Analysis
-
max time kernel
61s -
max time network
59s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2024 11:33
Static task
static1
Behavioral task
behavioral1
Sample
UniSDP_20240330SP_20240708V5.3.0.14.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
UniSDP_20240330SP_20240708V5.3.0.14.exe
Resource
win10v2004-20241007-en
General
-
Target
UniSDP_20240330SP_20240708V5.3.0.14.exe
-
Size
82.0MB
-
MD5
825e920d558d1cd51625f626a17f7611
-
SHA1
877fff845dc7b4c82f1c60612b1bc838214e7143
-
SHA256
1721cc210c60da50a27d4502eb7b513bd0c104f8fff7954cdd0d3fe451acacd1
-
SHA512
420cfe52a5a6a3409212240fc562dac7ff4d5b96569aa9784a8d9f834468d3fc033b017d8b541ad9d02782e85d9dc3869d1912fe55091202c9d31e719f88a88f
-
SSDEEP
1572864:kB3u04SAfmX1fygZTtu6lwWJfDb48CeMbmdMSpx4qX:kBe5SmmX16gZTtZlwaDb4/tqdPx4
Malware Config
Signatures
-
Modifies firewall policy service 3 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9DD4ACE5-F1C9-4005-B36E-72CF3ACF7E39} = "v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\\Windows\\LVUAAgentSDPInstBaseRoot\\UniSDPAccessAgent.exe|Name=Security Assistant SDPAgent|" svchost.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9E536491-F4B4-4663-837A-73824DDDBA04} = "v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\\Windows\\LVUAAgentSDPInstBaseRoot\\SDPProxyClient.exe|Name=SDPProxyClient|" svchost.exe -
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts SDPProxyClient.exe -
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Sets service image path in registry 2 TTPs 5 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\UniSDPProtect\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\drivers\\UniSDPProtect.sys" UniSDPAccessAgentDaemon.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\UniKInjectSDP\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\drivers\\UniKInjectSDP.sys" UniSDPAccessAgent.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\UniSDPProtect\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\drivers\\UniSDPProtect.sys" UniSDPAccessAgentDaemon.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\sdptdi\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\SDPDriver\\SdpTdi.sys" SDPProxyClient.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SDPSbieDrv\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\SDPSbieDrv.sys" SDPProxyClient.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate wmiprvse.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion wmiprvse.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation UniSDPAccessAgentTray.exe Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation UniSDPAccessAgentTray.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 64 IoCs
pid Process 2004 7z.exe 3240 UniSDPAccessAgentDaemon.exe 4900 Focaccino.exe 740 UniSDPAccessAgent.exe 452 Vienna.exe 2696 UAAExt.exe 2260 UniSDPAccessAgent.exe 812 UAAExt.exe 1816 AsMyWish.exe 4548 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 5052 UAAExt.exe 616 winlogon.exe 800 svchost.exe 956 svchost.exe 336 dwm.exe 468 svchost.exe 2860 UniSDPAccessAgentDaemon.exe 4672 UAAExt.exe 64 svchost.exe 1048 svchost.exe 2836 UniSDPAccessAgentTray.exe 1100 svchost.exe 1144 svchost.exe 1172 svchost.exe 1296 svchost.exe 1336 svchost.exe 1368 svchost.exe 1384 svchost.exe 1508 svchost.exe 1536 svchost.exe 1548 svchost.exe 1660 svchost.exe 1700 svchost.exe 1752 svchost.exe 1776 svchost.exe 1856 svchost.exe 1972 svchost.exe 1980 svchost.exe 2044 svchost.exe 1120 svchost.exe 1784 svchost.exe 2104 spoolsv.exe 2168 svchost.exe 2232 svchost.exe 2360 svchost.exe 2376 svchost.exe 2548 svchost.exe 2604 svchost.exe 2624 sysmon.exe 2660 svchost.exe 2668 svchost.exe 2948 sihost.exe 2956 unsecapp.exe 2988 svchost.exe 3096 svchost.exe 3108 taskhostw.exe 1516 TinaiatSDP.exe 3620 TinaiatSDP.exe 3424 svchost.exe 3636 svchost.exe 3916 StartMenuExperienceHost.exe 2828 SDPCSClient.exe 4108 SDPCSClient.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 11 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPProtect.sys UniSDPAccessAgentDaemon.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPAccessAgent UniSDPAccessAgent.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPAccessAgent\ = "Service" UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hutiehua UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SDPSbieDrv SDPProxyClient.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SDPSbieSvc SDPProxyClient.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPProtect UniSDPAccessAgentDaemon.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniKInjectSDP.sys UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Hutiehua.sys UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SDPSbieDrv.sys SDPProxyClient.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniKInjectSDP UniSDPAccessAgent.exe -
Indicator Removal: Clear Windows Event Logs 1 TTPs 2 IoCs
Clear Windows Event Logs to hide the activity of an intrusion.
description ioc Process File opened for modification C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx svchost.exe File opened for modification C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4UserMode.evtx svchost.exe -
Loads dropped DLL 64 IoCs
pid Process 2004 7z.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2260 UniSDPAccessAgent.exe 2696 UAAExt.exe 2696 UAAExt.exe 2696 UAAExt.exe 812 UAAExt.exe 812 UAAExt.exe 812 UAAExt.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 4548 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 1816 AsMyWish.exe 1816 AsMyWish.exe 1816 AsMyWish.exe 5052 UAAExt.exe 5052 UAAExt.exe 5052 UAAExt.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: sysmon.exe File opened (read-only) \??\F: UniSDPAccessAgent.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 Vienna.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\system32\MeiLinGuanSDP.exe UniSDP_20240330SP_20240708V5.3.0.14.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\Mozilla Firefox\mozilla.cfg UniSDPAccessAgent.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\msg_info.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\xml\page_resourceocc_page.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\7z.exe UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieDll.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\policy\lv-agent-odisk-rti.arc UniSDPAccessAgent.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\32\api-ms-win-crt-filesystem-l1-1-0.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\xml\dlg_super.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\tab_bt_bg.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsystemset\image\btn_button80.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\tab_email.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\libssl-1_1-x64.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_wnd_bkgnd.png UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\log\InstallFirst_20241121_113544.log Focaccino.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\custom_tray.ico UniSDPAccessAgent.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\public\LVGShare.arc UniSDPAccessAgent.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\btn_login_config.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_focus_checkbox.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\api-ms-win-core-localization-l1-2-0.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsystemset\xml\page_logcfg_proxylib.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\public\UserLogonInfo.arc UniSDPAccessAgentTray.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\api-ms-win-crt-multibyte-l1-1-0.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\xml\init.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\xml\page_portal.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxy.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\SysWow64\VozokopotSDP.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\public\custom_tray.ico UniSDPAccessAgent.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\log\CheckGhost_20241121_113546.log UniSDPAccessAgent.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\image\lcex_header.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\sbox_desktop.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\public\box_win11.reg UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sandbox\mainui\uires.idx UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieMsg.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\api-ms-win-core-synch-l1-2-0.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\lan\SoftWareMall_zh-CHT.lan UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\32\ComputerID.ini Vienna.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\log\TinaiatSDP641_20241121_113548.log TinaiatSDP.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_btn_minimize.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_menu_skin.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\TinaiatSDP.exe UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\public\UserConfigInfo.arc.Bak UniSDPAccessAgent.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\personal\LVAgtEnvLanNotZhcnMark.arc UniSDPAccessAgent.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\log\HProxyThread_20241121_113551.log SDPProxyClient.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\certs\SDProot.key UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\image\lcex_header_arrow.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\gmcerts\gm_enc.crt UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\public\win10.reg UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\FileList.ini UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\logo.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\xml\login_page_account.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\32\log\AsMyWish1_20241121_113551.log AsMyWish.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\DunmDuiAt.exe UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_prog_bar.png UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\xml\page_apply_details.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_Tree_toggle.png UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\policy\UAACustConfig.arc UniSDPAccessAgent.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\32\ucrtbase.dll UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\login_btn.png UniSDP_20240330SP_20240708V5.3.0.14.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\NRServerAgent.ini UniSDPAccessAgent.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\public\sdp_reg_mark.arc SDPProxyClient.exe File opened for modification C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\log\sdpsbiectrl_0.log SDPSbieCtrl.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsystemset\xml\page_home_edit.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\xml\resource_apply.xml UniSDP_20240330SP_20240708V5.3.0.14.exe File created C:\Windows\LVUAAgentSDPInstBaseRoot\public\win7.reg UniSDP_20240330SP_20240708V5.3.0.14.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3352 4572 WerFault.exe 167 -
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TinaiatSDP.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UniSDP_20240330SP_20240708V5.3.0.14.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SDPNSPInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AsMyWish.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language TinaiatSDP.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SDPSandBoxUI.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Vienna.exe -
Checks SCSI registry key(s) 3 TTPs 18 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service wmiprvse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags wmiprvse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc wmiprvse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID wmiprvse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg wmiprvse.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags wmiprvse.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier wmiprvse.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS UniSDPAccessAgent.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer UniSDPAccessAgent.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 3944 ipconfig.exe -
