Overview
overview
7Static
static
3dia-setup-...1).exe
windows7-x64
7dia-setup-...1).exe
windows10-2004-x64
7help/eu/di...al.chm
windows7-x64
1help/eu/di...al.chm
windows10-2004-x64
1help/eu/di...al.pdf
windows7-x64
3help/eu/di...al.pdf
windows10-2004-x64
3help/fr/di...al.chm
windows7-x64
1help/fr/di...al.chm
windows10-2004-x64
1help/fr/di...al.pdf
windows7-x64
3help/fr/di...al.pdf
windows10-2004-x64
3help/pl/di...al.chm
windows7-x64
1help/pl/di...al.chm
windows10-2004-x64
1help/pl/di...al.pdf
windows7-x64
3help/pl/di...al.pdf
windows10-2004-x64
3imgmap.py
windows7-x64
3imgmap.py
windows10-2004-x64
3lib/gdk-pi...ni.dll
windows7-x64
3lib/gdk-pi...ni.dll
windows10-2004-x64
3lib/gdk-pi...mp.dll
windows7-x64
3lib/gdk-pi...mp.dll
windows10-2004-x64
3lib/gdk-pi...if.dll
windows7-x64
3lib/gdk-pi...if.dll
windows10-2004-x64
3lib/gdk-pi...ns.dll
windows7-x64
3lib/gdk-pi...ns.dll
windows10-2004-x64
3lib/gdk-pi...co.dll
windows7-x64
3lib/gdk-pi...co.dll
windows10-2004-x64
3lib/gdk-pi...eg.dll
windows7-x64
3lib/gdk-pi...eg.dll
windows10-2004-x64
3lib/gdk-pi...cx.dll
windows7-x64
3lib/gdk-pi...cx.dll
windows10-2004-x64
3lib/gdk-pi...ng.dll
windows7-x64
3lib/gdk-pi...ng.dll
windows10-2004-x64
3Analysis
-
max time kernel
137s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 22:03
Behavioral task
behavioral1
Sample
dia-setup-0.97.2-2-unsigned (1).exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
dia-setup-0.97.2-2-unsigned (1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
help/eu/dia-manual.chm
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
help/eu/dia-manual.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
help/eu/dia-manual.pdf
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
help/eu/dia-manual.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
help/fr/dia-manual.chm
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
help/fr/dia-manual.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
help/fr/dia-manual.pdf
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
help/fr/dia-manual.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
help/pl/dia-manual.chm
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
help/pl/dia-manual.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
help/pl/dia-manual.pdf
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
help/pl/dia-manual.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
imgmap.py
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
imgmap.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ani.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ani.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-bmp.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-bmp.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gif.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gif.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-icns.dll
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-icns.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ico.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ico.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-jpeg.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-jpeg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-pcx.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-pcx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.dll
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.dll
Resource
win10v2004-20241007-en
General
-
Target
dia-setup-0.97.2-2-unsigned (1).exe
-
Size
18.7MB
-
MD5
6a2472af5b3df9506e5ec3d822edaf3c
-
SHA1
bf774bf6902e390d2a4ade45dde41f905c60ceeb
-
SHA256
8257389d6264742d414404beaaaac869336c91f9f9af1e31ee081aa6e7857f3c
-
SHA512
e7004bf677d25ebef2dc95de9d571b901e4ee678edf0b5ed65217f554e3a844099db112584a4128b89bace21a517c4958a6aa4ffb73be8fca0e66c5466e1309b
-
SSDEEP
393216:P+xc0G6JizMOOmWw+gyT0JPnKXHjdVABdO008NdOS:Qc2iJ/+JTcfqt8NV
