE
PID:4300
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C1951B9-8510-4989-931A-B800425E0F71}3⤵
- Executes dropped EXE
PID:872
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{267064DC-DC63-4883-8BD9-F98C0A6ABD01}3⤵
- Executes dropped EXE
PID:4544
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3964F179-1123-4E71-B20B-731F8D4765D0}3⤵
- Executes dropped EXE
PID:4412
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3DB90828-6912-4962-AD89-F452B930F0C7}3⤵
- Executes dropped EXE
PID:2508
-
-
C:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{BD44D6A4-F433-4E79-B376-4879D40FB033}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D99768F-DFB7-438C-A3A0-7153AFD734DD}3⤵
- Executes dropped EXE
PID:1412
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5cfdb4459ce4f4b2db1241814cb09442f
SHA1a8ea318087443499c43c52077eb4436ef799d927
SHA25699dcf8c85ffe9e8d1e227621ba9f8c2a1879638076785f0cc027b433377f23db
SHA5127f0b78d6ad7a0e51a91a5855bea8ebbccd0711d7f214d3d23347d5884aba627635ca0b86ae08b4006eb122a69317b94430b6be1abc8dd0624f77dc7107b320d5
-
Filesize
3.1MB
MD5252f6bdb4866cd1b8b3d503015f3123b
SHA1239ac836065ec18b258968404fa27cf93138d329
SHA256470be2fcc8b45984543a92a9cb00608fea561390e60faeee79925315ccab6f47
SHA512b922e5194976dce6a33891f3b3e0ea27979aaa72bcca37c3573f7c08485de1f0ad16f211787ebbaedc4bd69a0f969edd0ee8a17f12b810c0d8bf40c06c1ac827
-
Filesize
1KB
MD53ae2c04c3a0d7f85f5d55934cc611488
SHA1f67e16729149add6d4f6c4d85650028be8190204
SHA256c7aef4f973ecaf57398abee9efe6f7892108173d39a1afd3363a9990f353e7e4
SHA5120e0c26aacca97c6996f736f3f285ba1790b34db173475478c804c26c5edc754e55d3b8764836b0cc075dd92e398a2342885d13927a0ebaf52678ec91e08c2419
-
Filesize
465B
MD513bc9437003013c3e0f630ee251c93e5
SHA1fcc7da6babbceeb6313cf1d6f8327ed849003a87
SHA256724ce5dc489bb932624dab871e3f2170443fc538357dfd3f4a877878777f3152
SHA512557e0ac448e6772c28d7164c6416f28d63f61193107a179a58878fcfe0e036594d7ec7ff2da1452a6528430149e376d6d15428dfc84bde66ebe34352532a101f
-
Filesize
2.5MB
MD59b8d88a2ffea9e3df1d7d40515f60345
SHA14980beab01dfe210fa9244feaf81f5f00363aeed
SHA2562fa5e02fdbe2fe880826cf2a02a85216a2e830254cff268249d6b1d7d47e293f
SHA5124ce9ebd3508c53d4da138ae33a88e0ec971b63bf945ca8f0c9a5e25e928eb453082d887eb611c87380c83d4556a57c504049ae058314435491303b554f1c8042
-
Filesize
178KB
MD5aa9eb5317eac5401d5eb0b96a19af711
SHA187e0d072d1212f6f696a2750162fd1d57394652f
SHA2561360a6ec6d8a575780b7740e2dd56fcfcf2db997dc1c908f7e7e381ee4f12a1b
SHA512f17f84344a1ffd094bdb5ac52698c1abfa8ad9013e64915c2edba301504bc8cf765a82d57897655163a86fcd2939d97068a321849cf98937d4a1a305656355e8
-
Filesize
426KB
MD5b4171921e8339f2c5712b3c58cd86965
SHA1146ac8f91f65780269b9aa12ff90079159578275
SHA256d72c678d0265d44898f6f85ae0a65ad5429a10564ee5070de93a75511f438f2a
SHA5128d009c6863e782ceeeabeb8f1a39cf594e916fb94eac4a215e4cf9e82174170fa5eead12312801f3e787c7e7ad9badd20f5a03c7302cc63a2d33dbd0d77f4536
-
Filesize
171KB
MD5a18a877af745547c52be37224ad1e989
SHA17feb6233b02fc965d24ac55e2f154f925bff837b
SHA256fe00005797dd4ddd1d029065997a07003d21c71857a93af09781bcaf30dfe4ff