Modifies data under HKEY_USERS 10 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" SDPNSPInstaller.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" SDPNSPInstaller.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" SDPNSPInstaller.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\0\win64\ = "C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\ExportMenu.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExportMenu regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExportMenu\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file UniSDPAccessAgent.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lvenc2\ = "lvenc2file" UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\TypeLib\ = "{C2D08241-B9A6-4C61-BA72-0C042E2962AA}" regsvr32.exe Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133766625604650612" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\ = "Offline Approval Result" UniSDPAccessAgent.exe Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI svchost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1" sihost.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ExportMenu\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client\DefaultIcon SDPProxyClient.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CurVer\ = "ExportMenu.ExportFile.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ = "IExportFile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\ = "Open" UniSDPAccessAgent.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ExportMenu.DLL\AppID = "{10D63AD7-6EBC-43A9-A997-FEC1AE9C6EDE}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExportMenu regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\HELPDIR\ = "C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell UniSDPAccessAgent.exe Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133766625606213101" svchost.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell\print\DropTarget\Clsid = "{60fd46de-f830-4894-a628-6fa81bc0190d}" regedit.exe Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App svchost.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell\print\DropTarget regedit.exe Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133766625745900638" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133766625879806925" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client\shell\open\command\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\UniSDPAccessAgent.exe\" \"%1\"" SDPProxyClient.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\VersionIndependentProgID\ = "ExportMenu.ExportFile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell regedit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lvenc4\ = "lvenc4file" UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile.1\ = "ExportFile Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\TypeLib\Version = "1.0" regsvr32.exe Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133766625531681806" svchost.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\Open UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\photoviewer.dll\shell\print\command\ = "%SystemRoot%\\System32\\rundll32.exe \"%ProgramFiles%\\Windows Photo Viewer\\PhotoViewer.dll\", ImageView_Fullscreen %1" regedit.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\ = "Open" UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{10D63AD7-6EBC-43A9-A997-FEC1AE9C6EDE} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{10D63AD7-6EBC-43A9-A997-FEC1AE9C6EDE}\ = "ExportMenu" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CLSID\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\Programmable regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\DefaultIcon\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\LvEncBrowser.exe\"" UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\Open\Command UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\Open UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\DefaultIcon UniSDPAccessAgent.exe Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1 svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\FLAGS\ = "0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ = "IExportFile" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\DefaultIcon UniSDPAccessAgent.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\Open\Command UniSDPAccessAgent.exe Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU svchost.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0DC12667DC00DA38E66986535A2B2CE60ADCDD2E SDPProxyClient.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0DC12667DC00DA38E66986535A2B2CE60ADCDD2E\Blob = 0300000001000000140000000dc12667dc00da38e66986535a2b2ce60adcdd2e20000000010000003a090000308209363082051e020900c97e177b362da686300d06092a864886f70d01010b0500305d310b300906035504061302434e3112301006035504080c096775616e67646f6e673111300f06035504070c087368656e7a68656e3111300f060355040a0c086c656167736f66743114301206035504030c0b6c656167736f6674204341301e170d3139303832363231333331355a170d3239303832333231333331355a305d310b300906035504061302434e3112301006035504080c096775616e67646f6e673111300f06035504070c087368656e7a68656e3111300f060355040a0c086c656167736f66743114301206035504030c0b6c656167736f667420434130820422300d06092a864886f70d01010105000382040f003082040a0282040100daf8c150e6978c89d8ae7e1f5661a985919c920825ee95386fe80d555ccc2e1d643b54f1c080b2586fdc5cda22cb6c7c5c819ff9c844406f7916c51fc8cb5bab76548076f55869d94f62cbff72b5b42808b4ed51f096807c9798f388e70ea102b37575c32b937ceec5ff6c6d9a5c341f532096c05f23fdb65e9632cb3d0f2fe06ab691a256eb6e6496347d4838d9ade091848a8a933a426761330754dfe3a15e4cc881e113358dec737ea44d569735955f1b8d5e600c0b4315ac8e5b13010ed2d6b374b57aa74cfd03ed374a37cba5850e7b03e1520fc6d46ac1a5cfd81a9189b47140b34301ee7d5eca4b640ac100cf282281324d3a4ba2beb414c02c25f76cc3a75fa073a276b780f6c37e7e14d2391e92ec7cccc7f8f2c966c6cf881384d5b06d37f90153902fa6c57a8364d3450e8831513377380fa7df95848f85b9e56b41fde9021834c909dcfd4f8370601d7087f1c1a4a46cc503745be75bf25c5a5283e3e7b0a9ca86e2140a4a4c91780325de2246dbe4fa6f84efa333f6ae344e08e4589ffea62af8b4f9f3c17291a9939e9cf590ef6c12a3b79a15258172208a4f0d5f6848e9bb6ca10e6437a2c6fa23338a48e41014e497f606f1920fcab1180b68b853b22913af10a2f91faf74b368e30f7d2ab868d94294d7e9e454df3e8422205b6014d0dcf39ac05a3b8fd4070962bd5b87034ba948f898e87642d3fc1f76fac82ce058022c7623178e33ff465c96f4ff3fd599e7e9fc0a9fd73f0e94e373e101ecb2670b196aa49844e231084b97ef5adbc463c966784deef7fc5103368f200866baef511f26d7e62fe30d16fac4db8e18d9f4d07b15b230d5cf3db53ff456092df4e129f1590251403c022295f04001882e27e871fe08ec4e59b1678761d5b2b14286aeca707f74c5e3cc87f2f7824a435f9cd8f33a06de2008f556a8213abdfaef6af2f0083d709e1291cb62210bbad8f45c8575a5b33371973e34e8c7b68317cd9b6fc54c4617ec93656fd4cfac2c9042e5abb804e4e2f416e13671aff597a4dca56441288edd3b3f8dd28b426e052d429da404b81fd201cfd07b29f29ac8283fba359daf476a4b48ae132b33b19d5f7c9ce99934343617b738b4090d025005b824dc6b29657a2b5bc5315d03c94fec81dd8e05a05218883c622889b02d98641a5222d50e9053ad4d38c5be28fefcdfbfa875b517f695dcec1f6d66ba6da049d2470951ab82fe10bc11f0fe2fe27320b7ef275b9e66009262739f325e74869b441c234c8d6319299dc5ec31c64c083bb0df5c10cb34570b8109c01062e06e1ae64a454b1f4144d376a463b558ee7f75251dbc77185ce460c19a80b10521515368b92f9c217074b6ae4985c0ec9eea03e8beeb2a654d93ded970916114dc2580043968833377240bf2ca071888abb2afb7cb652117cc7ee5aa59e7e3bf0203010001300d06092a864886f70d01010b0500038204010032ff104ac9955e22cc69abe5521ce2505f0a6a44f7ad5d069ec286984b2b32bb078efc1ded40b009eb6cb749919f1c74c0267b872478560b3d6da91847acebfa578c440cd3c876561813dce6641cb94b0ebd7316023753358fb30c6f10b1a09232734dee770cdd3aab261d86908cae6a988dae9485a2b8c5adbd067e9844a04f514a977eab8e65ff3a517a2667e4a5834541fa79b684a3b424cff09f9f9a1f466c75058900b2800aa938b16de1962ae04de0ed29f94ccf4f350c3b5f8796a72bbfe92b2e430c7ee73c5a00e4d39c7aa15b82f2da0a2c4b85c13eb7f03965739ea28a3905914557fcf0828d10f93016a8928a8fa95d20538645a2ec20b2332295c56800329d518a6598223e481329cb9ea70368d5353c7ff39b9b8498e6c6964047250e3125dbf31719254eac5440751c55af69721ab771465658e9ce23a1dba6f8990080ef6abfd1d82839b048e1e141f3cded8fc4d6c6b955da64fc15a9d134de81bd6645233de95df821dba3724ae77786bcabf06f54def40d697a5d9f4ad5fd14fa102d2b66ef7ba5302c42f1a9835bc792bd6a4a96e6f2084e67fae95955a17ca4581ef192dace5fce73443e70e7057faec1f00a18af597441bdc0da388544110d0a67bdc613e1b3a356bc5a4dad9727e56ac210878060e47d6533bd37bd0c6f32a72de5716a1810e3b11a4e3209d3cf4bf45cba2681ff7c17603f8b15615d8dd6a344e9a51eb77a2ebe7ec39245e7218bdef9722cba59562c1a64244c86fad2b4550ec8be17f5da30c5f1d21678273da0c2d42b0a8f9b4a0c157917d54998841a351950c7299ae4fc3fca3d2efe11cbe7a72959428d84df3e398fc7d813d19713bc91421079c363cf609ef5f0b63a54160cbbdb6b818528fcbb326a65dd58ae9ab8ca4036ab52cade40f7f3d8cbd311804de6813799782d280935eb99249154c4b23acd0ad1089204b52bbef80f254c3bc1aa3c1510cb6796b00f17a9ca4e5dec9fa82663b7e9ecd0173023e60f2cac141ce173f735df8ca57c2c64aeee9dd5c8bf8a1f8c0a290be8f7e8eb2c5dff2f99e2f49a11ca1b9cbafbc297093161e1dfbbecdf6fee6f11c655767bb04718b7a4ee80408db7d15d17149b3f65e5b6489da72f9b87b8dcc3164d4131e0214ea1c4d7cfe85a9734e2099eccdefca2b9df583f8975a157884809a041e6350943c35c473c5093745d4588f9a9a35311ec0ecfabf382b01884183971afb915d0acb3f6dd8f8317754bdda55bc02bbd1b9539f4a5ea84547ee8e3db42eda5771e702f38fd5e4581cd8e1fa0a27fe6bae320f9f26b25d748c6b3422a6ff3dcaf57108ee304204d5bbeaa592026d16816079064ddbeffac5f7a472651883fb61b8564d57ce3fd4ca5256dc54ffe30d27323ae9068417d47a9d77d5e264c7f8d690a70195387f335f882defdc778b2ab5325 SDPProxyClient.exe -
Runs .reg file with regedit 3 IoCs
pid Process 896 regedit.exe 1448 regedit.exe 5060 regedit.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 740 UniSDPAccessAgent.exe 740 UniSDPAccessAgent.exe 1816 AsMyWish.exe 1816 AsMyWish.exe 1816 AsMyWish.exe 1816 AsMyWish.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 2624 sysmon.exe 2624 sysmon.exe 2860 UniSDPAccessAgentDaemon.exe 2860 UniSDPAccessAgentDaemon.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 2956 unsecapp.exe 2956 unsecapp.exe 2836 UniSDPAccessAgentTray.exe 2836 UniSDPAccessAgentTray.exe 3108 taskhostw.exe 3108 taskhostw.exe 3520 Explorer.EXE 3520 Explorer.EXE 3916 StartMenuExperienceHost.exe 2836 UniSDPAccessAgentTray.exe 2836 UniSDPAccessAgentTray.exe 2836 UniSDPAccessAgentTray.exe 2836 UniSDPAccessAgentTray.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 3184 UniSDPAccessAgent.exe 2836 UniSDPAccessAgentTray.exe 2836 UniSDPAccessAgentTray.exe 4068 SearchApp.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 1220 TextInputHost.exe 4396 mousocoreworker.exe 4396 mousocoreworker.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe 592 Conhost.exe 592 Conhost.exe 3616 SDPProxyClient.exe 3616 SDPProxyClient.exe -
Suspicious behavior: LoadsDriver 43 IoCs
pid Process 660 Process not Found 2860 UniSDPAccessAgentDaemon.exe 660 Process not Found 2860 UniSDPAccessAgentDaemon.exe 2860 UniSDPAccessAgentDaemon.exe 660 Process not Found 4000 SDPSbieSvc.exe 660 Process not Found 660 Process not Found 4608 SDPSbieSvc.exe 3244 SDPSbieSvc.exe 660 Process not Found 2860 UniSDPAccessAgentDaemon.exe 452 SDPSbieSvc.exe 2416 SDPSbieSvc.exe 808 SDPSbieSvc.exe 4360 SDPSbieSvc.exe 660 Process not Found 1580 SDPSbieSvc.exe 2860 UniSDPAccessAgentDaemon.exe 2212 SDPSbieSvc.exe 1488 SDPSbieSvc.exe 1772 SDPSbieSvc.exe 4812 SDPSbieSvc.exe 4124 SDPSbieSvc.exe 1956 SDPSbieSvc.exe 4204 SDPSbieSvc.exe 400 SDPSbieSvc.exe 1596 SDPSbieSvc.exe 1424 SDPSbieSvc.exe 3764 SDPSbieSvc.exe 2292 SDPSbieSvc.exe 2564 SDPSbieSvc.exe 1424 SDPSbieSvc.exe 660 Process not Found 1324 SDPSbieSvc.exe 2860 UniSDPAccessAgentDaemon.exe 1076 SDPSbieSvc.exe 4372 SDPSbieSvc.exe 208 SDPSbieSvc.exe 2448 SDPSbieSvc.exe 1364 SDPSbieSvc.exe 2620 SDPSbieSvc.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe Token: SeRestorePrivilege 2004 7z.exe Token: 35 2004 7z.exe Token: SeSecurityPrivilege 2004 7z.exe Token: SeSecurityPrivilege 2004 7z.exe Token: SeDebugPrivilege 452 Vienna.exe Token: SeDebugPrivilege 1816 AsMyWish.exe Token: SeLoadDriverPrivilege 2860 UniSDPAccessAgentDaemon.exe Token: SeDebugPrivilege 3184 UniSDPAccessAgent.exe Token: SeCreateGlobalPrivilege 2836 UniSDPAccessAgentTray.exe Token: SeDebugPrivilege 2836 UniSDPAccessAgentTray.exe Token: SeBackupPrivilege 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe Token: SeLoadDriverPrivilege 2860 UniSDPAccessAgentDaemon.exe Token: SeTcbPrivilege 800 svchost.exe Token: SeTcbPrivilege 800 svchost.exe Token: SeTcbPrivilege 800 svchost.exe Token: SeTcbPrivilege 800 svchost.exe Token: SeTcbPrivilege 800 svchost.exe Token: SeDebugPrivilege 2836 UniSDPAccessAgentTray.exe Token: SeTcbPrivilege 2836 UniSDPAccessAgentTray.exe Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeCreateGlobalPrivilege 4108 SDPCSClient.exe Token: SeDebugPrivilege 4108 SDPCSClient.exe Token: SeTcbPrivilege 3184 UniSDPAccessAgent.exe Token: SeDebugPrivilege 3184 UniSDPAccessAgent.exe Token: SeDebugPrivilege 3184 UniSDPAccessAgent.exe Token: SeDebugPrivilege 1876 SDPProxyClient.exe Token: SeDebugPrivilege 3184 UniSDPAccessAgent.exe Token: SeDebugPrivilege 3616 SDPProxyClient.exe Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeLoadDriverPrivilege 2860 UniSDPAccessAgentDaemon.exe Token: SeBackupPrivilege 4000 SDPSbieSvc.exe Token: SeRestorePrivilege 4000 SDPSbieSvc.exe Token: SeDebugPrivilege 3616 SDPProxyClient.exe Token: SeDebugPrivilege 2804 AsMyWish.exe Token: SeBackupPrivilege 4608 SDPSbieSvc.exe Token: SeRestorePrivilege 4608 SDPSbieSvc.exe Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeDebugPrivilege 3616 SDPProxyClient.exe Token: SeBackupPrivilege 3244 SDPSbieSvc.exe Token: SeRestorePrivilege 3244 SDPSbieSvc.exe Token: SeTcbPrivilege 3184 UniSDPAccessAgent.exe Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE Token: SeDebugPrivilege 3616 SDPProxyClient.exe Token: SeShutdownPrivilege 3520 Explorer.EXE Token: SeCreatePagefilePrivilege 3520 Explorer.EXE -