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2156 gdk-pixbuf-query-loaders.exe 2060 diaw.exe -
Loads dropped DLL 64 IoCs
pid Process 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe 2984 cmd.exe 2984 cmd.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe 2156 gdk-pixbuf-query-loaders.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Dia\shapes\Electric\vcommand.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Pneumatic\cnx.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\be@latin\LC_MESSAGES\glib20.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\mi\LC_MESSAGES\gtk20-properties.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Circuit\vinductor_de.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\server_with_pc_router.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cybernetics\factor-greater1.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\intelliswitch_stack.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\woman_blue.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\sheets\network.sheet dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\eu\LC_MESSAGES\gtk20-properties.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\lib\locale\ja\LC_MESSAGES\atk10.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\BPMN\Intermediate-Event-Rule.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\100baset_hub.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\firewall_subdued.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\pt\LC_MESSAGES\gtk20-properties.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\uz\LC_MESSAGES\gtk20.mo dia-setup-0.97.2-2-unsigned (1).exe File opened for modification C:\Program Files (x86)\Dia\shapes\network\printer.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\et\LC_MESSAGES\gtk20-properties.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\ta\LC_MESSAGES\gtk20.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\communications_server.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\edge_label_switch_router_with_netflow.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\flowchart\document.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\pt_BR\LC_MESSAGES\glib20.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\sonet_mux.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\locale\kn\LC_MESSAGES\dia.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\pl\LC_MESSAGES\glib20.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Map\Isometric\Tree1.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\bin\libpng14-14.dll dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Circuit\lamp_de.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\mux.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\university.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\sheets\cisconetwork.sheet dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\lib\locale\or\LC_MESSAGES\atk10.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\dpt.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\workgroup_director.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\network\patch-panel.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\multilayer_switch.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\router_in_building.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\stp.png dia-setup-0.97.2-2-unsigned (1).exe File opened for modification C:\Program Files (x86)\Dia\shapes\Contact\l_outnot.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Gane_and_Sarson\process.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\BPMN\Group.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\ChemEng\airforced.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\ata.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\pad.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\jigsaw\part_ioio.