SHA5129e684b98f488ffaed061f5ae3a1a639b60c008296e7610c0b9dccf448ef23d32553be02f41f03e63e949dde13d2f62bf7c7ef4da707aa0e908f8e3caf3be5ca1
-
Filesize
1.8MB
MD52da96148e97e0633ab934ce7b45e2587
SHA17e9ce033c16c5dbc28b2dbf424eae02fd49c2085
SHA256613ba147f5877d6f78ec722e29103e6d71be9c04d0659910811ad7caeaa12b8f
SHA5122d01e83761bd64abda598da7b5e67d0b5b9cb3dad4c0b01f347df69d2a9fa85687de4587f7cbf46365ca475456c43a647ab10920196be301c1820635fb43ddb4
-
Filesize
1.3MB
MD51f65b77db1bd5878ac251490cf44247e
SHA138b9aa626a23734d53040a1be9ae825f25a683dd
SHA2564d67108f2e60c3643df93960754e5ff1ec3591a50bf8c48333cc6d2e42b57b1a
SHA5123ad4fd20cc7ad7bdee49d32da968cc0525c59bf48e5b9eec9871695f3a508c21fe25f02fcc9bd3c9c82bf872750b9fd5722bc1022ae140b6ad9e44c56ba9c624
-
Filesize
191KB
MD5040fdf59432fe943da295e0fd115c180
SHA1efb354981fd6c82347556ecd329c20bdba51c6d6
SHA2569fd5f1ef1099c9d1a3843d8cb51b6ecb44762da7c933d27eb6f79ac50b788609
SHA512db4dc507295f2d1be731471f0f3e0e047bcd64804b2ebf23ee0a91ab259bee566d336f77f420908ca69a18136a57ccd727259c1bb21cec9f3a86c9a6da772904
-
Filesize
250KB
MD5c306ef16835f01966b0b7b0b79eb55bb
SHA14e97cc8e7bdbde7be3134c77a22730c2f672c3c9
SHA256d6a38c864139e7a63156590eb61357c2b9caf0789e22efea607fbbe0330829de
SHA5126f9580aceb9be8d7a2129be0c946f6132cedc12ed0b8ca778ff512bc413319fa6ea52ac3cddef0082621051ef4e3c2cfdcefc8657a94ec97fded7931377b9051
-
Filesize
196B
MD58f18269fca810207a49201f5c1abc72a
SHA1eae6d0362f6e7ed8a8fbf185a7ac5b5206d0865a
SHA256c52b1d47d18964f13433896ecd67e1f338eb19403d4a51cf411cd9f6317e90e7
SHA512d18d937ce37436070cce6a1a2fa6ae40233b79785a3517b46b46f8bc94c4b2def9669ac8ecc4cf6033bef98d817e305637ddd7d2c3a826f36c87d3b1b5b4360c
-
Filesize
21KB
MD5a108f0030a2cda00405281014f897241
SHA1d112325fa45664272b08ef5e8ff8c85382ebb991
SHA2568b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948
SHA512d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298
-
Filesize
672B
MD52bc47f89b07c51cea2f8715facdd3183
SHA1994fecd6583d326787e7c79b01e7f18c469379cc
SHA25682bb93d82279334b481a80678557f6b7123f070a562de44b0377e96d4e3d313e
SHA5126c73a6e396defdb3a1bf08f8ee606d4485510cd8a25db98dd309ca60f855c493fe5f7dd52e439c7f4d67333b866014c7c8a2771771072442eb4230d2a81da83d
-
Filesize
46B
MD5c10f0c1c213324eb2d479d8617a58197
SHA15d830ffc7950e47de2a7f9efafca8425c37a382c
SHA25606d38311dc59cf5a078491d01fe65e579b3c5d72764bf93e35ae24cd74a805be
SHA5126b73dd20de1f288999bf2590f8cf095f5804ae2648ab85d136a919ffe0e0430180c91a46b2ad6192104ee8802d982f70bc0fcca87cd8189a5be3e04312d1a702
-
Filesize
6KB
MD5be4db0f272173a4b7f4e3687603d8312
SHA15edd4e61fee61b17f8b85d3f0d48ed9c86a51f87
SHA256d368b7e705a91785fcbbce83668864cb6b622b33e8846968c1882ba345af4b00
SHA512e968370ce7e3cc0e8fbeba047bfb8cc0cbb09986397bf3183063a31067fbe805be6646f15568f4e90e7082c69c06e34f26903b57b1a69af83d6de92ac35b8d2b
-
Filesize
165KB
MD5caab36876c8757cb23ceb224c583903a
SHA141872dced001b6898309a5dc005e162c9d450d7c
SHA256fb6fd34e42619110bdd4e7410e6cf5792d48da3579d451a4ca8853cdaa681ff4
SHA512ac3ae007dd3ae3fc29fabb0cb694e174339f78ce7e11b0ab624ae9316adcd6d3f86a701c045074c3eb1a7a34060528cce4cb86a457c11a39f7338b0c0f25483b