Suspicious use of FindShellTrayWindow 9 IoCs
pid Process 2836 UniSDPAccessAgentTray.exe 2836 UniSDPAccessAgentTray.exe 3520 Explorer.EXE 3520 Explorer.EXE 1744 UniSDPAccessAgentTray.exe 1744 UniSDPAccessAgentTray.exe 3520 Explorer.EXE 3520 Explorer.EXE 1744 UniSDPAccessAgentTray.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2836 UniSDPAccessAgentTray.exe 1744 UniSDPAccessAgentTray.exe 1744 UniSDPAccessAgentTray.exe -
Suspicious use of SetWindowsHookEx 35 IoCs
pid Process 1516 TinaiatSDP.exe 3620 TinaiatSDP.exe 3952 SDPSbieCtrl.exe 3952 SDPSbieCtrl.exe 932 SDPSbieCtrl.exe 932 SDPSbieCtrl.exe 4184 TinaiatSDP.exe 1992 TinaiatSDP.exe 4572 SDPSandBoxUI.exe 512 SDPSbieCtrl.exe 512 SDPSbieCtrl.exe 1884 SDPSbieCtrl.exe 1884 SDPSbieCtrl.exe 932 SDPSbieCtrl.exe 932 SDPSbieCtrl.exe 2620 SDPSbieCtrl.exe 2620 SDPSbieCtrl.exe 2212 SDPSbieCtrl.exe 2212 SDPSbieCtrl.exe 4656 SDPSbieCtrl.exe 4656 SDPSbieCtrl.exe 1812 SDPSbieCtrl.exe 1812 SDPSbieCtrl.exe 1208 SDPSbieCtrl.exe 1208 SDPSbieCtrl.exe 1440 SDPSbieCtrl.exe 1440 SDPSbieCtrl.exe 4656 SDPSbieCtrl.exe 4656 SDPSbieCtrl.exe 3540 SDPSbieCtrl.exe 3540 SDPSbieCtrl.exe 4976 SDPSbieCtrl.exe 4976 SDPSbieCtrl.exe 2964 SDPSbieCtrl.exe 2964 SDPSbieCtrl.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2064 wrote to memory of 2004 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 90 PID 2064 wrote to memory of 2004 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 90 PID 2064 wrote to memory of 2004 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 90 PID 2064 wrote to memory of 3240 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 97 PID 2064 wrote to memory of 3240 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 97 PID 2064 wrote to memory of 4900 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 98 PID 2064 wrote to memory of 4900 2064 UniSDP_20240330SP_20240708V5.3.0.14.exe 98 PID 4900 wrote to memory of 740 4900 Focaccino.exe 99 PID 4900 wrote to memory of 740 4900 Focaccino.exe 99 PID 740 wrote to memory of 4944 740 UniSDPAccessAgent.exe 100 PID 740 wrote to memory of 4944 740 UniSDPAccessAgent.exe 100 PID 740 wrote to memory of 3996 740 UniSDPAccessAgent.exe 101 PID 740 wrote to memory of 3996 740 UniSDPAccessAgent.exe 101 PID 740 wrote to memory of 452 740 UniSDPAccessAgent.exe 102 PID 740 wrote to memory of 452 740 UniSDPAccessAgent.exe 102 PID 740 wrote to memory of 452 740 UniSDPAccessAgent.exe 102 PID 740 wrote to memory of 2696 740 UniSDPAccessAgent.exe 104 PID 740 wrote to memory of 2696 740 UniSDPAccessAgent.exe 104 PID 740 wrote to memory of 2260 740 UniSDPAccessAgent.exe 105 PID 740 wrote to memory of 2260 740 UniSDPAccessAgent.exe 105 PID 2696 wrote to memory of 812 2696 UAAExt.exe 107 PID 2696 wrote to memory of 812 2696 UAAExt.exe 107 PID 740 wrote to memory of 1816 740 UniSDPAccessAgent.exe 108 PID 740 wrote to memory of 1816 740 UniSDPAccessAgent.exe 108 PID 740 wrote to memory of 4548 740 UniSDPAccessAgent.exe 109 PID 740 wrote to memory of 4548 740 UniSDPAccessAgent.exe 109 PID 740 wrote to memory of 4440 740 UniSDPAccessAgent.exe 110 PID 740 wrote to memory of 4440 740 UniSDPAccessAgent.exe 110 PID 740 wrote to memory of 1164 740 UniSDPAccessAgent.exe 112 PID 740 wrote to memory of 1164 740 UniSDPAccessAgent.exe 112 PID 740 wrote to memory of 5052 740 UniSDPAccessAgent.exe 114 PID 740 wrote to memory of 5052 740 UniSDPAccessAgent.exe 114 PID 1816 wrote to memory of 616 1816 AsMyWish.exe 5 PID 1816 wrote to memory of 800 1816 AsMyWish.exe 10 PID 1816 wrote to memory of 956 1816 AsMyWish.exe 12 PID 1816 wrote to memory of 336 1816 AsMyWish.exe 13 PID 1816 wrote to memory of 468 1816 AsMyWish.exe 14 PID 3184 wrote to memory of 4672 3184 UniSDPAccessAgent.exe 117 PID 3184 wrote to memory of 4672 3184 UniSDPAccessAgent.exe 117 PID 1816 wrote to memory of 64 1816 AsMyWish.exe 15 PID 1816 wrote to memory of 1048 1816 AsMyWish.exe 16 PID 3184 wrote to memory of 2836 3184 UniSDPAccessAgent.exe 119 PID 3184 wrote to memory of 2836 3184 UniSDPAccessAgent.exe 119 PID 800 wrote to memory of 688 800 svchost.exe 120 PID 800 wrote to memory of 688 800 svchost.exe 120 PID 1816 wrote to memory of 1100 1816 AsMyWish.exe 17 PID 1816 wrote to memory of 1128 1816 AsMyWish.exe 18 PID 1816 wrote to memory of 1144 1816 AsMyWish.exe 19 PID 1816 wrote to memory of 1172 1816 AsMyWish.exe 20 PID 1816 wrote to memory of 1296 1816 AsMyWish.exe 21 PID 1816 wrote to memory of 1336 1816 AsMyWish.exe 22 PID 1816 wrote to memory of 1368 1816 AsMyWish.exe 23 PID 1816 wrote to memory of 1384 1816 AsMyWish.exe 24 PID 1816 wrote to memory of 1508 1816 AsMyWish.exe 25 PID 1816 wrote to memory of 1536 1816 AsMyWish.exe 26 PID 1816 wrote to memory of 1548 1816 AsMyWish.exe 27 PID 1816 wrote to memory of 1660 1816 AsMyWish.exe 28 PID 1816 wrote to memory of 1700 1816 AsMyWish.exe 29 PID 1816 wrote to memory of 1752 1816 AsMyWish.exe 30 PID 1816 wrote to memory of 1776 1816 AsMyWish.exe 31 PID 1816 wrote to memory of 1856 1816 AsMyWish.exe 32 PID 1816 wrote to memory of 1972 1816 AsMyWish.exe 33 PID 1816 wrote to memory of 1980 1816 AsMyWish.exe 34 PID 1816 wrote to memory of 2044 1816 AsMyWish.exe 35
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
- Executes dropped EXE
PID:616 -
C:\Windows\system32\dwm.exe"dwm.exe"2⤵
- Executes dropped EXE
PID:336
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:800 -
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2956
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵PID:3828
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3916
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:3988
-
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4068
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:4168
-
-
C:\Windows\system32\SppExtComObj.exeC:\Windows\system32\SppExtComObj.exe -Embedding2⤵PID:4156
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵PID:3176
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:3508
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding2⤵
- Checks BIOS information in registry
- Checks SCSI registry key(s)
- Enumerates system info in registry
PID:4044
-
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}2⤵PID:688
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:1424
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:2564
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:1272
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:2936
-
-
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding2⤵PID:60
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:3740
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:5064
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM1⤵
- Executes dropped EXE
PID:956
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc1⤵
- Executes dropped EXE
PID:468
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts1⤵
- Executes dropped EXE
PID:64
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc1⤵
- Executes dropped EXE
PID:1048
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService1⤵
- Executes dropped EXE
PID:1100
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule1⤵PID:1128
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3108
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p1⤵
- Executes dropped EXE
PID:1144
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog1⤵
- Executes dropped EXE
- Indicator Removal: Clear Windows Event Logs
- Checks processor information in registry
PID:1172
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s nsi1⤵
- Executes dropped EXE
PID:1296
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc1⤵
- Executes dropped EXE
PID:1336
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc1⤵
- Executes dropped EXE
PID:1368
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp1⤵
- Executes dropped EXE
PID:1384
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager1⤵
- Executes dropped EXE
PID:1508 -
C:\Windows\system32\sihost.exesihost.exe2⤵
- Executes dropped EXE
- Modifies registry class
PID:2948
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem1⤵
- Executes dropped EXE
PID:1536
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s Themes1⤵
- Executes dropped EXE
PID:1548
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc1⤵
- Executes dropped EXE
PID:1660
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s SENS1⤵
- Executes dropped EXE
PID:1700
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s netprofm1⤵
- Executes dropped EXE
PID:1752
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder1⤵
- Executes dropped EXE
PID:1776
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵
- Executes dropped EXE
PID:1856
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache1⤵
- Executes dropped EXE
PID:1972
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵
- Executes dropped EXE
PID:1980
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵
- Executes dropped EXE
PID:2044
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵
- Executes dropped EXE
PID:1120
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection1⤵
- Executes dropped EXE
PID:1784
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
- Executes dropped EXE
PID:2104
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p1⤵
- Modifies firewall policy service
- Executes dropped EXE
PID:2168
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation1⤵
- Executes dropped EXE
PID:2232
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT1⤵
- Executes dropped EXE
PID:2360
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc1⤵
- Executes dropped EXE
PID:2376
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc1⤵
- Executes dropped EXE
PID:2548
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer1⤵
- Executes dropped EXE
PID:2604
-
C:\Windows\sysmon.exeC:\Windows\sysmon.exe1⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
PID:2624
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService1⤵
- Executes dropped EXE
PID:2660
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks1⤵
- Executes dropped EXE
PID:2668
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
- Executes dropped EXE
PID:2988
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker1⤵
- Executes dropped EXE
PID:3096
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc1⤵
- Executes dropped EXE
PID:3424
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3520 -
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14.exe"C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14.exe"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\7z.exe"C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install.7z" -o"C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install" -y3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2004
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe" -i3⤵
- Sets service image path in registry
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
PID:3240
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\Focaccino.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\Focaccino.exe" --pre_inst3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe --unisoft_instance4⤵
- Sets service image path in registry
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:740 -
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\system32\CarnegieHallShellCore.dll5⤵PID:4944
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s C:\Windows\SysWOW64\CarnegieHallShellCore.dll5⤵PID:3996
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\32\Vienna.exeC:\Windows\LVUAAgentSDPInstBaseRoot\32\Vienna.exe -GetComputerID5⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:452
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:812
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exeUniSDPAccessAgent.exe -i5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2260
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\AsMyWish.exeC:\Windows\LVUAAgentSDPInstBaseRoot\AsMyWish.exe leagsoft5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1816 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