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\sheets\UML\eventsink.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Map\Isometric\Train2.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\samples\Visio\vdxtosvg\animation_tests.svg dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\locale\sv\LC_MESSAGES\dia.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Assorted\triangle-isoceles.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\government_building.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\laptop.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\BPMN\Intermediate-Event-Link.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\accesspoint.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\en_GB\LC_MESSAGES\gtk20.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\share\locale\zh_CN\LC_MESSAGES\gtk20.mo dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\cddi_fddi_concentrator.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\vn2900.shape dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\samples\self\dia-linux-2.dia dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\Cisco\atm_switch.shape dia-setup-0.97.2-2-unsigned (1).exe File opened for modification C:\Program Files (x86)\Dia\shapes\Pneumatic\comspr.png dia-setup-0.97.2-2-unsigned (1).exe File created C:\Program Files (x86)\Dia\shapes\jigsaw\part_ooio.png dia-setup-0.97.2-2-unsigned (1).exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dia-setup-0.97.2-2-unsigned (1).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language gdk-pixbuf-query-loaders.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language diaw.exe -
Modifies registry class 60 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createdxf\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t dxf \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.dia\Content Type = "application/dia" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createcgm dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createcgm\ = "Create CGM image" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createdxf\command dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createpng\ = "Create PNG image" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwmf dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwpg dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.dia\ = "diaFile" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createeps dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createpng dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createcgm\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createpng\command dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwmf\ = "Create Windows Meta File" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createeps\ = "Create EPS file" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createhpgl\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t hpgl \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createmp dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createsvg dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createshape\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t shape \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createtex\ = "Create TeX PSTricks macros" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwpg\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t wpg \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createdxf\ = "Create DXF drawing" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\ = "diaFile" dia-setup-0.97.2-2-unsigned (1).exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\EditFlags = 00000100 dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\open dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwmf\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createmp\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t