- Suspicious behavior: EnumeratesProcesses
PID:592
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\32\AsMyWish.exeC:\Windows\LVUAAgentSDPInstBaseRoot\32\AsMyWish.exe leagsoft6⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2804
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exeUniSDPAccessAgent.exe -s5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:4548
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\system32\MiRobotic.dll5⤵PID:4440
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\SysWOW64\MiRobotic.dll5⤵PID:1164
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -cleankbreg5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5052
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
- Executes dropped EXE
PID:3636
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵PID:4480
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc1⤵PID:3756
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵PID:952
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵PID:4920
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵PID:4724
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵PID:4036
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc1⤵PID:4592
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵PID:4816
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵PID:3976
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc1⤵PID:2028
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe"1⤵
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -icf agentremote2⤵
- Executes dropped EXE
PID:4672
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentTray.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentTray.exe -hide2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2836 -
C:\Windows\LVUAAgentSDPInstBaseRoot\TinaiatSDP.exeC:\Windows\LVUAAgentSDPInstBaseRoot\TinaiatSDP.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\32\TinaiatSDP.exeC:\Windows\LVUAAgentSDPInstBaseRoot\32\TinaiatSDP.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3620
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exeC:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exe3⤵
- Executes dropped EXE
PID:2828
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exe" --SPA3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4108
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exeC:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exe install2⤵
- Sets service image path in registry
- Impair Defenses: Safe Mode Boot
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1876 -
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\ExportMenu.dll3⤵
- Modifies registry class
PID:2216
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exeC:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exe2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3616 -
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPNSPInstaller.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\SDPNSPInstaller.exe" install3⤵
- Modifies data under HKEY_USERS
PID:2080 -
C:\Windows\regedit.exe"C:\Windows\regedit.exe" /e "C:\Windows\LVUAAgentSDPInstBaseRoot\public\NameSpace_Catalog5_BAK.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5"4⤵
- Runs .reg file with regedit
PID:896
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\32\SDPNSPInstaller.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\32\SDPNSPInstaller.exe" install3⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1492 -
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe" /e "C:\Windows\LVUAAgentSDPInstBaseRoot\32\public\NameSpace_Catalog5_BAK.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5"4⤵
- System Location Discovery: System Language Discovery
- Runs .reg file with regedit
PID:1448
-
-
-
C:\Windows\SYSTEM32\ipconfig.exeipconfig /flushdns3⤵
- Gathers network information
PID:3944
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:3952
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:932
-
-
C:\Windows\regedit.exeregedit.exe -s C:\Windows\LVUAAgentSDPInstBaseRoot\public\win10.reg3⤵
- Modifies registry class
- Runs .reg file with regedit
PID:5060
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:512
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:1884
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:932
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:2620
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:2212
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:4656
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1812
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:1208
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:1440
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:4656
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:3540
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:4976
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe3⤵
- Suspicious use of SetWindowsHookEx
PID:2964
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll2⤵PID:1056
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll23⤵PID:4616
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell confirm-securebootuefi2⤵PID:4656
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s /u C:\Windows\LVUAAgentSDPInstBaseRoot\system32\MiRoboticIE.dll2⤵PID:1428
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s /u C:\Windows\LVUAAgentSDPInstBaseRoot\SysWOW64\MiRoboticIE.dll2⤵PID:4608
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -icf agentremote2⤵PID:60
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentTray.exeC:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentTray.exe -hide2⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1744 -
C:\Windows\LVUAAgentSDPInstBaseRoot\TinaiatSDP.exeC:\Windows\LVUAAgentSDPInstBaseRoot\TinaiatSDP.exe3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4184
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\32\TinaiatSDP.exeC:\Windows\LVUAAgentSDPInstBaseRoot\32\TinaiatSDP.exe3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1992
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exeC:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exe3⤵PID:3124
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\SDPCSClient.exe" --SPA3⤵PID:2804
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSandBoxUI.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSandBoxUI.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4572 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 6845⤵
- Program crash
PID:3352
-
-
-
-
-
C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe"C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe"1⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2860
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4000
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4608
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:3244
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4572 -ip 45721⤵PID:3764
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:452
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:2416
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:808
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:4360
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1580
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:2212
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1488
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1772
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:4812
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:4124
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1956
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:4204
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:400
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1596
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1424
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:3764
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:2292
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:2564
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1424
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1324
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1076
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:4372
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:208
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:2448
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:1364
-
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exeC:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe1⤵
- Suspicious behavior: LoadsDriver
PID:2620
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
2AppInit DLLs
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
2AppInit DLLs
1Component Object Model Hijacking
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Safe Mode Boot
1Indicator Removal
1Clear Windows Event Logs
1Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD52cb502a2fa3f071be04ee1893bc1f21a
SHA181c7da62db222c3355035c76bd54d654ec6fe043
SHA2568e49ed46036fcd5d00b500ba8733ceeecc2febcfc4bf4c43a00cbb82aedb849a
SHA51209a4a83d06194a354a9881f160abdd4e8a9422e22bf5488f4c623bfd943e51f30ba0ec8949283bb5c713076e46e8adaa2c8daae1670e405785531460606ee271
-
Filesize
2KB
MD5d980420ff83455407bda3dcff94b9d8a
SHA16db2067239e68216f167022e4198cf6c4d3639ed
SHA256228d1d99ba159cdbe8bcbe737c6c56e801543f7b0305e8d33141ffc1b367619e
SHA512230da22662c27bb7680459b2cf48b82a21c17e613e81c4e842468fe8040eb49d907aaef5aeafedda0fd08b3f281510ea0c269a991f669663e5c208836bbe725a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133766625518268522.txt
Filesize77KB
MD52836a560e219b59e9ad9f549311f964e
SHA1aa12b3eac7f3b1138eb1ddb7ca4fea672f9645f3
SHA256341a3a23fe9d85293337cc0b66f254a4a838eedcaefb39f8dca289fa10bf8c45
SHA512525809b6317fea4e2dab3bce009ce24936e1be8499c9ae9ead1257cfe41b48c1cbaf694efbbee09ba4e9a150c2a7965a49fe649eab981f01536396fc9a79c412
-
Filesize
1.1MB
MD55ab1f3606b4b0680aba82af857c9e7d4
SHA16c973e14eb0a6fad3202c006aa0a604d3ba0c2c0
SHA25651234aee28d858295f715bc61d07aad991791e2493232e8d35aa21177109f6b7
SHA512d337d92a34ae2c87a983b091889531787f8559440b4d5d7fad7c91734bc261060b38ce3f8813def81939cf519733b373e68b9edcc63f1bdc8e42f7745fd645ce
-
Filesize
302KB
MD5c42e14fe778a07ae4da7c4c195ec6547
SHA1cc42be4023c6c835654130b6b6df443b89287ea1
SHA256ced28353801ea01924792a01d180fb426b4aa8f09c15078c5ee35deb3296d971
SHA5128e8f0e4f535a46d5768352b440829f396ee6ab47b4581cccb44d05b1f86dc4b210e8501623779d21a034bc59fa87047a9fd65e070e4beb8614ba7e18352bc38c
-
Filesize
171KB
MD5c08d39df11603c8dea6c88e70fcb0804
SHA118b5c6a130b80b15f2c065bb18165479bd94cc0a
SHA2567100e74217adfb5c5757446b2972479a15db5209dd7beac0f646a1051c5b4ff4
SHA5122d38628dfdb7db35c5d6b741b5a5cc5d5127f4fa465f84bf09aa797e09b6066f9ef517cd2628060cec876f42b297b4c7ab376f04b73570c9b59e2373a767c11f
-
Filesize
46.2MB
MD5fdb424cc347b94d709bb29c2c80b3f4d
SHA1dcbb74ecafbdfacc69696f4a8b06dca50c6df752
SHA256a1a9172dda43e8b6a96f34f1543c63f50f8e12224703e0032b28dbf0840f12ab
SHA5124a48af6d8388ad069edbff455489232550cf57e3b03aa18def89fe70c3ae5584a61754f8e44f7b45d2473fd358d34df6c1226c6052e725e87399cce8b744ea3e
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\%system32%\MeiLinGuanSDP.exe
Filesize1.1MB
MD5c72c313b5e1c7d86d6db5869e3c32f71
SHA1d4b6e2d4067be03b75ffc5b4e8ad0eb848a25ef0
SHA256dd7392a231ed91a88d8c2f27e9eab1086f8c1b35adcc4a0384d5a2ab3c4dbd51
SHA5122bd76f83cd374131ca77edb08e09578d509d8bc51882868237581aaa6be82dbe491b35562675cdb58bf5a2db3180f0c0694f51549addaefcadce99419c9c320f
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\API-MS-Win-core-xstate-l2-1-0.dll
Filesize19KB
MD5e536b81cf7c6a943d7178d763c613172
SHA14f67ad45df5e8cc5e9f82f6bd5b4a2ae798c82ac
SHA256e3651cbd3a91b742d662dc11a9d9a6b4e03c652b8b694d90298d38d446885039
SHA5126d70ffb621ee8a6d77a409fdd5d7691090567888253d6b18f256d6f35d1eac52d72921c9acff32b5c5b246d2145101bd037b42180b565f728dc989c93a32b7a5
-
Filesize
28KB
MD57d87aef5b3b0bb7b59078ca1255e4204
SHA17d1cc0ae83dc2e9faa83b0e7743e427f189f9947
SHA25677cbcde8c222e62a0f2ac39768f932fdc09e9ca1c3b99dd06f77c5189f28e5a9
SHA5121b6cb3fb68c0363c5dfb6a995db5aaacbb17aa420dc27af52c76c9907a0c371ce5190b254cf8c7de36160b5d49ee76cf2e0ff9f85ee4e3e904390cc51d4048ff
-
Filesize
3.0MB
MD534e8fc1779c248241f51877fc9d35e18
SHA135ea582285273c8032fd6befcba53f9954d6f72b
SHA2563197fca6d91f15d1ec21dcd18c9df0907f20ab52e71261721439619ebcd3ca9c
SHA51276dedc9700873d6ac8f9cef49a84bf8a2baed554dc5b08c0c866d0e13e96aa73652b26f767867ac7f820bd3602e987495fc4b2b810d5dd31dca9032f6ce767fa
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\Microsoft.VC90.CRT.manifest
Filesize1KB
MD5eb75c86ac086a7834a26ab681f8bf49e
SHA1372fb34c5ccb415910580a339a428c896920c357
SHA256637bc117f358af52cd0c2fd2b9c22ca48df53071f936263957ae1bbe5e755dc6
SHA51208b69250ca75b91693ce663ad9d102128f45ad88bf2999d7cd60218436297660d4e7043453b919c233b022dec163620e2ba7723126a9aa3e8efe165365af2d83
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\Microsoft.VC90.MFC.manifest
Filesize2KB
MD5856628c116fca29589c9cb3fc114feb5
SHA1cc212968823eb0ad828c2724773f36e2e0f797a5
SHA256b6493fd205d29b419040dd3b81ece5f3d02f9319b5a93d3363063f947c19a716
SHA512bcda8632050a558b50d523adfa4829ea426f5caf1245b5d4c8bf88933cfb2bdc8530c9e02f276cbc06e286a0fbc3b05fb115e88660b981c5470676036261ad40
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-console-l1-1-0.dll
Filesize20KB
MD5a47a7084d4ed2fb6b9181075f91729a0
SHA1b58e9474a3e7ff023c3a181a3912e7884e8e1a7d
SHA2569490c5938112242cadc2c676f82b60fdcc7e5f56caa7aa2d2ba3a6ed358683d4
SHA5120b5fe71b2e3cd7ffd836a0bf49f44818a59ca3cdb1934c6402dac1cb132aaea0b540624537f2c2b1e99922e551990d7b27f29f9b9a87e6e1ce5d4f6ba7e7d63b
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-console-l1-2-0.dll
Filesize19KB
MD59b630e1445f1e687284077eecd999b03
SHA188b8da8b1fbaf0b91699e2a0ba212c5e8adc6e5d
SHA256efd664c9f87b370a530cea5fcaec3d248f5c9d79e749862b3eb63448292ab20f
SHA51232ae20bfd579b8bacbdf3cc6a7250662dcca5f2cc24f36e7034384ce2e3cc6e61f7cd7a5b54865ffa4ccd2bbe61d5bc9c5c9894ecb4981c410b66b19a485d1df
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-datetime-l1-1-0.dll
Filesize19KB
MD572f8626388893a536d0ee370acc9e456
SHA166cf9103fd285fc34ff018eef98c3bef0fdcba96
SHA2565c9d7085295dae9a9b2d3a9c66d99d0061d0ba14f218b95e95e8b01bb7204c87
SHA5127253b85867977cb8823bbff120f2fbdff2d499862a58b6b7d8bde083e7e07260294411ebf84cae4ce98963501d5ce7656f00dd0249fef7413cad727697e75477
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-debug-l1-1-0.dll
Filesize19KB
MD55bf7aafd1e8ab7b806dba539a0b33474
SHA153a476277856de2ef21db9a4f56930f77e69d45f
SHA256d9100e99b2b915623294e18377d162afe9fd354bf0c4a7208f1270721714a553
SHA512369733aa72d84579c17de3094b5396ff9c760b84f161b36be814512a7dd10c61ddb63bbf889fcf6875311a665efb545d8da4e08fc232030cbd3cf4b607da45c6
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize19KB
MD5a960e117840acb5ff1d2dcfbbe574e21
SHA146747ee4f408e063cf88c86a685412c08ae78473
SHA2565695695176a80a3e7f9eac80bb3d92df1a5592be42b939b14087a3a6ae6efadf
SHA5125bfbb2e49c9825b31a5d63e09e58dc7e05d8b5e49530753b879971531a398ec46f7a0fe3ef5ef605f396f7440a650e26bf2b6d933324c95410608ff48d13f3b9
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-file-l1-1-0.dll
Filesize22KB
MD550fee042cee2a4aaba502d2f5087ae70
SHA1347c3a75d19b784223296f19da64aded95056c3a
SHA256656d1b11a6242142b9b289445fbe7617ad9b5f6fcf47ad6983ff09194c867bbc
SHA512d2e4f9f13996a6d11cad2f5c2db74a155cc86db70820b33ec2cfe86882955ab96f79fde57901b3880d74775700c3bcabff7b270207a57959f948fa3e50e188d5
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-file-l1-2-0.dll
Filesize19KB
MD5045e4617b49e817007d8a88652af7734
SHA1305026109a1eabf49bf7ae6a233a4a11e2a22580
SHA256fd387d4e358e3755db38a618066fb72cd03b17b54d058dbe3dab82065519edc7
SHA5127e21cf4982ce6f4aa52f0281eae101287a850152c70577b456876356201e12983c9d211d04e05d2c81f80a56bc11ab54eaefa7e492e3910af21af14ff10962cc
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-file-l2-1-0.dll
Filesize19KB
MD5adfc5bebc4a2c52023f47a1e548b0cc9
SHA1a2562ef8534b1448409adfa6c5d7e283ad005a70
SHA2567de5743f68d9bd6cff0fb8021c22d4069e2e993d97735db0ef65756ff915f39c
SHA51289665104bd17f9020a871215f03acd40294302e933e503ad22b208ec7c96dddcf5f7b1ae1aa2c3d83fbd608d525d36ff2f7ee86762e44e441153124da352a278
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-handle-l1-1-0.dll
Filesize19KB
MD51f6a4f144e52a23767cc74fe2f796ff0
SHA1646f55fcf4cc0654f9e01e66fb20e463c1ac9c86
SHA256634924290057ae9c0e4599d2c70656916be24bd594ab1904c0be7a8ea91ddc7c
SHA5120e52078ad12bc9bf1d74d5ec98a547cf3db508532098bfefb8bbba8f4f7305bae2365dac50e9c010642c6a9bbbbeb3660c6fc658b00e8370cd3647c65ab7d403
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-heap-l1-1-0.dll
Filesize19KB
MD57001bee6d2b9189081f4b558050fe106
SHA1561dd7a7c58fd2599ff8694beaa908d2e3aaf68e
SHA2566bbbc652ac07511af4126a4a820661eafaa3903c6a6993e2f5c0cdff541ae195
SHA512301bb940359732dd2e263f6327df11a3c24f95c8d6396a0e2731b1b9d8179de196cc54baf2ab29e6175c66192db5d6e0513ba01655bc81af94ac29b02f2e560c
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-interlocked-l1-1-0.dll
Filesize19KB
MD5109032959967f8cb078d72e397238509
SHA1bd80538edb47f8620d78ae8ba6127e5748ae5889
SHA256c05208903446e2bd528f726af1287be05243dd6cd1e42359440f9303fb7790be
SHA512b2825341a8ffdfd1317c24a418ea581b513cd4e6628a989ae11e19b51083b29b5a7588bffbce21ded5127910b2d486d3e1436e6504595015218f6c84d98990a9
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize20KB
MD5146e9998951e897a4f7f5a97baefa823
SHA10b822d157e4a0a21e1192bdd1d559219ac73f913
SHA256ac011f904f8aa7c9a2577d959f7e430cda544ca13a1b3818c69d8514d079399a
SHA5123deecb532e24790405054de1c63aa5937ecbced0791aa209b0fd1b0d4e68735a38a96dd86167ca3b1c340da0c2f8d2a6d33b2e34845ddbfd539941856c22ba5c
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-localization-l1-2-0.dll
Filesize21KB
MD52a3da8e1cd09aca0fc13be43848c7695
SHA172380005fde41e6c6b37db5a46cdb0efc3d6cb08
SHA256c3f671d3b41fffa444a33f79c0e65df7ca01e56598e4b2f90e7af18c77b97652
SHA512e4b659aa290a6c256799a76890c296e702316094b132b9bc4b393dc6bff7640b7e62de0f05097932291db411dfb871533f7473cc6c55805f69d75562aae6dc44
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-memory-l1-1-0.dll
Filesize19KB
MD5163d64f0558d8d93b86acd1055ef2ca8
SHA15727ffb8ca641cb2b9daba4fd8341528dd1b7c30
SHA25694af705ccfd2e10d65a06451226ace0e13eaa1fe5af9b3f7ab81d96ed0775c4b
SHA51274862f8cf84f6d56ff45ae135d685b181c8dc9eb6b0bd20bc5f3c25e656f60a014c89f71a7e5f381ab06b3515454ce836a75fbbe7d2b1c7770656d144ed555c6
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-namedpipe-l1-1-0.dll
Filesize19KB
MD51922b0a9ab3cbb0f4a93c0df1e812996
SHA1c3bb5c4682dd0cd16d828ee96e6cd02c047d8f44
SHA25689c930d2e4482799f4f0f040b994c457310912ed1bbf2a4b61e58cc98f31f0d5
SHA51210464a4027a62815a29dd888e870186f3c3ed809080784465eb5577051b42ae3064949c4fe8f4abe846b1253562436eda4514ebcdc8fc9d73a7d68f0fa8646d5
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize20KB
MD5114a2b70fdcf21357f3070dc0c070b3c
SHA1466c1006877e63f404269990da6926057cbc4ce7
SHA256d91f680b1f54dcceddd9ead63dc08ee11845803f2cc6de7c545335803016f2d0
SHA512af75aca3fbd6430eb2975cc6339501acbfd31f4dfb6eb9d3493448946ff301e9ec0bc252ab679cc2508ada510b15bdbb0dabe002ce2f7e4f1c1b437527c76667
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-processthreads-l1-1-0.dll
Filesize21KB
MD5a66bd19055465d56d2918beaafcb6a04
SHA1106973cc2e03293cb4a03826f843d387431666f3
SHA2563129f7b002b724cda522230ca7a9cb4b24f0679bf572d4fc990058d6b36cc293
SHA512873a9e63608d70725e6046999e36b15dc99e362e0bafa4de1ccebc09bf7123d6bc5d21dff1f778f8b8cd3413b45b82344784f9f2e1b31f54ad34cb3a2754f0a2
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-processthreads-l1-1-1.dll
Filesize19KB
MD51f462654c1bbc1ced7e4d8e879732e14
SHA1a56a7c4154870db07395d50f4d8d963e4cce92ab
SHA256b8e6deceacbc5f8e483ad076196df819377d2731e146eb4f48c5a59da9abdd65
SHA512917edfc5cbf3f82708d6cb84a2ad31c41b1b02cf44a921b6934bff614b69d0754115c35aaf4d181085a4b77ebd816fe06cb9def01addc5c68846da0850fe8cce
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-profile-l1-1-0.dll
Filesize18KB
MD5e52748f87b1f5905fd6d562533523c33
SHA1c1f3b2b6bd929ba6b4deb79498204c9a5e0d5fb7
SHA256b1e857e184818a6fa21e44c658fa3d6a752881ce909b18cc2d677dba0e2db87c
SHA51225c80c468e43df617c0e18d06697f14c3bb1594b233dd7cea5aa76d49730aeba9e5f7d435acf9ff40a8dc66d9431721d44f2740ea34b1b667a0c7bb8faa78f74
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-rtlsupport-l1-1-0.dll
Filesize18KB
MD501ee5032cb31b9a83c6b0eaed810315a
SHA136cad637293a5b01c0e0adbc16c55a37992b15c3
SHA256a2cee2281a78f0a58f2a6c1e735f1725e96512c5dee49f021c549cac3c618ba7
SHA51258b857c589870d2c4c3fdcb61198cf6c49ba5496b86b8ee6b60805d08b7da712674b41f1014433f125c1db5e255e18b5e2911c278316174fa54bae07f3c6b986
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-string-l1-1-0.dll
Filesize19KB
MD57dd35c4be2ec4d74946177698990b1bb
SHA1b35fb40dca5f76f2ff9bcc0956659a834310e8bd
SHA256ae67d1bda3d9c10560819e9e02ba475aeb3f7df7e8f73586d546f44ba6ef8046
SHA512caac4e0e8bbff5e83964ea1502a96113fb1fd421f32fe70029352a533f4b95c826c827ee57c0d1c3d47c5e3b792cfd8c5c1477a6485eef6299601aeea947e684
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-synch-l1-1-0.dll
Filesize21KB
MD5ebfc306560273b257d3a1ef9861e35d6
SHA17834fb653634a181890531fb3e91c55eb0ed5745
SHA25685aa1cdddda9ec9eba75f68cd98fc43430f1ecb68b957a7b70a7a6049feae76f
SHA512bc3aa3b7ac552912c3dd405a3b0f0218ddddae459a16edb99c1870b020d41102762b24315be5b55781a8eafe99195888ec9f976842de165b95c423c43fc90a7d
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-synch-l1-2-0.dll
Filesize19KB
MD55a8978023b93c8c369d3696c8251b71d
SHA11ffc61471c2f49a80d5e3f83df2a9010d3c5a1c7
SHA256dba254b1446808887d452bcd6c27685462c39dc2f1da181765f0898b4eb1b953
SHA51253ae57280e593d886b609d55c313e2ef208c3f0ce53b5d015f57aaf3cce901a192efe60b24d9e9b5c6e9ef7779c9103a951e813780a53d12a27680965e5b39ad
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-sysinfo-l1-1-0.dll
Filesize20KB
MD5b816bd9eef2adf08d27a22620feca795
SHA1a8b8d1cb1e2fdc605449cd17c0e2f62db582b266
SHA2564214f1c07c4abd241634cde318f4f73c9d1aeb931413c4245b6c61f77f3b54db
SHA512d78616f681cea3317b9ffb86ae7b11778b90f47cb57fa92f8c8666f6e36fb6831e38c37d2fc9f5c81e743f8b77f25ccf657f28ff8b5f0599d70cade5c9ec9bbf
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-timezone-l1-1-0.dll
Filesize19KB
MD5ed3a91953d5ce03d65bd90fa46c1e29d
SHA192cdac4071850ac96759ae77a0b3c5f6bebdc2ef
SHA25635ea6ec01e55108182c743b47fed5be381acf295982be87d92b4588ccb71240d
SHA512edb4539b6081e73bb410668c420d437a0a746fc4aba28f7f15f7a2debc8bf8eb11e03f38957b438bfb95e86652b44c1bdb0162f449146df467ff5e1de281e56d
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-util-l1-1-0.dll
Filesize19KB
MD5d8e04bf7a8feae0cb8afe43a87d9ec93
SHA18fc010890f4ac7a8117dd5c3db21171a49eb6f06
SHA256e1000ef817a5d8db82d1d58022c7ee3e1edffd2f9da15781902a4de2b71242e1
SHA512116bdb64752dcb30d0557b2cf1a09ff692d621f0844cd59d69813dd0fd47735b0e1df34d077bbb4bea563655ca3460437a644ba26897026405af573035d9032e
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-conio-l1-1-0.dll
Filesize20KB
MD553f2e4ec1efe147f8df45e4ab05a07de
SHA1ac03a30639a717b4895407e8d153f8919ff5bbbb
SHA256b79bb037437212a95f18b1110a907a0f474878f40a7bb906f297eb5d24352e6a
SHA512b435470311ed47f163cf42adb6334a9caa906580925d19e9febf3c979668c62e25d8232fd5bcebf2f86307708ac165d7e62608c7225c1aeb7ed1530aecb7c288
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-convert-l1-1-0.dll
Filesize23KB
MD52e7fcee0944d063d8528399f22c9b2b7
SHA105a68b73e778817f52885e6f27800e99125efdca
SHA256a38f46fe1a1bba3a8c7cc942bac945413c5c0e992ca599f9f09181b7f5645f52
SHA512df689de14369d858412b79156acd8e2fcafeb45793eac91f1ce0cba37bcc2e88c53533934647960176c48133c1e5383f406eef859bfb5231f49730acf4320d95
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-environment-l1-1-0.dll
Filesize19KB
MD5f966b9ff936d60de02c37b16b9d23e4e
SHA17dffea259d7e5ffdf005900ac9417319acc66f33
SHA25690788cc217e4f5e78ec988061552fcd1c1a3ab61c6df3de132aae606383fbc27
SHA512bc27f4871e872d76b89d7f0ba5ed7d7062a04218bdf9a741598bfce82cd788e866d2c20513594726948e1701bfdb17afc2280405b0d994aaa3cd2ebefc1c8cf7
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize21KB
MD5735d7e5ae0a53b644482f5e70efeff5d
SHA18e99689cf9d24aa4268a51bd377015e9d9ad7f64
SHA256e9d88aa96743aa2ff29ac8d7930ba0c8ebb21372329a1bf5926cce59a4b39f4b
SHA51212239d14a634b7cdaa07e39186b674bc905f73c928db5230752407650f274bd401d10487b3ac2c426cc8da708f0ca6fbaffc2a5075e299901961bd205ad7bbd8
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-heap-l1-1-0.dll
Filesize20KB
MD56521cf7e6a66c747726fd09e51a1f92d
SHA1b89168c27063a2b4f81c69df4ce23f144b55bcc4
SHA256dc8ae6136313ed0ee26aed6e9d3a192413d62e12c7c568fae5a7abb784ca4c72
SHA51203a63ed3c2e0be3e1e918eb01e5fb722be06d8e32179782ed3f7106048f522426bda045cd3ae605a066403bded2621923a8c33d075bf8e11b58c432a69481ac2
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-locale-l1-1-0.dll
Filesize19KB
MD5281399c6a7ca9c52c6b20c78938ec2d3
SHA15e76793588075edaeedab8d30297d9a8031c74b5
SHA25658e0f4ae04529a03bc5a453cdb891fcdaf82e4d7ec2757b3f88f5f967407fc94
SHA512459fe7cb8433fa23dc765894b78c1e2fd007ac3ed659d6f4fc9191a589e349107f7c4c03718e34c9a9231324fdcd970fae75e2772c153a97001933869628a7e6
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-math-l1-1-0.dll
Filesize29KB
MD52b20bc164f817ffbba1b547857b0da2a
SHA1c40095898cfe64c6132e81090333317563184c3c
SHA256a7a4ba2270ae7e5679ff9413d1e53ba706a95bec28c906de378ab4b1a8fbf6e7