mp \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createpng\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t png \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createsvg\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t svg \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createshape\ = "Create dia shape" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createtex dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createhpgl dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createcgm\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t cgm \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createdxf dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createmp\ = "Create TeX Metapost macros" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createfig dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\DefaultIcon dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createhpgl\ = "Create HPGL file" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createhpgl\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createshape dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createtex\command dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\open\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\dia-win-remote.exe\" diaw.exe --integrated \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\open\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createfig\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.dia dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createeps\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t eps \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createsvg\ = "Create SVG image" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwmf\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t wmf \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\DefaultIcon\ = "C:\\Program Files (x86)\\Dia\\etc\\dia-diagram.ico,0" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createtex\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t tex \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwpg\ = "Create WPG image" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createsvg\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createwpg\command dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createfig\ = "Create XFig drawing" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createshape\command dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createmp\command dia-setup-0.97.2-2-unsigned (1).exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createfig\command\ = "\"C:\\Program Files (x86)\\Dia\\bin\\diaw.exe\" -t fig \"%1\"" dia-setup-0.97.2-2-unsigned (1).exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\diaFile\Shell\createeps\command dia-setup-0.97.2-2-unsigned (1).exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1504 dia-setup-0.97.2-2-unsigned (1).exe 1504 dia-setup-0.97.2-2-unsigned (1).exe -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 1504 wrote to memory of 2984 1504 dia-setup-0.97.2-2-unsigned (1).exe 30 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 2984 wrote to memory of 2156 2984 cmd.exe 32 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33 PID 1504 wrote to memory of 2060 1504 dia-setup-0.97.2-2-unsigned (1).exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\dia-setup-0.97.2-2-unsigned (1).exe"C:\Users\Admin\AppData\Local\Temp\dia-setup-0.97.2-2-unsigned (1).exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Program Files (x86)\Dia\bin\gdk-pixbuf-query-loaders.bat"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Program Files (x86)\Dia\bin\gdk-pixbuf-query-loaders.exe.\gdk-pixbuf-query-loaders.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2156
-
-
-