SHA512a760294cd9b9f3c0c9c0ec4800536df874ef7d3757cad9469da96c293187a9382867f332caf714f91c9059a90a3dda7670b265f3a5e2339b9e12ca05eb373e56
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize27KB
MD5e92ba8ab3be45a5fa0b0439966583d8b
SHA188ec890850a4d531476151ddabb6f6def5d87273
SHA256f65bb318be803581780fed95f57d0fd7b5c1b0e070e0062a8d06e4e5dde4c9ee
SHA5124a5d11dfb7ed1c95eb2b839c9a094f7a8cd32e78d3af9f1eefe52857d9b17cc69649638b8afd8ae581518cf9b223c352ccdf84a46990ac56b57577502a9035dc
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-private-l1-1-0.dll
Filesize72KB
MD58ff98e2ceb2724d9c7ce121a75036560
SHA15d0eb20c46c4c1ce1c188a5c3cfaf416617a58ff
SHA25680ec395c2c5ad8b9728784d6aec611e0ce7a5ddefebef093235b420fdb74a7ab
SHA512c029a78834236a6a4616ee93e0d06e44e880560c354a4872489d24497133462e8629c03af707825fc6fd447437922c863e5395f0851d5b19585bffa42d9ce4ec
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-process-l1-1-0.dll
Filesize20KB
MD54bfd59d316c51af7c1f7d347477b5629
SHA196b6291180ae0a12b8a650557291ff60c1243367
SHA25657998a0a8168a75eb8e5958019b29f86edee70931bdbcc18e06c9b93f4b70cbe
SHA512cd9620909eaa85151edf996d506a6969d4f892fe11939158513e14c9e73c862eedda61faad3eb28e55f3ea10347253e5b7bdfaee624de6c514fdb4f902d085fa
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-runtime-l1-1-0.dll
Filesize23KB
MD5f24259dabe9905bf00eef0374053937b
SHA1b1949c85cfaeb2b2cdf99b51d3191e4e3bd0dd54
SHA256f99a3f408880834ce3c762fb434cea98c87bc6df19b63d509d1093f2295bbc8e
SHA512fc46db162ba62b46106c7b5c942e2ee186b126deebb8f2e48daf9892620d4b4acaa244fb4b65e1e6f02e06072a8b61d95e49e2ecbfa676cedc361735abb34f01
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-stdio-l1-1-0.dll
Filesize25KB
MD55f158413a85e905b0ceb5aaa1aa35f28
SHA18807fa016b184ae6e8b66177bf34f1810f5d6095
SHA25693780b67e8ff9dd076cc67c620d1baa7b5518ecb5cf45ecc1dbf92e6bafcf646
SHA512e20e433e45ac817f74fca61be03bb9a998adfb2038b50f4476bcb2fcaf0e09236844dc2a9fa4200724d62c646aa9ea5ad315e51fcb4aa9fbf1add1a55a735983
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-string-l1-1-0.dll
Filesize25KB
MD5c04f55920b25221f81575231bbb5e4d7
SHA1b0a65c6ee855e49a4a1d937572f7aaa7b6d9539a
SHA256c87e13d8fb07cdf07deb3222270afec1de7fc7e481a9fb22068eee74f2a60685
SHA5122159de09ae92d8a88feb7eb1d0072b928c726fad94a3a72d3523fb15e41a2ad9cb26affdb23cb3d6441fd2b377f29b3df5cd7e0db0ec48871c9dcdaa35a4a000
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-time-l1-1-0.dll
Filesize21KB
MD532abf928ec4678c2bd68a894da7de229
SHA1eccc5e68ecf49a8bc448b88a6a8887a570ce47d4
SHA256ae60603ed90d3ce024a9c05bdac449abb34ba43251241a27298f4a717a27c249
SHA5120e71ba1249f65e05461c3e416876502104dc302131312d44151ebde2d95df9433b6faeea3ca0e1afe5831172d59eaf3f348735609894e5ecec3f8d31d199ab2b
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-utility-l1-1-0.dll
Filesize19KB
MD559bf6195153eab0d466f501bf8f14f68
SHA1e6e156d6c3eed6b4190a266f7374cafac8ad1c07
SHA25628af247eca739d17fd68979b8c5067deaf85d4bf8478f480d00dc0337c06f47c
SHA512abd4e96c6e1f54e989e3167402188136aca172cd926e9910a456094bcd0fade2f0eaac97887dcd1bdef658d8b6d5606a9a493d6b0687653a0496228cf1907ecd
-
Filesize
238KB
MD5bb7293add679a5688fcdd03f44de4b90
SHA14ffb7d8acd1bfec663d99694172c0c8c28a92900
SHA256f3093cb216bf8ecc8d869e46d8cda3aaca28a326cb865ccbef329e1b13abc834
SHA512ea094064c1454cceec03b4f54ad122be169c8bbfa6eece9b4f58eb6d59cbefa16af3a9b6f04461e438e4c208b6224a69a15c10cca6cf4cd5527cf0fe90052711
-
Filesize
4.5MB
MD5e9503911178352a473eeba6ab0768ff7
SHA1b5f037668d7d6e7fb3fec27b6c1fb8c7c78fc7c2
SHA25679808c7b51377c75ceefcca636ce23362ec94509f19ba4f364ffc7414ed7ee5a
SHA512f5b3d57214b84085130ee312c918c05a25b185d67305f7d65f02c6c85a8a84128df0540aa929ca28168946ad4fb7c7117becc4f2423aa7981b580825c6fe296a
-
Filesize
4.8MB
MD506f307b7ddb0994b448b9786cf5811b8
SHA14d70c5206e84b23916e4c686f430e5dcdc70dfc3
SHA256dde3c8e9e7d414913a29979798311d095c1b8869ee405a1c3fcbba14da90446d
SHA512b26bcfca4569ce9fb4b7196c952ce38b0e3a30aeff2e7ac4b2ea1c695c658c1d92029fb7e31ad231e62de8dff2a86ab3821aa1f9d5c944d88b263d88efeca16a
-
Filesize
3.6MB
MD55963633010616b25503ee126f55e8de4
SHA11cb2080133ac915863e6988b0f377d46cd91e6d5
SHA256a1a6f3e18b097ab046e8771a01f8b727a44348b28b82b5beb15ee311ad27cdd6
SHA512562eeab7c6e3ea727441ec6b8a748dc5938a91d7bbee04cdaade9683eee9d02651d3872b7249f8a829fa778378469716ea7a5905f72659a28d362fcc6354c98e
-
Filesize
3.6MB
MD5ca6ade4f7761bb15b3325356dc3b82bb
SHA1effaaf31465ebf248b5a4f91a179797306b326c9
SHA2560ea4cd410da764916ea201c0c1e16752e0d3dc9d8571510782af4aae62509af7
SHA512b920cdaa8b668b00a141fab799c2e26e9bb8195e3ea799c4fd9252bbddf7637c484c5179dc9ce606ac0149324002f28b1fb68c32e522dd7afcf6b1c4a27702ab
-
Filesize
412KB
MD5ed40615aa67499e2d2da8389ba9b331a
SHA109780d2c9d75878f7a9bb94599f3dc9386cf3789
SHA256cd28daeda3c8731030e2077e6eccbb609e2098919b05ff310bef8dce1dce2d8d
SHA51247d94c5f4829a0f901b57084c22b24adefb4aec2f7b8df9ea838e485dbc607aa837ed6d3c7186159499c44a3ff488fb04f770c624649a406854d82cd3baf72ee
-
Filesize
429KB
MD5d25c3ff7a4cbbffc7c9fff4f659051ce
SHA102fe8d84d7f74c2721ff47d72a6916028c8f2e8a
SHA2569c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5
SHA512945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065
-
Filesize
556KB
MD54c39358ebdd2ffcd9132a30e1ec31e16
SHA170ac82988285f9f7069faa9a0612aeba7fb001c4
SHA25606918cf99ad26cd6cf106881c0d5bdb212dc0bac4549805c9f5906e3d03d152c
SHA512eb5348d2f258767281fe954d45999bd6eb7af61411ea3a5c63fcdafc83e487cee51e1dfe2d86590243b21f6a135e0dd5116e66b0f22cf0937bd147e54a1df391
-
Filesize
756KB
MD5ef3e115c225588a680acf365158b2f4a
SHA1ecda6d3b4642d2451817833b39248778e9c2cbb0
SHA25625d1cc5be93c7a0b58855ad1f4c9df3cfb9ec87e5dc13db85b147b1951ac6fa8
SHA512d51f51336b7a34eb6c8f429597c3d685eb53853ee5e9d4857c40fc7be6956f1b8363d8d34bebad15ccceae45a6eb69f105f2df6a672f15fb0e6f8d0bb1afb91a
-
Filesize
637KB
MD5cdbe9690cf2b8409facad94fac9479c9
SHA14bcdfe2c1b354645314a4ce26b55b2b1a0212db9
SHA2568e7fe1a1f3550c479ffd86a77bc9d10686d47f8727025bb891d8f4f0259354c8
SHA5129c84ed9a66ce20a22e14fa00c1a0db716133f7b2450a3c0d20b1dcf74e030337c4c6a4953e40e10fc94706dc607236e773ba8999b21bd6e072ab24a487e8f942
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\UniSDPAccessAgentDaemon.exe
Filesize952KB
MD51ce02320eaed5021c44d3cc521c69f58
SHA10e0b97d7eb61fd0ec8cb0ccb2cd931c22deb22b6
SHA25642497aac5f17d662f9998810e944e931c7bc4dd470576a85de2dab0d56000e31
SHA512ae8e3c78a9ee01fe0debdd137e28c64444cf0c39e33504f23caf22c097e192e6c6943fda9587b0d5b968a5e62c795e849d657a46e26845cf459beb2aeb5d184a
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\sys\sys_shadow.png
Filesize1KB
MD5c862a34218b511107eea62d397a512e6
SHA15a946cf1dccdc1b152969f1d2c8eee76f86c63ec
SHA256d7af42463781a038080739e566d5f38ab52e5bf21e4826a0ef5428474d4dd2cb
SHA51224401db4feb5de7e611682afe4d503cecf998404a5ba25cca51f568898d726dff9148a749377eacc7ca356350e51bcbfc32475f74a46d081626e283f11a0bebb
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginpac\image\btn_close.png
Filesize620B
MD58f42e8caf9361f3f363fd4418ec6e4fd
SHA1f0cafcdaff1544cae66ef7961e086f3072607ea5
SHA256d104f13f86772bf541815884b6ce39c900f0a1533f2ebfca05c7e1b131c996b8
SHA512787afe42b526557130c3ffbed1c825d90a180090e9272b52a19327b0731cecc5494f27a4bb55ab42ebe521452b71baabb283987c855796c763505af60fd72275
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginpac\image\item_bg.png
Filesize319B
MD51ca9c5a8b1074e204848eb3594f57d56
SHA1388371a5c22ee230761cafb55996ce855b342a19
SHA25688e4cc15e7caf1584f043146bf86d6eb06107a26108ded5ca49da9a75121d838
SHA51204d17f77811199ce6d72bb1a2c52f2e91503b566caa15f8fb9602d07a793a6fec5dd58513016e423cbbe5f95cd90bd4cd60cbb0278590364086da407ae83cca1
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsdplogin\image\lcex_header.png
Filesize1KB
MD5f2e9b590761bd30791b7b73671078237
SHA12e9fcc7c65dbbecdf33195f602caea26a97af7ea
SHA25605a8356258239f7c42bf3dfbcc4424c9d4ac16717280380b95941bd3dd12a831
SHA512ba151978f046391e96591fff983063be4ddee000a1fc1a7f3f79eeeffd4500c0e77d41fcb49ee2c77704a2acbe9f784623a192c09e5570268e398b8d6ca283f7
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\btn_main_item_add.png
Filesize682B
MD5f46ede64a8d47d20d8604b884e14170d
SHA1876ce9ed049c20d927c8c0c36e440ce470e5ee82
SHA256d01ea92f44b47af06794407bea1bc54507e1192fb2e857ba5dd728fc174a6826
SHA51280a506e9d4b311ca2119657e617392298b1061f617708209c9b303bfc859f8b494fc5793161a4c21c9527ba6d00770406d94432e7cb3e1864465a2e2d5f52372
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\btn_main_item_delete.png
Filesize1KB
MD5cde45dc2b8a08cef100bc430849a82cf
SHA13cdb2e5329ac8e010a3b7c2e2ce6f3a20bcf6cd9
SHA256d9b45edcf482022e024d97ea88f45af77743329b047dad2b85bd4fd0a8544852
SHA5127d168a07d9b276d1371611ef6687a92ad121a553d97d18b64afd1e27b55f6d2227e188b2e4fcc837fa0a82307037121f7175bef750161adc57eb8d6fc0a03297
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\btn_main_item_edit.png
Filesize1KB
MD51e0bd3e19aec7b21e88e77cc516fab77
SHA1593e59d48994718f912f8e1e6ac9226c89c4403c
SHA256176cd9308c5374651ec72c17b030b313f975b47cc5c029bfa4e3b15a5f93ed19
SHA512403fbdcce3feea65760f9124315e4f708b9bbbb5e08f6482e144cf6eb9ba92e6345cca1195ef7b51a3967b7d2df2fba5d75466562a68bcea4983ab191a0a7de2
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\cm_check_btn.png
Filesize1023B
MD55026afacd0beced18a9576a167cd7256
SHA1d12f89c37735555350259a92f96c339aaff7c7a6
SHA2565dfda9971a8bcfd20b5d5aa464e217025853c7fb261274ed584cbbf8196ef092
SHA512c88a9b47d2b07e845b999e90362bc5eb8d14d6321f43f12f0be1002e2ae677414e066fe32378edb96b406e9b4af532d2f7b9eddb948e48cb770cd0668d06335a
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\info_tip.png
Filesize563B
MD51ec646ec32892f6cf4372ec443735623
SHA1f8de945d44de818da7e1dcc88b5fb2d2e7688239
SHA256f6251db838a91e8b1505730303ba7cec18cb79b2ef0db38b364ab1a69e4206a8
SHA51254c62b85ecf72f096e6cdfd6844f16d338b089710e992ada685a62935437876b2393704e712c7c434d7986477748f02701d7a5bff5cf0aea8a5dd17c7c442e8d
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\lcex_header_arrow.png
Filesize2KB
MD5320b5784ae6fea133e28722afac616a5
SHA17473601a48898508a0db3e5c3c9736c43d575bb4
SHA25678bbf6632312bda5092b3113d1be092929cecd262f570431ad4e5f95b3cf2994
SHA512f191482b26c84285c421249921ad120211264bec8c004f0abd4955bfd2d414fcee1063c815a498651d29f1c19693a4549c515d20df50e03364fcc9389216ffbf
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\set.png
Filesize2KB
MD501698db5b2007b42776aaf3a808208df
SHA12d569ba7bb4c143713b487c0ad9b7c4903816173
SHA256f6d3988923dd9c029ab802dfe3fb18c7d39e01016f147926a3e8d26544896d92
SHA512bf4c4f1055ede1ce7b9e6ce12a972368fdf2be4dc6e704870d4fb8295c3c0a69a5ef9cd2a3f1dc1f6e2efd31d85eab28621a72dc6f24f369368cfaec86220907
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_button259.png
Filesize38KB
MD58037cad31e58a6d07be4030d5524affe
SHA1a9d3c3459a662d280b9ee6e6a71e2b6294df41d0
SHA256f6878b082f2f9b82a8d69d72d13b8a1661d47fe237a440498a4c652d2c24b08b
SHA512a177b8d4960209aa50a99a2dfee7badbc8fc9ca2273a5d9fd18e1326d5da1aa7e92e7717fe1a7991db3b47907f924bf149d851a00e5f26e1090f08e2b8de5ebf
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_button68.png
Filesize533B
MD53faffdc7178cde3deebb984763170968
SHA1b5fa2bce9e9c4a62b1b154fbb2ac35f83fa7f62a
SHA256dce600a4656d9f24c01c1fe9cdb86087865cd894afbfccc2c77a1fc52fb3a596
SHA51204b89a22a41696d5530d03e654910a7bda24449bed5e2ce95a427e3dbb635ca272518da6d54aea22efc8b5a72f3f75d15a600035fc8b923a0db7a5b7172243ae
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_button80.png
Filesize397B
MD525cf5126bcc5100b21e62c3b4f798084
SHA1f2eac27b0599199e9972a6bf2ee0c36a18aa3bdd
SHA256707732db2a6c51935896476b23cdde43c4b5bdf342ca98aac1de8e512a86e2dd
SHA5123cad30da9ad7af83f17f071a38d71982a3423d15fadb11644841d3ee4cf44354c6373302ef59790fafc391f9a1ff19e3d035af3a722cf300ee8e75f862ea9e9a
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_feedback.png
Filesize213B
MD5a17b4e5ec2cc0284e4ac5dd3bd5ad10c
SHA1ba72a028e9f62ca4806244157b47e613e801fde0
SHA256f80505e3cce67a346e93c429b6fc471c693d017e632b13a43908ef5df31fbfcf
SHA512fb404913a964413d1d647fc375bb31a5ab2da9bcf5e8321bb72cada8646d50b0ead63c5f26e5a1c69a58ebe0fd6dcdfe26e745db4c3d28ab20b4477b49727c43
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\main_btn_close.png
Filesize3KB
MD5e17fa849eabe2f289d815fecbb0e0c61
SHA10d27ebc47635fef5336474935f067195dd288c1d
SHA256b89dee6d77c9fa125396aa913809c07602c4bdb60eb1ac4753282d14dbf9367d
SHA512106f41090f0a5e59b7a35fe3bbd28710bd721419988e4e1fba953c1816ce259ae021c8c60d617a75b5d3d4bd15ea5aa67dec2319b4e99a80730b13d29ba119d5
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\safebox\sandbox\mainui\image\menu_right_skin.png
Filesize991B
MD536d2e27d715ff05cce8397d863bbbc97
SHA193a7f387ebbae25174076449ebe9c9db9a0b69ee
SHA256f40cfb0d3d4552add82ddb6e24f3cea2eea7363c0a5d89c1208d23888061a62f
SHA5121fdf51aa3515635ed23a2696f56a60b6857e73d3a0df8f74bf65fa82009033bbfba7514f56bbb493a10cd4b86553ffbe635694d0e48c2d925b9e247a39293c99
-
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\safebox\sys\sys_prog_bkgnd.png
Filesize458B
MD5409c0797ced6cdd36fd754a9cf410747
SHA1db05e78544f4d81cfa3ae050b9d7a6a3edcfe0ff
SHA25602bf33e75df4ce3c97d391cd88afa94eabffc16bfcc66a303e7371173dd87f44
SHA512bc1336489ac78c127e465bda4f4b2fdb1074d4fcf74d3b0ea1331642def96217c315fa296cee96be530b6b1b3ce844e95b33c34a9117d83c78826644052c1630
-
Filesize
16KB
MD53533ed1ce2dee9eabfd1fb9998366eb2
SHA1b538c0a14cc527a9f292888c4cab3204170d200b
SHA25669e312b3222fb5bae87908538318e09f81f8123d39c485d818a50d44345b4147
SHA5123ba072104ad861b98fb1f995be7bfff613150bbe6e82515225e27e8492c2fe0c1508d133764c7a19f12adabfb896d8b1d6f9e13556cc19ad4b9c8007dbdf9573
-
Filesize
4KB
MD5e5f39064bafa8d2333a1ba21a1beb594
SHA1d9d7fe3d7cae909152649f1cffd32c4ebfa1d6a9
SHA256cf2c807873762c911a066816b2836ab73e48df5f1c1405aec3f3b285ab002e54
SHA5121a668bc3dffdef4d47d194ce30bfba22c07397563ab044eb4489fbe7f0c805680646bf36d34852384ff190eddc5a40f169faeae79bf78f3eb5f749e4f2851bd7
-
Filesize
28B
MD50f00eb83c286f52dc0eb229dc5c85d8d
SHA1a54fc7282b5cb6d1005d91a016929bceef824a64
SHA25626c29339443e3a4b725d34bfc5a536cbfb2aeaabf473d9076a1ba7dcbad17528
SHA512d882c006e36b2bf38b14439c396ce557833a945dbe6f92d8f92b9eae5d394ec1c8ebb1f6bb6c7854083230ab297a96ca9d9c27b9914b7fe6bb996d6d07cc08d3
-
Filesize
44B
MD5d92825fcf4a1f061148fc3b04bea5626
SHA1dd5b83239953686aeb0f0da77259951675df1278
SHA25650a768a269577814cec29c4ab1bfeef9f948547bba231fecdea48c1111384a57
SHA51208efc67c3fdc1016e3986b12a321612b1a37ab3bfc048b59c263ffcc6d669d6333a22e6b8c5b2883cb0478c490db46ae04c883e46a0de9dea8fb9689fe3b1ad4
-
Filesize
2KB
MD54f00a9bd8b8ac3f8821824b018cb9e1b
SHA1d9a293180fae09a80d4735db4c898fec6dd9d952
SHA2566d1aba9a9886b4f452ce379b43aa7c612d74ab6e9c5f097f08570ba9781097de
SHA512223fc2e353add7bb47832d2c45055d4ad831a12e5df8ba163ba2ba32887f6cb4d340213ae05452b0529a2d8808d12028febef7de7a4a2d6efd7500dea91e5aa2
-
Filesize
1KB
MD56e816199d279d19ecdc3364d9972a18f
SHA1d68b34479b0e01d788f0448317362ceeb7ff0960
SHA25687205e35d3f434e578c93a3660e0c7a79882216f13666b3d95605dd459a796d0
SHA512128c965d590f9a5ad9b974935e9bcef927073bb295282961b6efc6c2b3b57c475366f9b63696151bdc1727868f8b41766ca8b882d14ad898a4f3e026542a4733
-
Filesize
3KB
MD585e2bbe22f1a5508252ed507c970fd30
SHA1cd385c5c54b4ef0c37dfbdc74030480cb1ee9509
SHA25695d38d3f03b230b4c4e3d724d68c811b75885acdc2f7aa3097b4f536d34baa02
SHA512f58ee28891b1abee1bd1bbe1aad786c0cbdd6575d8a75ef2e547b476545cd2b654e6206bc87ac2260241f05c2ed6dfbe8a33c7eefde3f4ad5d8fa8169763d63d
-
Filesize
460B
MD5d748bd755c36ea6cb4fcaa8b2f432da2
SHA11cf70b679355e30b841d094149698e3a518f2c75
SHA256af7098b7843b1390c983cc3406cb1cc2b661cc30b33209903aa6e549abf90f36
SHA512ef741e324f2ae3b6f2c55b70b0cc3c1bbf086430d53698f44ae8904b002c335f5a36a13ad6cc950fa562f621ee4da5ffb5922c67482e807de627bfe534b5af81
-
Filesize
460B
MD5560601aedae695b8da4a7dd524ccdc95
SHA17e28ca1636acba60dcfacc52a6c500123940694c
SHA2567920c0525a7621f89a1094f980765714a2b269f53bbfd26ada71d2afcdf56cf5
SHA51255f6a259bd721c7b12dcc94ad3c8ffdc66cdfa60672e3b230cc47445646b9860c3b91cccd30ca71fb4d013ba0c24bc22efe75a6317fe89f1b9914d96c9c4f4a7
-
Filesize
16KB
MD5fcdf189d48b1aa66aad68384b9619d81
SHA1e25e5478de559a91b3f71c2b9db00f9e02cdb536
SHA256e654c090e275a0c6e8da510614d6782e15b1cc1465f92168d0a48e03e6e68508
SHA51286dbc75bc4ec6c0b73fd46dbc2d93330ddf50bfe771f3b121897e8ff3d8d1c7584b17ad31ab5fdf48ceac4357657922df82d891c04dcde61b3ea55a1de5a8125
-
Filesize
882B
MD5bb0896a39e2bc953bd624529ebaf3712
SHA18690ebd2efe7f8d06dc4355e28be16713ad86b17
SHA2569e2ca154f156a117b90d80e8f99499f930f32ac8f8273612b97238259c7e51e7
SHA51291495735daf89bdfe483e24f0659c006deadcb3f202ad0249ece7c2bc25b7c761bb52700e051b211f75e0cbcdd2430c2ad4c86e2296147beef3866b4aea7f101
-
Filesize
1KB
MD59043d0bc91b3efd9eaff55eb6f2d33f8
SHA137e3a053abedd9a8c9c487334eee607f29c75f34
SHA256d1722645497d4813c4061f7e39091e9516719110cf6b8c99aaa8ffa57adf9526
SHA5122a031fa72ea16b98c837888410fcc9863bc4832c7b89766bb713b3e9c97ea2cad04e86f4de3c28404e6472205a6bc3b28bb17402747151cda3596fa0277c15f0
-
Filesize
4KB
MD5db810ed7b8b54879b76ae7e93778503e
SHA1bb228085cd8a5d6c8cba89ee2f72ebe76885641b
SHA2566e8fdf0e8c9a1578d55668d11d87e7ea9b1d50224c47901dc1e1078d409dafb7
SHA512102e486195f62591c97593338ff5901635574ef3c96dbb12c0e5dcebc94d48af2f45838f09902f1626cd63b35cfd400cce43d3df9d11aa1b3dc3fc36cf9f3144
-
Filesize
3KB
MD5e55d9af5f55d0457d4631cb4bf85e994
SHA17268e9ea4d4b823f8701c76113a6cc2e4cd42212
SHA256b9c0add584b48098a9737b0957ff294dfed58136364bf76cc4b01e0dffbcc121
SHA512a0a7a9f435ab0e1c6f2f8926628d9df087c558a8fa79a037f5dd8584f4de2e47508bdebc2d0f7c8b686b90c0a60d0381cb3ecce6b03c24999a8c95140d412028
-
Filesize
3KB
MD5c553582e00feb08ee9b60df1428ec56b
SHA1bd17d93b72c1c38f737538fbfb1c93e8d6f1b414
SHA25661d39ba8e12b41c93e69ea263d9146bb7974f6da11b4780a705727c57fb5e738
SHA512175137a6f0dd7278e3abd69705e3ffbe8f8c11787cd0e9f725400772b10ea879901c1f9281285d58184c3dbe7417a00cbb051fe903c4b146617539d728819850
-
Filesize
3KB
MD569466bd970dc2a8539cc5f65bc67a0df
SHA13b997c2118014753f3979d55eb85f47aeb0328de
SHA2568da23497400e6b1aca1d5a395eab3f11c95f21818a0db13911554d457085675d
SHA5121b4f2c64656aa982aa0a7f857c67c4c2b2130f4253e063f7b318e1f6d0c1c86cea5c9ada956edb4e071759e080c20cf8ad28107482da0945d67cde7a8a676b3a
-
Filesize
3KB
MD564cc3502f3dddc4ed1ec30cdd2311667
SHA11829eb3d8b514aa12a333f5a845d1d24480b6b81
SHA256b9118d1275c3f5f2343cc742b4e1bfce251ceadadb5728a84ffedf69fe1ced7b
SHA5129c84dc774a66c64fbd3dbe4ac2dc160bccf16ecb69f09375f2d3e3c2dcb27c0281d4fba2e3234c2a73e82fbf5707828092569cf426d3f365ffd23b181c19d27b
-
Filesize
3KB
MD5afbdc0f36eef061579f497d13c54b674
SHA1d1a7de22e7487c22d96af5a0bad7e0684adbac17
SHA2565c70502666bf8531d697ebf0ab416380b31c7576a10b3d6fa828a2436f8b4ce6
SHA512ff9e7d124284210fe4aff489a4c877e9b6673324220d334fc17fac94c58574391338a9496dbc583e5cb6ea66da9df17eb555b44c32faaf742664077e29bdc732
-
Filesize
2KB
MD5e04c30ddf4f7bb505ccfe4c33cf25c2a
SHA1dc219e37c20bd501c7bf5b0424f2ca2ce954d84d
SHA2562e0c370804287ed0e90157580fa5f461cde0d3b06e0655b89475163dccc9db71
SHA512a24921588a02f104406d68ea4c99fa9579fd2d8f78259feea49bb1b393e59dec55f1e911100435cd24c0a5d4c3d17272e4ab170f76c4dd1cb7e0e74100986c4c
-
Filesize
3KB
MD5549be830bf7c7fe81a490f575d156c62
SHA1a426bc40874cadc3f8cbf989148d546f10302b7c
SHA256c4a94f9c7b33e6512dae3a9fc879300e7abc10a3aebc843815bc550ae9344f8f
SHA512d170bd9499e8d452675bf62cfd8316bbac0280297899788571bf718f628853c6d04739ec22373a790bfe76133cf0f806ef9e8b08979cd856ab857367ac321742
-
Filesize
1KB
MD5f47bfa8780f7e4000d2060d9149e4a81
SHA165fc00f641016ba201a8127730a32e6f804d7d3c
SHA25667844e3ff3ff031ec6fed76ba293c05080256fc21aaf2827416c4801402f5a62
SHA512e2bfee20d75cdc1bdc68c2c0bbc89672e5c7698208192b2b109d0cf93a3fb00069eca32e0f71a83cd026b1a582f1b68fa05f281d1d85e4f32bc2c481032c6086
-
Filesize
6KB
MD54875220db9913fab9e8c0b4d38423ae1
SHA118f1cc2cf04594d469db5242484cb95a98aa7a47
SHA25675b2847643f270e959ab30f55b51ffc920e364171bea2135c0a7f5eb3248a20d
SHA512461249c574eb4d6e5176ef155640c4ce13a754e778fa2bebd82f945d0af54d7b5a2044455679e42b0201f1d5e7699e4ca964a8f7934e6d49018171805735d54e
-
Filesize
2KB
MD5ebd147b36b7fd15a1c62aeb25b8fc02f
SHA13def2a3909797f55f1c43287ec8b32902147ccfe
SHA256f1088fab6167f9d1428a2d2ca5ac8f3999061cb10fc077182d38356b59fefb20
SHA512382eb073587b33a824cc4d0c95cc719d88fe8e0249e3bff40957c31cafa890a6ffad7b64d88ef7ed95b87efc5a547a5ae2a4e97b9e33ee3762f0e0296089538b
-
Filesize
2KB
MD509c465828be44eefc3f35d7c792d10bb
SHA14301282a58664ca37f6f68e18abbb4a4ac01ff82
SHA25656e8987c006758e9b1eac3e5e9513e984c8359a28a20fa84e303bb89f95381ec
SHA51278638218c8baa53e7774246d2069660542ccad90003fa2aa9d3284cde2768f36b4f3f82b62a33d9680878c17f5ee5ce7be96cde103d681bc890121cba56519e5
-
Filesize
3KB
MD561131aceeac097063135bde0083d9a9c
SHA11d69aad7b955032c67dc26b0efac3c848118681b
SHA2561049090203c086e91f9aa5cfc5e2b0e12c45ca18e38f5ea6920b454e7800f7ec
SHA512c7b2198abc96e44bedd38e0938b7a4d4a41a6bc605a232737b4ec710684ee5cd33f3cf19f30848dbbf94d62908bc6c3571c74c89bf50ac337ba59569742f9d71
-
Filesize
2KB
MD55ae7e0526cc65a438a08d32759b32d90
SHA1c9d65ca2c3144f7b569eefa02bc095b348c3c49e
SHA256bc7b9d0f40b3733fb29839de5f6b3a6103262ab25451e8ec03178f0d93183142
SHA512068b217080c4e99429ec87c953a467a17c6385a9fedc664cc1c60f14db3a03dd4e6eae6cd8d23df6732512f5a021c4f6547979b3627aa38bc54c488da333b5f6
-
Filesize
2KB
MD5776925528d0adb8888184862ce3e4531
SHA16b2653a14892633abf274ca541aa0ea9f770a12f
SHA256cc1c48942d288ed61bb8f5c8e159bbef1d6d860659ef182bddca628879588d20
SHA5122d71d0fef5622249eb77bf05a54b4aecd7579dae57eedbcdb687250aebb74d36d39f663f5b837990ad6f2d56a259c8b83536c2253cd9b11a704ef01849b4421b
-
Filesize
230B
MD58f2ff3eb2b21253879b526cb3b5e5f2d
SHA1e014ff34ed217ae8bad168200448781d94a7e962
SHA25672dd5dffbc7398b8ea9828f4d00f2e1c9d1ff2e17f1fb68da01022bd282374a7
SHA5124a515d72d87fbc81829585885f1ba1b38ce86b189a78e229412cb5a234f9f66b9a37ecc8892afdf215adc52765a0f14cd6a1c288dae7a2357c2ef9ba9c2622f7
-
Filesize
4KB
MD5ed6bf91433c68635e7d77e5fdf9f8190
SHA1f494f8986de83ddbea0c1f297265232b71144dcc
SHA2568e1150f1ffc99366f7ac7adb1c8f8cff4b1d21476c3896acff5b38ff55b30ba8
SHA512d398dfb020fcca0acda00e1eb88430bd58685ff5c5bd1222615de9bf0537c36c1764246a04882d7b654cc9b3ed93ab722043c118d90e6396facc7fb96e1edae7
-
Filesize
4KB
MD5b221d8242808f98906b7b143cdffcdf9
SHA1ff5ed2f36bfd5a9911fa801c968675d0e954e207
SHA256e25997d287c756adf5cfbe63cec9b7bffed13f2d9e7ef790f3b3ed606dfe1f91
SHA5127bdf62084f6d22320e904a644b5ef553beb4216b5e654c1b43aa256b72e7a6ca422dc91389d452a790de63bf264e6d1b209f964cce3d6518a4454c17d6a6a4c9
-
Filesize
5KB
MD5ba7c3ef136287e2e555f1fca843706d0
SHA11d23e6b0d196ba0bdff917d97ad5d1cc3d2b1181
SHA256b23cbdfa9c5e9b4f9ae16b4335d2546400bd36188fd052d30753340cc91d3819
SHA512943d10f4ab6985f01e907d2291ebc845dfb17bae1120b955238cc5e2768ecf0526db9bfa2a5a3331e8f3512518daed4af7cfebdfb239dee2b08817269df69a6d
-
Filesize
3KB
MD56e13a42e6fd0892805abf4bb0cdf0315
SHA1fd859e23dd51c6e06df2f81fa69a212f3e968cb2
SHA2569a5f45d6b2dc4620ec486e777af7dc5dbc943e2c9a0fafe3221c41602059bd16
SHA5127c08d53a361e8b73ea49c08771e2104babd6deeb832b31b94e8345e32a973eeed90b8de33fd75872bb2d0fa0c3514a2c890c095aefd8b9b313c267550806ca4b
-
Filesize
3KB
MD5e52c225824596312041143823bb9e19c
SHA196473727200094de4ec128bac18027559167801b
SHA256397fce4d6ec0acfcd4b285cb774b8bc28d52f56f8210749b3737b9836ee06e01
SHA51227aaab067657713bdaec960489b7e32ef31912905ed8a13ad1cb994373b79e366c4c39396ab485a92045cefc8841affead3a6db1d16b969c83b1e313264c7297
-
Filesize
1018B
MD53a9adb52eae5d44c3612e4ae8c877f32
SHA1f66eb6e08382c0b73c44ad02412f6b29bb700a9d
SHA256f8d49533dc65bd79cd16e94c7d9ad3d3a311c195ea99d815d627b0866d8fbc4f
SHA5129b2dfbb9eb520732863b321f5a6e26decbd9e84062408c6a587b738dd03997edec2ef6a4910ebf639d25b0b3429079c21566ff326f5466e5ac1ec2935846205d
-
Filesize
3KB
MD543feb0a7f721f305996062f3f552e4df
SHA1d70e7882005b16e2267b73f6d5a0c3d6f14ba492
SHA256bda3c12ac769460e1920468d6186ee83533b539fc5f19fc7801670afc6077d7f
SHA512856cabfd1548c00446f121d8f1b985b8d1059642c253660a241f3434076d98f6c102a2dabea0479fd3e9ad943891b05abacf2c2755ab75ed627fc967cebbb18a
-
Filesize
2KB
MD51a07f86c0e9b7d8cc9a2dcb110b9008d
SHA16fc81e2de8fe1919684b04e2dcf77bf548557b1f
SHA256a6120b6e8a014a251339bea6568d2f00ff8bb571cd4146ead28b38e9c9424c5c
SHA5126771597f50cabbbadee083ecaf17c839512e30f91d450fe9da9d76555194e9317eec8fed5baf8ebfc459679094cb841095dc969d8e8beef0f1b51c8d5500bdae
-
Filesize
1KB
MD5de957fec788ac7617bebf9256038b6ae
SHA12d9ba69ab6cee9e80b0a23fe480089eb8e56f9e9
SHA256decf0951e1a7e335d1fefe4727fa8498a4337e94a6cecc330e8373dc221ef2ba
SHA512a5482695e9f0f2cf84f19c2626e3ae317b0dc675edf9ef94f8f6f5f6df46e9e8921018f64b7d13ef34b10652770686666e56d194aab4ab40e494132bc2e55140
-
Filesize
352B
MD5a0d0d2feaaab3d8cb7dde6d3d3859d9f
SHA1655d482f9af0b057d80edfdf3c0795d4cee327c1
SHA2563cd1dc85218c01e66cfcd7ff21c98d4786014f49b85ac19da0175ad8ca2ce74a
SHA5123c1330ba1717489d8aa53da884f3e1751fac47182236866e7d31d1fff3390b6ad9cbd926c240018c87d8cdc7d5864f9ee78209872aa3d725df99d81e7b7292da
-
Filesize
8KB
MD59f245cf743dac51f9cf491ac0e0c8518
SHA1b95d337e1b85a93fa6b7e4ffea6b73e5a6e4fb1c
SHA256530a6d789b04ce47cb7d08ad7404238d04ccdd047fa7c2916466497e1f5dd523
SHA5125a226321d91f47766e496f3d6f719d681cf5a626e22e43f837e96fc9e6050627cfbab6a96bd0d18ea11c264e57ee760d2e06c399b41fcfce06cec068eb2dcaee
-
Filesize
2KB
MD58f118ab5c65cd8afcf25fe1118f8472b
SHA17e6afd7fe0a8ecef5ff9a8124ccc51728b09653a
SHA25636b74c01d95c4c73a489963ad7d4f6dd7c5ebd058ef76217d9152beae04bf407
SHA512ac02444379992d563bdca4b13d763cde832fd5056aec50a2c4a5f3934e9b725afdb3d2a199c56f86bbd441a0ebb98b8d16313c62728600b385d29658b93d27eb
-
Filesize
415B
MD5084625b461cfc2c666448f033e3c8d07
SHA15ca28cd1e38b745ce53295c4f586e7adaec9fa26
SHA25691506c47f0bd2501c8fd66020e6ede1eb5b52ad0bf1c63ba6724ef9d4342ca8c
SHA512b981ee8850447a1f4d30cd8ddf33eeb3248a0e3f86309140a4c09d0a53f64d842f63f5b522b560a1d63825520652058bc5f4cb2706c7c18467c46107db160751