C:\Program Files (x86)\Dia\bin\diaw.exe"C:\Program Files (x86)\Dia\bin\diaw.exe" --integrated2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2060
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5db14ee352a7193fbec1dc09250eb67cf
SHA1b5201a6633dac057b8b454dc2b9f8ed02a01042e
SHA2564c38562afe57192c1a715b7749a4f3eb1581c6fe52e9122b79e8ccece1e5607e
SHA5124fe169ee431184af39dd48d9aaa4ac2778e15f177dac898846f12da3233d16e2dc23330319bde65a39c6816a6efd929b984a87a533161966988d270ae9824a2f
-
Filesize
68B
MD579f54de0035d4e7431f3ca60a907f0a1
SHA1bc273d1ea3227a445b86458cc335a72e3221ac85
SHA2569f040e3e3241fc600cbe21bd72eaec40a455a99f02d8829a801683037907e3cc
SHA5125c03fcd4c6a65dbdfd707776450946051e2fe3b3df99b4d033515751b2e2062253bb4c208d07c1bfaf70c733c874dcc5c1e1517acb0a0a42f370c1d0608e193d
-
Filesize
33KB
MD55792bf1e8e2ebc1f00bbd6cbd19dad06
SHA1f679aa2befee24305fc1fae7b42bfce7b81c6ad8
SHA25658d880f065930a7a90ffb3a2cd964ab3b02c9a858fe5da880e152a2e1e9bc956
SHA512bed5097a2adae3d3772203825ff62dfe2dd57dfc854837647fd61b83153420ebe44d45b7fdb9a24820ebeae5ba0c499012f0ae064ee5b54ed73e5a7d41431c3a
-
Filesize
148KB
MD5eb2d4c4d4a527bc88a69a16cc99afcf5
SHA1b326ec4919e1ec9595c064b24853b1e6b71530a3
SHA256682d4277092472cac940558f9e679b44a6394159e49c9bbda299e33bfc6fdc92
SHA512009f31cd68a87a40aef4be07af805ab50fac03f4c621144b170d9d3313b1b6a73415f6dd878b048f85afc1b662659a88e4cc89e9a8c76f631f6f1b79d57fd0b0
-
Filesize
278KB
MD5e4c64b0e7e4c6606f3973a16c0c1ee84
SHA10e369ad075b58c09e7c17796797993d67d5a12de
SHA256c8ff2373d4c261fcd6525a826dbc736d347ae10168490a7a7fc837e76329afc1
SHA5124fecda9d9f7f3b6316026d8cd507fae32556c40bed27d1fa8c3e7ba4a247ed9a41ad8dd2ee817a1e76afa3788f2484db8227f53148db2f54f7ba53284bb35377
-
Filesize
1.2MB
MD5ea1263fb4c2230284f3e30c446bfea6b
SHA18118780cf010f3bc1eb2323cb6c2bef4a548ef65
SHA256433d3c2f00fda700fc6353e1af600937a42407b6f2467aa41bd825e96a79c464
SHA51248784c89389440c1cacea3d7b70e5a0663474fadf634209cc1c3a8065a2b8aa2884d0ca224e784b693501db436a171b4e0660a051371fe66d1e5cb00a8e296ef
-
Filesize
1.2MB
MD518e88b04da123bf05b07ff60a4e96654
SHA1f46cd8411e579da9f31749809a5707fecb28b7db
SHA256c0f35b0e5f9b25f36bf9ef885a8135e7dcdb77d425f8ac88124d90cf2bf32fde
SHA512735158b60194205c6262dae0689599babdc2bd0e10d0d6a71c1e1c56695caf432b207e439b5f84a3995c2d8aef3ab26706cf796848c0af0ddd340d388a76f1d4
-
Filesize
36KB
MD5b0b2396fc6413016a45a5e8ca2ea8152
SHA1d9d2311d1619c1f51b406fee1a17529d3de21124
SHA2561e2332ed84bb447fe814e9201effe88e682fd9b2da89e2b1a27aef1c786b6589
SHA512496c8d905a481c3bcacee2a54e0a27cb8605a62d36668dbb61dbb4e23fecb83efe92c4cbb16df0b7276f8938cb66879dddff03c4fca50ca5dd504814982041c8
-
Filesize
333KB
MD5356d697647a480562c4e2e921b13f8ed
SHA11218243c9b4e8e6fabcc5f2eac1adb78002b01c2
SHA25675b4e8a0757f7db26ef195f3c5e2da5770d95c3af081c2cdae0ec15b460aa9ea
SHA5124ef4ad1648f508cb3ad5ab446196d351219a28083df096353a343b81a6d699691bb8a77158a6085d00d4c9eae408a0193dac7e3b806156d62bb6ee552dc8095a
-
Filesize
43KB
MD57ad6f303082b382bff7bafbab246c61f
SHA18d94c4d4b0633a80e28504a3c694dd2bae252854
SHA256ee2e8485fdbfb2c5626099ccafcdc41ac60414dffd5c6c3befaf786634baf5c3
SHA512eee840f217ff65b22efd16e78fb898990116efdfb6ee1cbf9d9fb64b9f3209f18860f6477c1df60352fb242671d973dcac043134748f823d210fc393ed4e2598
-
Filesize
179KB
MD5ec778df2faa455daf5d2c5e20f5198e2
SHA144adb4d80e7728dc35617ed3801b528b720698c4
SHA2568005a9aacc2b47a064d5e1d18d7ca5d1b28cc19b49dec0a888ede1cc970d4395
SHA512cb0c484ba1237fd49ecdaabd865d2034bed200b37913cbe891ad3b6a27ae4ad6dbdb8d3db7ad46fbd68e5ca0d4cb4af9d7f528309ad356477abcc230b357b502
-
Filesize
368KB
MD5cfd09d054747280ed660ef7d79d0d443
SHA1a27dd167551e19ac15adb035608a3ed6a94c15de
SHA256373a9d90cc37a365e0e22c3efe35f14924f33ff6d778ddccb1603093468abf25
SHA512b477f033784ceb084a2a383af784937a28b823e550d53e6bc90516f33e3521aeb54416796f6188c72e7a407ebd61673bd09956c50bd5eda8056065099d6417aa
-
Filesize
964KB
MD57ee993251d55a2eab74340d27ff82260