-
Filesize
4KB
MD5f7efc17a17465e381a11cb138ea7b5e9
SHA19df8ee9db9bff18b04cc6f9ae306e223334dd79b
SHA2566ee82e7616aa3620e13fea0b79bc3f40b41c025fa4b8fe20c7c134a869202cb8
SHA5122cd6d5b698c317ffcfeb6c49994314deb8baaa3dad3b6b44ab3af297fe0a503ed9293fd944d0ab4c5de102c5924dce9a3826f3632e25127b0770293bd5c2267f
-
Filesize
176B
MD559d2ce734aff68bde8a4b1247032128b
SHA1bf3c911d28f12eaa5ac97ca3a194aa8b63399733
SHA256ebb49216d07bffdb82bb3290911f155d919646b025f3204d187e98b7211e8028
SHA5123823ff0f125bfcedea8d748c72ae06cdd5b45fc7af2150f109777c38031bd3db13870411c22e178d744fdc9f6153bab775c13c913d529c3070af62b6c8f310ef
-
Filesize
38B
MD5237a4afd1fa1a5838a63521046f8996d
SHA1cd0295d6d69f945b4b3c7d09bedb2d10b0883cdc
SHA25686e0a4d4f900f574d917587d8767680fdedc64da8e542a31f08b5a06c3fe389b
SHA512f21e1d601912cf916394e4536731f3b21922355c9bad7d3ef11e27b6ac698115c8ead5a9ba5a36ab76b6408888dc3cd07a7c81c42ed24fd1de8985cd6bfb448d
-
Filesize
1KB
MD5d35de7990060d721194a58e29228eed5
SHA1894fcb4226c3349b899dbc5db8740259a59e0b21
SHA256473f956f44a8819911d5eb6593a2ff51bceffa369deaa91e6a4f8614c1b2f187
SHA5129f47e774a43c8467a07a1623a4d13427b4603d48d145b2217cda4b2564d0b72edbfef5a745f7fc1b3b65cdd1f0cee8ea90e5ab971d5b1edc7336392c946b72a0
-
Filesize
3KB
MD511b44f87d43509d2dbfb2b37d3f33aa8
SHA168ffc54d7273d77b56dfa7a71b301e76bade38e9
SHA256f8038050b9a2fab8fcf28899ad61c0a98f29f54d5c05a12d6d6cc07f2aa22652
SHA5124f3c609ae1b646a7401fb1b9d74c1e072ce45a0dd171ff2fe4ae7595e9bce8064e44191befac215f0e410b4420b13168caaffaeaa699e0571577c80bf113f1b1
-
Filesize
183KB
MD51cd739c16d1f4982c13f0e698dd8f3e3
SHA1841954974531da2518758e29b2be5d67e9886b2a
SHA25608d92bb2ed3e99c3678ddf9e5480aa73e1827c805c0c634b8f0b4e480d30a2bc
SHA51257ac2530e201cabbf01dcd26c01644fdca61254eac46794da2666f90d4f355e17b1fc252cf8494fd183b3da147219e47f269c936713d21c0b438e81520faa79f
-
Filesize
549B
MD54e9df130ac2fd7b8876937689b43a330
SHA18cedf02714ede42a4daf08edfe07e50f2fbcd81e
SHA256000b5e33567a7e5a2950f073b7009b1c3989843cdddcf7a151efe23032064627
SHA512e31a19a854b6cdf7639fedb509901e6a09eeb49ed3f4704db70500015b9c536af884f8929bac405df5b0906644ac6698a2096656b4da2c8b4399e9d8194c4e59
-
Filesize
375B
MD596938731aebf5ab0a3b7180e658b5a40
SHA1b3678c67aa57fd98cb961f208a8e4c04b56116b8
SHA2563e58a085755a56ff7b5173f17c633e005139b41736b66999f5cf31826ff036de
SHA512e7750724358c16d644bd2523111d7c8e71c0c7704d7e45655c97a0a736e8c99987004624baa01aae7b3ca8c7cdfa4c0ac601d7056001afc563dc5e087fea8f95
-
Filesize
196B
MD5c2415b56f6c99d89d7d92fe9e5da6899
SHA1e9f4340ecb4cff3e58845ca78af1b4addb61f09e
SHA256268f1483f9e70a3f0e203fc55b21b2ef079f2244dcd9c81c07b8b4cc716f0a28
SHA51231f3144b15af1444853e23382f9173e321409a5969f9add556c483dcfec0ade681ba2a2c3f5e7a1be9954747c1d93d7544d902202a707add91a4d7f5dba6aab8
-
Filesize
374B
MD5368ea20c39f2e589a28a40aea14346ae
SHA199e0c7d932959b52a643e63b446e359ad9a2eb15
SHA2566e1e0e624981ecb205b8bd8e3ce1d567270c396ba2b112d159eca8025bb4f721
SHA51244604fd75d1c445d9e7cd6aa18a8c6d59c43ec8bb3acdf269f19dc19f9d6f985b6a58d239e4b3b826086d785a331d0629d118f1043fe21579ee83a5d02f5cfce
-
Filesize
2KB
MD5173df217544abef919cef5b7cdd302f9
SHA11af9d2542e3c60ce5480cb260579c32af66f4710
SHA2569ad9c99d8ad2e9c0d0218c73c8ee83fffa43c20d8727f6454e7e94102f00f2dc
SHA512a1c5413b797846cb4452038164e3a9f7da233b6ae0ad00599efaa240618ad1988de40ad62593f0898f3d597d36362bcd6be6e2aaaf527b0ba1a6dd73a46eb112
-
Filesize
390B
MD5533c2365ced1151c88b7368ca8e52db4
SHA14651bb7ae0f9e55f1f55e2495a765065ee8e5fad
SHA256cdd88a00c9337d91b5580532ff62016666ccff3633108ac73142869391c80fed
SHA5121a86036a46b9704214038e2a9a6f4d3770484fc751047ce43bc9557ae73e6b92bc6901b27e0bdbae8e0eeb830011cde9aeb248039d8cb50f677653cd711d137b
-
Filesize
842B
MD5e83f4f330b2721d0e147421af1588a31
SHA1d73e20bbb56fbee8b1f558cbdeee901bd144a166
SHA2567e5e9537075469c44d89647e9a3bf273b2be43e2e0f7e594857e2a642fbfa197
SHA51256928fc65fff56f730c85d29f351e46bf0cf07c75e0aa0fd4636a14da41057a27d6d7c8ce9c80ef5e0023ee17d89d2e67ff6b96c19e5df0b7fc9a551a70f4763
-
Filesize
2KB
MD53ad5a15039e87c8c52ccedc2c88080f2
SHA15ba67abc1a537b9843b0fced5fe01d318549a995
SHA25637b3be60d8dbf575a01802ed4da8c116453d08d548a1cabcecae6163ac1c124d
SHA512c5dd34fe7cbe9a04a69dad5cfc79eed577d48219e043850597f7d7e394f9ed1b302c8a01b786ce3a85b27dae9a96117d2d2bd5ab8aa4c52a7eb39c4f241d68d2
-
Filesize
1KB
MD53d2691259b21c4938ae5017f94ebfec1
SHA14f2301b67cf521a4b810ab6637b60ba46f34d7e9
SHA256b50f8468f86b752a53c4b5d73df5adabc3077642d9f859379bd8b61b7cb7c412
SHA512761c05108caeb892120726c8e61c84cb75626e194daf7ee56683d0737e2421e13599125fded197d9362dae22e6ab30731fa09a48a15b504c97e3195749c5d5c7
-
Filesize
5KB
MD50c4c3f48b226bb3aeba04f0dfe9cf9dd
SHA141afc33950b41b7ecb9555d6930e80357d664369
SHA256b1009966caaa2b2a42934d748329d87f99e11e11ffe73af707f58d1ec6139467
SHA51268f6e0cdf89348a1be0a531f5c21138f602e412f1f928d30dbf4840113f3c5326fae09b6f2ea19309e916f11bdce600071ef3239f89186d7fe7ab0a8c2fc2d17
-
Filesize
4KB
MD5e5bcd49194c7daf37817a2460f07ef20
SHA12650725609b4176fcf6ad85b2217ad5b1fa6647f
SHA256b239ac89057198dc58892558deda3a49888c8ee99c147a8abf8eaa4901be0be7
SHA512d7044e471b64a92a095ae23f57700ec659158aa8311e8e6088ca3b43d494483a82a77ae5236d3d45dd3347db714cdbec8e1bb822e3e7d5466a03b1fdc86833b1
-
Filesize
4KB
MD594314cdb634bd75e2d3ad783de1b601c
SHA1c3950adcf67e86102e6555beef06ffef52da32e4
SHA256b33a99c640b91e111fb7149e4db3846461167f16a0de6d9a147a15464cc53016
SHA512e7c576b7a2100955b2789dc313dbe9ae0d607131dce1049ab06493dd2419e8f9dd619d6958ab2e5c3eaebcc4880a8551afdfc0e70660fbcc96ffaf444810137c
-
Filesize
6KB
MD5183a0fffc4942e56452dcf6ff8633fb9
SHA1168e8ccdba1b3dcc870e3ee60f5952b7b8c726ce
SHA2560ea9de68e973f05ee40a039f24aae9cba2b13e375fac64c46650732f3871708b
SHA512f47e7639c176efa9dde80661628e03ee3e75a6bf67af8e6a8f3d6cfd9592e51845cc09eb7fa62055c321908a991006c6af318a83162d2fbc89cc859d0035ef21
-
Filesize
913B
MD5b2a00eede52e0e17b52d9b1673242f83
SHA14064e3c9da9c2a44df89d7d54335de2228c33088
SHA256f3fb7fffd3a0f8c67d3cbc351965d0dd63128c00eeb5cdc79a3856ad89542ee9
SHA5124565da3fd932a5c6f80caf450a42fca69fc733040570a79db00360b5510ddde7c8d51f25f4e7bfd734196f8364f671a16ba1cf1c0cb2c6d79926e694bb8414d1
-
Filesize
1KB
MD529269864e20fed52190a0de7350807e6
SHA18a81cf40ad507bb80c48d9bcc4400aa60b1e50f6
SHA256b9d4c121941b0ce466939bbe4a8340b6520d1372498d5121517ce0e817cd7233
SHA512857fbd84883f8c818a73609d0f5203d20456c838670f1c2c1aba307edd3025be1dd96def920b2a014cf677cb01a4b49ef793ec097c2d7e626b6c2bd5e8e486d9
-
Filesize
2KB
MD5e96f840f42c0debcd82e720975e25086
SHA15a4d58efa7c5889045f37ff22d272cd174a5effa
SHA25678c4cb71c7ca02335e515825254153949db0f1e702075e2a98c4347b55032c6b
SHA51296a7b7a8ea03268a9fcb56eff982de55467b90feadcef12b51c62c53707671af8129ce10bb95cc5ad2ce4e4b4f0405944f0367b20bde7f98bfca5392dabb141e
-
Filesize
5KB
MD59560474be88b3e97dcf92484cc1db42c
SHA1d440c9249c6b9de42ef851fb861f2f8dbf8c9793
SHA256bb3a0e53340529fc66fb06d516e5877d187c730008e9dbe22b7f95e789a08434
SHA512e4cc354d2e8238901dd20331c893f13cb51e0199227a416c400cead0ab009c876d87dee05eafe6da3675a2c9474fd85748608d57fceef35a478a95b31263e9b7
-
Filesize
4KB
MD53017466ed2dab9571ca8f6df8eb63a9d
SHA1ec10ab5a0598fa7a1b991f3e663e872029e14520
SHA256bdbf0b8814db83de9695614de80bff9354acf9a56715f460a06e34e17e91f456
SHA512b0fa5e5ba84b653f06480a82f789c1b94d31cb33b465b3097f95b28111ee3c2bbc8521133f9a9870e6bd31cce4846562be2dd98ee9e201b0e30a45035d0e5b63
-
Filesize
5KB
MD5a010f10906fce5161f7bc47ba865b479
SHA1b5544793bc3c9f569fcc0b65e09f991d799dacab
SHA256b296494ee0c897af324efda462520d2a3f430fe2a1892860c51490b8f1584793
SHA512be64d80ad260249be25b9341e5f09bceddeb409da5815002224462672054142a24a6be2ec6e9a35e55d5e2020fea409a03f15870c06dfa80984b04cb23945f08
-
Filesize
4KB
MD58e8fcbd65c369678f08ee8441b24cff0
SHA13fa7f85a9c04159a65bc7ee03fa66fdcc0b53066
SHA256cdb59f0573af0bcd00d88878ed825f4ddaef9fd7256751e3a6f090631d8c1b03
SHA512e75dac22675fc5e8161bd2dadc10f320059b90cfd3c52a3cdb069dfa6efcfcb553e27b3d496932fcfdf20396ad8d034b0d0b45148295aa78c8fb2bae8e239a76
-
Filesize
13KB
MD54b375759e7038c54d1291fd2ebabdc98
SHA18d69a329a3b71c66ee2baad60410372f26d48745
SHA25624ab6203334e956e39065b9e59f5bb3c161adf7e51c730b0a7b97bb3bb245d48
SHA512c1840dd2130afca04562e5a04a28f05b2f8585482a38f988bc22e8e67177d9a9f7eb96b247a4ec52bd121d22804a6429947d8a2a8da90a8a854015d3e325b7ef
-
Filesize
24B
MD5bd3ab1a6bea7985c395d99e47d0ab3e1
SHA1fce94745c785ddd01f7770c629ca43ce0a9e32e9
SHA256188e2b4a2aa8ad07a5a4e84d4ae3d385a1092c0ea1dd04d6af6fd135f372d717
SHA5126be5a7c57ae749e270c150a0b43d7ef8497181333debd0d46ed7e89cfa67ec3b5cb963f28bb50ffd4913a806813d800536b79b1644a50df1e63a87c6019ac7a9
-
Filesize
114B
MD567f4ab2227a7cfb14c59b4c2694f6f80
SHA1f73e351bcff942cd6cbf06763ef249dabb317883
SHA256e53ff0bf274d17101202ff3192525ea9240b4ae44b32729387368e78be6f9c75
SHA512ca39cf6d61a1656e2f5e60e27616222e4704ff1b7ef270459f021f2f4eb893701a846548473a10b2358da0453ba8c8f1c74e699fd2420cdb1144881769e8ffde
-
Filesize
28B
MD5bc16ac05371be03182357cad363ff1f9
SHA1773c12c0ea75cfd2ced626105efe4ffed5c7c24e
SHA25611195bcc1236dd7ca7605e86f46795f5e4cf9fbf194af22ccc9cef9faa9e5139
SHA5121495a51b248da1f6f139abff9430e690ff2733638efdcef80f1e5e6148af7f99167bb25607197eefc160c9924bce3b795c70f628cc3d68ad4ba095fedb9f62b2
-
Filesize
46B
MD5793a6d0b32c52fedaf7fc24b8cd0be27
SHA1d5254a1c8394f7616fac3c5ee2ea519af93fab9f
SHA256934170315aab1b90f7b57903b6c2d7810a0a2b7a8efada2e9151864a8260c6c5
SHA512268f6c757c17187aa7c42aea5fadbf62444474a6a6a876932cbed2d3c98e335c2f88428eb23d81552f077264e84056427c77dc41521a6bf751cc25c5446b3cfa
-
Filesize
2KB
MD5ad3c99c968550d63963b8e5b82280931
SHA1c089d4b3e063a51642a6a9750b69ee277ce4e35a
SHA256179610eb023884614db78385c2901926ef9990991b61fb7ab188c4d069f638bd
SHA512867766b4a7d9dc7512991e61dd00a6219a9b0e4ca200d34cd48b29aff3ebdfb8f5482683eee9a269fc76d03e1539a217a855fc6ba6b80911a5a8f717b7546e72
-
Filesize
42B
MD5a9923bc4d1a7e09bc7e5d9ec0a489966
SHA1d72ce3ac7a84d9266d7491b3441784ce730314d9
SHA256675267a42848559bd983142d7837de4704ba52b59323f91dc68e3e8d87e6a850
SHA5129d29f45e5451c9fcfe5624c37c9e44348620ab2f34ce5d108f26805ee286383cfa8aad59060e5be1e89537a0d39b05ed434e50bc171bb21ebfde0badc962a5b5
-
Filesize
29B
MD572303a715a32df6584ce495ea306caea
SHA1925e924972522f6cb94c91ae3abd2fe6a89a3347
SHA2568d1810a96c077539cd37e6b3984bcf103f7a92686ba8a1fc4ee6fd83ca1ed8de
SHA512532ed6bb6c596bbcc21fc8cc5b3f01e234eddb18a781bcb551a25f1184fbeac8569711be8645ab25af502cc2290f66e83731302c29108fba091b4d81a2d4d186
-
Filesize
42B
MD59422048b1fe291b6ace63d259dc193eb
SHA128a98200e8a398bdf606ecb678ea92e12c1d259b
SHA256debd37e0dceb2a9cd8efc48f954e6ebf4785a35584ad9ac5c60149762eb18e31
SHA51218a2180923b0aa08ab6afdd6baebef6be6cc04e66becc63220b72913ebe18bdf187e6e39e69f51eaf5bae4068e280e9a57f6e17897e0ee14ba7b16417a9a23fd
-
Filesize
148B
MD50d58bb65ed030a065524af4d4ffed83a
SHA18cefe4e1bd255560828e9e22188b9718b6be9482
SHA256b30556fd5642969b6e9c32dd9c706c48d588f7f2890bdec271721b01007577f6
SHA5124ab7001089060e8f4a52ae52f7a6674cc7a3195acb0b671a08df223b20700d3bca1c6805c9fd1f15c96c485f0294a3a49d058d99dd01283a352ffd6de10cbbfd
-
Filesize
126B
MD5b5e599caa589191a142c1dbd35ea7811
SHA18954797a6e1a84bbe600a5462bbc1f298b0dd19b
SHA256d4ae1012ebfd825f43240e0382ff355764d60a72aad15512a05e56192e6cbf74
SHA512caaf9c80f2243e33025626170b1593ad6a56c8e2a6230d5cfb826a0f82e76826a20ad3cd545b817dd70ab730066a8f90a271cea073931b2c8ca7de06fffd5ad3
-
Filesize
246B
MD5e5af224008d7c5687ca0f8e463543f51
SHA1ea16de89549cf6f992ae299ccec06eb6fc7a04c7
SHA2568a1cd2c553f93a5d600e50e1a34be91f0b86b8452e1808ea7c87252ad5d9736b
SHA512915c4aa2650e00fde13f6c2c52499c6fcc2e05c89936959aa88ae5dfabccf075764d20fac83a826d6da4c9667c83c52f8bb20e1738978ef350ed486adeb5a7fb
-
Filesize
125B
MD5954561b97dd3792b53ff2b9cc8c66869
SHA1007e3a7039332046fb8a107f2aae2c0b53d29b1f
SHA256569ac7e4d79b6e2e70b872bd8fed1848195a52628781f5f133ecab81aae9ad3a
SHA51258ef86d3a514aaf62918646f018d496b9be6435c5369b7965415539621652a348b0ba8c2907d49a747d8a00801b6d41a06bbef360724da146d5643e45ea3b013
-
Filesize
148B
MD52cead71451c5f4d665b2a559811b97e8
SHA1fbf71c4846de482d9a30846e4d6fd8e96442c702
SHA2562c2aa585ecf6ef9169caeadffe990ffdcf8fce41683cfb1e425546d88c571914
SHA5122a4b700b2aafee8a59a326969e61421c746e35957aa425eb3f4d5d7ac0dc93192b6bae5720be2b2b06f9bb6f49c1a1224f711f553dfe7bf4b9258ac64b8cd3e8
-
Filesize
256B
MD5706d6d6db1af3a589786a3ae784fb914
SHA1a2d20c4ae85de9b735e1b1663111eda4e297ba0d
SHA256e2cb09430c65753f3dcf96c8ab0a5dbc74e43f1eab1618e8fa89a3461ecb3c70
SHA512a93df46f0c4b21b734b6def833f4123aa4f038ae6b1c1374f94d5520972ffc019c90e094ae82a135e0c8d0f5abdb106e177eb711a07c15f8b07ab83a39bb7cfd
-
Filesize
1KB
MD52d4ce00c62ab34da2c5f7fcc6c69e339
SHA17cfb09ecf5e19d58879aa749cc8b47f8eeb5eef3
SHA2561eba614205b40eba7af714fb8642f363cb1f009262d50e181a3500b35ae1e4ab
SHA512ab86fe515ea3b22c5469bfff0f90451ef40e19b5925291d9ef7c202f13b1fcb3b47993bdfe3c05f872132a67b8e986cfdb9a81b2f40df62fd6ff0ad51db984ea