SHA115975f2aaf1dab31a7b22af068b531d806bf337e
SHA25620e6d1109016042147a058f5ec45f0bcd58c290a89380e4d9ec467e98f0d99ca
SHA512b9c1bf31272dda582ec05d4bd7dd4575962d4c7ac13867785104866cd42b481320368fd9a7a36ae2ebea38edc726e48ceeaa3d33bd70020fbff9afa64d561f05
-
Filesize
98KB
MD5d90dad5eea33a178bac56fff2847d4c2
SHA1cbbce727fd8447487c7fc68051b24df17d043649
SHA256104162a59e7784e1fe2ec0b7db8836e1eb905abfd1602a05d86debe930b40cbf
SHA5128dbe57e32554d049a0779c40645dfbad2eaa1eeaf746898cd44f8686265f1fd4f84d6f857ba40644294d817d5c5eab6ba6271df55c56047fd16c10b8478184eb
-
Filesize
30KB
MD5ad674e2d99f06c4f81491b287d454400
SHA1538b92c8850deb9c1a348f713671221daef58b47
SHA256a0b7226efb9dfce34a7c90f0e91c8b31555c9bbd58c19ac8c761598233fd462e
SHA512ddd902d5f5a57e6cde20f18645f4f8a81ca81ea7a3f76b51a98303b2415bdddbe37a5cb6cf21becff71d2f359a5de0804336b130be45b7b32ede0b7057737e88
-
Filesize
27KB
MD5a6b653293267cc2a2c7137f6b1e82d85
SHA1a86d19b1385fdd822dda8081fcfb511cc96b7871
SHA2562240e5ca17355e2ccb3915f6ed905af4346e9a0cb5174f840faec1b5aa5ffa87
SHA51285039b9f79eab0343067620dfe1a7581476e55a8a78ba9db656bbfc4f28d9bb69832180fcee44ff4918059dcf21db460386c2d2f131a29ecb1157a265e641f55
-
Filesize
41KB
MD5a762b54e2fedd949efc9f0e73326ed97
SHA1379d03aab3558b49c53de54eff46b41c4334cba5
SHA25628d2dc3fe8a66f1937ce722766c8f5416d8b282bb3f53affeaa2b05fbdfd6c27
SHA51278d865d762ed560670acaac9f7cbb760865335b3cad7fcbb9db23784cd3fc57051ec27c658f266d90257b166529bfea1deb7d8507c38a8c3cbfbf2792a9964df
-
Filesize
28KB
MD5b53255ccd3a0174b6f14fbdfe1b3b3c4
SHA15bf6460a14c61e89eb37361ba93f227074f5e4e0
SHA25618e97911fbc619d31a95e58a2511a4b14d75c58cf0a22757e0f44f18f1b9248e
SHA51229deb6d6ff70042b0a2a1d7552b037390c194a38d115d9bf4b1f8f7979ba393ab88c62fd47214d68646a749028173943082671a81b92ecafe1285c479d62982a
-
Filesize
158KB
MD52fb460a8a948fc6478ebf4e9e2c24163
SHA1cbe7bbd206039820bc459b0d211264f328a37207
SHA2561116fa099fd52a30099b01cce44cd24747eb565722815b003cb2cb3910b943c0
SHA5125c132bc07ffe0c6954f29ca5c9447a96b35a20addb8ed7f1aa4cbcaf077ed9105a58758b49a21cf339175669f526767afd38ba7db6bf7f17d7f189a003cf0b43
-
Filesize
191B
MD5769418c2c959df0b58fc44990ab35678
SHA18216cce7f9dd359c0397254d08b34c9bbf9f0cf2
SHA256f4b982b8bd1d14eeec01f2ba81f386b1c7531defa20ab33b93ff4c24222edcdb
SHA51238657ed89144d7ce9f11af432fbdfda0241d348f02385178277b5e02a3b42650c108a7797b277fd9743bf9e03cbb250ad7f1576e499924508c08c9de2d8465c3
-
Filesize
204B
MD5de2be0dc706d9521593a56790d41ddbd
SHA1eb04b193530b90cd0dd0a30bf79a453e26a31adc
SHA25638c878c60763942773e08b416d7a57ce4d839618098e0c08f509e6b5c9c0918f
SHA512064da4939d0a3a01203552e46b9d9fb1031b89cea7aa19c76c724945ebb656f25d28b83fc1c4c05af126b98981b84fc99d702fea9f729385de0fc6bdbe52795b
-
Filesize
183B
MD5a46b4391b54836f4eb77d13a3dc1b6fd
SHA17287b898fcf189eccb3657eb80e66f3cc496b501
SHA256e25947afe63d6c7297934995d5d19315e7dea452804e4dd20f1c0f803693851d
SHA512ae54933dc85794ad25fc4934586a6e563fb3b1175955c0c0fdf01b870ce01b122599651f299fd01074dba628f09dd82b1c1b70964c576a9f6a10179abe399cdb
-
Filesize
76KB
MD527563cfa1d0d54d358bd621b4b2d71dd
SHA1f8a704a0bed7407634d8d9347b5e7edfbf081460
SHA256c67bff3405528f2daaf7ec10dfc4d95766326b44c39ca0b22d6d6666e9e1b103
SHA512cb2097cf0b4935c406789c349d52bc17c885042d43ee3f084e70933ea531c2f885d817284569cd64f920c6f44e62fad2f040692022968e4585d57ed7f6410960
-
Filesize
220KB
MD58cd537c1d83b8ab58d6f421b56833e6d
SHA1f22df4559e1c6d5793db6cb7bcd4ac9459b3de63
SHA256fef8013bc9494a22c7d06dfd9975308f1ea2e62054eaa14cd0e568c42bc2b309
SHA5123a8ad64739952a21f86a88ced51fe8ff598e2e9a7bada3f7ccc223a6a7580a82b588e76456ea2d36af73f264d6c87ef715e6aca085415f14ec60488bbb49b4dc
-
Filesize
161KB
MD5ce88da280f2cbb87b977839ece9f0a38
SHA15788bf9043d9308992da1b296ba2ab43b435766b
SHA256b66a2dfc04193aa54e79bd6f981ba895f35d851e66eacca8fffede391712f1bd
SHA512656449807e5093ef79834013d2e292e3ade64869b72a09949bedc73765c6951e2f32a33d06349cf9124f252d4a852ac16ca51ed4f4d382acd272ef99e134200a
-
Filesize
56KB
MD5b76be150f5aa94ac070dbf03460dfa79
SHA156aa41644c1a11a55163e5d00c461ac304823f65
SHA25668505c7dc0a89584b12a9e15b17e0bd370b30868f5184d18e10f4d0713c51481
SHA51267f2343e3687793a404ff875c07a4e469940bcf01881a6e566dbd2e0f9c0f3945a5112af90dcdb1422a24b396570ce67c37cee8ee58f2796366f6878a40bcfb7
-
Filesize
76KB
MD5037b1adba1507f1374252c07430e4443
SHA1922090038a62bdcf1a3db6a2f24e133cac4e4e54
SHA25696993b3288f70c8ed703be11966dd7df8d5a9ee7c026fd4aa26864ed08745535
SHA512378dc7f3cd0781c91a7bf7d9d6a5b671c6a7fa68fe136a85849dd65e0e5b344a9d155a8f54e5d2102a01dcf9a84dc56db90b7ed6341ba86e6a763b4bf2b28235
-
Filesize
54KB
MD53ba1afac076d1d58bb8ff84073f12402
SHA180d3f69b223d0f5176536ff176017dc7f37e4e85
SHA256449c92afed408e52591423b383be83829ab99442b2f59d29720852164656035c
SHA512fbf6e1f9460c6413fe0df67df2abb750aa29f60509c2be2023008be914185062fc9cfa481c4e6c5e4aec0e2b05b828a43f828ab8b6852bce6153cab64482b3f0
-
Filesize
244KB
MD5308d7044ce7d73f8a1535991811ad560
SHA136fc07a4c2e3ca75990973ae82f26efd5c4fa9b6
SHA25642908285d6687d151d7a81dafb18596edf3e6d14eb2cdb21c4bda83a1a234270
SHA512bd779a6edd580a4b53aa739d4c8382388455e0d07d11eb813a0c9c05c4c417fe0c24201d61f734b1df19b25cb6b4469d5a89be29590ab1b446b362c3b47bc978
-
Filesize
112KB
MD5ee2b2af69c61dd1729f1dccd771e65d1
SHA186b236b60ac7781d55a1bc4f1af43505e6b23d0f
SHA256a9a2c2e7ff0371f8873eb6ddf5c4b7e3dadca980855373a134978988faa00561
SHA51255ba28dccf7ecd8be5f7144d5d3ef5120455346bd39b7056af007c2bf44da6a88ef5100d4af4893a0774ae815fae4a50e8ef63482946e3f94334faceb5c69fd4
-
Filesize
173B
MD5232e5acd595bedf4ff623d0190dd9c1f
SHA119f4777cc146d2c44388a74f0c2c44cb2782d92c
SHA256e344612fc4418b2517b9743e397e628f0ff6d598e779e0e42eb07489f9e9c825
SHA512ed006138ebc51eaa5bd2b8f862b4e54dd9bdfefe77c6a0165d600ace0d06673759c7fa476ca61f750f053ff1012f9116171dd17529e251173fe7852a7f0fc6ab
-
Filesize
687B
MD563432dea8a90abb8e3f2655f8af7be00
SHA164df68c0014bc2baa7faa1b8e3c9579f744a4a2f
SHA256ced3fc554eb3d298044d1420dc16b845dde5f5f12f894d8f1bad03eb88a20e05
SHA512d0fe1e9a90f69fa2e3f50ea2fc98caf42572d95e4cdac807f4c82f00eb9b1963cde90185ec00822487e1f73e915921ff9319e526c035f2208bb7accb323b67aa
-
Filesize
774B
MD55ca299bf0be6788d8ad6f8e495e50a5f
SHA15d947219b55ed2208f588d93f05c6a28a0a614fb
SHA2560c5d476fa6426c9cab47ba7235c198977f51a6d18cc257525df2c9db302b034f
SHA512df80f3c9c1eda21420390f9549db06b5a9b44978d650aed4c988f2474d8c0089ea37162da3e9ae53128e81bd65d4a2454938a47d2cb8d873d3beebb1eec4c20e
-
Filesize
809B
MD537ebada1d2171cc424dd9a87161f90c1
SHA13209cf67fe92993f376eba88d7635f8e6e03d4a8
SHA256150cc5527725a602109521b6db66b701b5793bf953788cb955dbd87c32b29f53
SHA51239f762b3d4b01099422f129889c8e42337a454daaeb55cec0864da33c153c65338dff184a84b0e23b2c4ab1aebb5156fc9dca3c7de25be52c75647a89165402a
-
Filesize
22KB
MD50fa7b2f79527f58b40c6e6a773d8ad97
SHA18c4d24b466e86736bc325b5d096f6588060b85a3
SHA256220e32d68f36fc09e73c8e0302541967ecd15976c62f472481a1fc24892f96d1
SHA512d49f4870c59bb419c7033f50314a8b46f9e08d6fb6b72a63910fd8e5695b6233ea2a132940907d66bc5a98ebc14248d08be35d167139fedf72e902013a9dce07
-
Filesize
14KB
MD5325b008aec81e5aaa57096f05d4212b5
SHA127a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA51218362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
Filesize
5KB
MD59384f4007c492d4fa040924f31c00166
SHA1aba37faef30d7c445584c688a0b5638f5db31c7b
SHA25660a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
SHA51268f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
-
Filesize
4KB
MD57579ade7ae1747a31960a228ce02e666
SHA18ec8571a296737e819dcf86353a43fcf8ec63351
SHA256564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
SHA512a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
-
Filesize
6KB
MD5acc2b699edfea5bf5aae45aba3a41e96
SHA1d2accf4d494e43ceb2cff69abe4dd17147d29cc2
SHA256168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
SHA512e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe