Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
65s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01/02/2025, 13:22
Static task
static1
Behavioral task
behavioral1
Sample
2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe
Resource
win7-20240903-en
General
-
Target
2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe
-
Size
9.3MB
-
MD5
48f47dfef969ad187f63e6a2e7d8d4be
-
SHA1
89941f5a93da8c7e679800714c794f21e8aa397a
-
SHA256
64d8228ab44e493d6574e34b4642c97ee4127e4d0c422dc6e5b1bc8b0dcf6fb1
-
SHA512
4d0fbc54b983c89977578ad28e4633b019087b371a6bd124990b44382b5ce5633c2542ecde841739153d1a3f87b47fb63877857c940558446aef4fdfcc1eba15
-
SSDEEP
196608:DzzoF/uD9jckrCFsu3iqo/U0/YIBjWrqufezvnU72:DHOeCz0/YojW2uGz/U72
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Modifies firewall policy service 3 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Sality family
-
UAC bypass 3 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Windows security bypass 2 TTPs 6 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Executes dropped EXE 3 IoCs
pid Process 952 lite_installer.exe 2252 seederexe.exe 5000 sender.exe -
Loads dropped DLL 13 IoCs
pid Process 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 1372 MsiExec.exe 2252 seederexe.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 7 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Blocklisted process makes network request 2 IoCs
flow pid Process 12 2732 msiexec.exe 13 2732 msiexec.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\J: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\T: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\Y: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\K: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\M: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\Q: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\S: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\U: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\A: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\I: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\Z: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\O: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\V: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\W: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\X: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\G: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\H: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\N: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\P: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\R: 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe File opened (read-only) \??\Z: msiexec.exe -
resource yara_rule behavioral1/memory/2236-0-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-8-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-10-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-6-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-22-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-7-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-9-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-24-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-26-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-25-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-120-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-122-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-137-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-161-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-163-0x00000000026F0000-0x000000000377E000-memory.dmp upx behavioral1/memory/2236-334-0x00000000026F0000-0x000000000377E000-memory.dmp upx -
Drops file in Windows directory 17 IoCs
description ioc Process File created C:\Windows\Installer\f776826.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI7D03.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI7D32.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI77C3.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI8523.tmp msiexec.exe File opened for modification C:\Windows\Installer\f776825.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI6B33.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI7745.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File opened for modification C:\Windows\Installer\MSI82C1.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI84A6.tmp msiexec.exe File opened for modification C:\Windows\Installer\f776826.ipi msiexec.exe File created C:\Windows\Installer\f776825.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI7CB4.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI7D91.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI7DF0.tmp msiexec.exe File opened for modification C:\Windows\SYSTEM.INI 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lite_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language seederexe.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sender.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main seederexe.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes seederexe.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 2732 msiexec.exe 2732 msiexec.exe 952 lite_installer.exe 952 lite_installer.exe 952 lite_installer.exe 952 lite_installer.exe 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 2252 seederexe.exe 5000 sender.exe 5000 sender.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeShutdownPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeIncreaseQuotaPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe Token: SeSecurityPrivilege 2732 msiexec.exe Token: SeCreateTokenPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeAssignPrimaryTokenPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeLockMemoryPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeIncreaseQuotaPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeMachineAccountPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeTcbPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeSecurityPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeTakeOwnershipPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeLoadDriverPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeSystemProfilePrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeSystemtimePrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeProfSingleProcessPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeIncBasePriorityPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeCreatePagefilePrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeCreatePermanentPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeBackupPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeRestorePrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeShutdownPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeDebugPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeAuditPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeSystemEnvironmentPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeChangeNotifyPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeRemoteShutdownPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeUndockPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeSyncAgentPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeEnableDelegationPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeManageVolumePrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeImpersonatePrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeCreateGlobalPrivilege 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe Token: SeRestorePrivilege 2732 msiexec.exe Token: SeTakeOwnershipPrivilege 2732 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe -
Suspicious use of WriteProcessMemory 32 IoCs
description pid Process procid_target PID 2236 wrote to memory of 1120 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 19 PID 2236 wrote to memory of 1180 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 20 PID 2236 wrote to memory of 1236 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 21 PID 2236 wrote to memory of 1132 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 23 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 2732 wrote to memory of 1372 2732 msiexec.exe 31 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 1372 wrote to memory of 952 1372 MsiExec.exe 32 PID 2236 wrote to memory of 1120 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 19 PID 2236 wrote to memory of 1180 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 20 PID 2236 wrote to memory of 1236 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 21 PID 2236 wrote to memory of 1132 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 23 PID 2236 wrote to memory of 1372 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 31 PID 2236 wrote to memory of 1372 2236 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe 31 PID 1372 wrote to memory of 2252 1372 MsiExec.exe 33 PID 1372 wrote to memory of 2252 1372 MsiExec.exe 33 PID 1372 wrote to memory of 2252 1372 MsiExec.exe 33 PID 1372 wrote to memory of 2252 1372 MsiExec.exe 33 PID 2252 wrote to memory of 5000 2252 seederexe.exe 34 PID 2252 wrote to memory of 5000 2252 seederexe.exe 34 PID 2252 wrote to memory of 5000 2252 seederexe.exe 34 PID 2252 wrote to memory of 5000 2252 seederexe.exe 34 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵PID:1120
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵PID:1180
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1236
-
C:\Users\Admin\AppData\Local\Temp\2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2025-02-01_48f47dfef969ad187f63e6a2e7d8d4be_hawkeye_luca-stealer_magniber.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2236
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:1132
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C7A4D96931C024DEA524AA32C0B1CE272⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1372 -
C:\Users\Admin\AppData\Local\Temp\0269B718-FE8C-4971-93B1-CBB48E417FB3\lite_installer.exe"C:\Users\Admin\AppData\Local\Temp\0269B718-FE8C-4971-93B1-CBB48E417FB3\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:952
-
-
C:\Users\Admin\AppData\Local\Temp\9DE9FAC5-0BCA-49EB-9FF7-CAFE5A2EDDCD\seederexe.exe"C:\Users\Admin\AppData\Local\Temp\9DE9FAC5-0BCA-49EB-9FF7-CAFE5A2EDDCD\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--yabm=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\41A94272-124A-4698-9F4A-B7E32F661416\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Users\Admin\AppData\Local\Temp\41A94272-124A-4698-9F4A-B7E32F661416\sender.exeC:\Users\Admin\AppData\Local\Temp\41A94272-124A-4698-9F4A-B7E32F661416\sender.exe --send "/status.xml?clid=2356518&uuid=8e0e67ce-E990-47EC-9E0B-4C7CDBBF62d3&vnt=Windows 7x64&file-no=6%0A15%0A25%0A38%0A45%0A57%0A59%0A106%0A108%0A111%0A125%0A129%0A"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
575B
MD55fa5a3dbda40b535307951195737378f
SHA1b30bb7800b43b9439908aa4767e9f31bf67033a4
SHA2569ae2abd142946e5875821fb2840428418207bbeac858a25c06ad802667ee1f77
SHA51274a82566305bad53831cdfdf26e3ff31fffb0b7bbbc838cb4d9af6599bf8ee18e036e68549e476b09e5cb1b1cfc9f551f002679120affc6d2de11c7e73ab36a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501
Filesize1KB
MD5cf2a5a3809235ebba751384bd6db2ccd
SHA1bc980d4d2383d8449bbd926a4d4e6fe8d8479fe9
SHA25684d32b90192f8a3f3abb091af2ce224d0f1fe8979a6c4a932ceff41394d93694
SHA5122af40084aa1aae46360f4dbc90d629d8357c16e20da5c0551b8c724d5790a9eadccc917c39a1541c15ef6c915edd59943e7bfde3910afaaf01c44fd29a06d611
-
Filesize
1KB
MD52ffbdb98df2a2b022a48adeb94a3af50
SHA16c86923b5c5832bb102f041cb7d38db397074f12
SHA256dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd
SHA512a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0
Filesize5B
MD55bfa51f3a417b98e7443eca90fc94703
SHA18c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA5124cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501
Filesize508B
MD5309dcc54850f4a77af4c78e0ba6115ad
SHA1192a66ce805c886ed85c80f9deb4ce947a9ddc78
SHA2563aeda87858c3eeccd76d1245acacb3a029bba279619d4252ceb206fe42db6548
SHA5129d85c33539595b524b6b100c125f2a6e798dc2f28379f9a98d98d8e961bd3601e4a973253ef623309a2c0ed769a0473552aeadc2ef3f0ec522239f76df9421d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573d1cad2d71d76ddf4a7935e92d12489
SHA1fcfba9d2f690ab9bf5060c6f3d8eb2a7c8673d4d
SHA256facbbb05c08be1bf9c31c1d74cd2a32c589205dc7af8462648edc2ee516862b5
SHA512d8721645faf70a64e9fe238478e1fa182d3573e2926f88691d804bc5769646d08737b3b06cbe7478ebba629147c81bed12f260bbc6a8ab26a08aeda63111c853
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4
Filesize208B
MD5a8cfed0bfd571d30e68b989e7ffbaacf
SHA1f56d41d246d6d65928c7def0a250736f484ef5f7
SHA256207a4c07e799c91ef1b1a5deff5898feeb6c136d86c30bc0934089e126690a6c
SHA512a7c220a17740830163c9b779c3819b582d1f6bcb5d8a4ab96428255f6287ca3f849261787163aa92401aeb0060e55b85ba70822e8fe7f43772dcd14762b71b06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0
Filesize440B
MD5f44b01b013c7e6404693c1f91244ab2e
SHA19705f1e8c5d6d45f246539b3dc7c3969c027961d
SHA256616f4b74aad48fb234cf91d09944c81c682e15dc44e322207fdc04249f46d1b8
SHA51286071b9f3ac2eb4ce02c7366df058bcbdc8ac6f02c2ce6944224ca9cbdc7d959d0e58eb5385b615dde79be94e5b095dd62d612a409551413fddff4ec0eeab102
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
41.3MB
MD51d6cfd7db58008d1b44328c5a3a4220c
SHA18e8304bfd7a73b9ae8415b6cbd273e612868a2b2
SHA256915e46dcc29d6fee123c4b8e88d846ac95ffd4a6f4eb956dc882d305ee1b8256
SHA5124c17160aa83abeff897462f981226902dd6694817ad95f246511fc63c637bdffa0989a3db00c4309fa673a13b4993c509df538ddad482d1be8b4058749ee93f2
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
36KB
MD5afbb621958da9610e48dc0859bef9bc7
SHA1d7829f2b0b6d5806d0a3475f0bd0a5cb55659a5f
SHA2564da6075bae94254fa6f5617867d7ab59f346290f452ae77976aaa1c232082580
SHA5125374a6acd2adeaf451ca97b036b107f6cbf99383f5f908a0e4e9e77262d66bc7fa83c6a7a9f43f0e1dbb4b9284a8f1ef0b962d498fda51c2a66252ef42404036
-
Filesize
530B
MD5f3d88b6aee939fb2f3bea9b96e7ce864
SHA1c52ebab399be03b6688fd6f760f26dd097797dd8
SHA256dd529a9578d15a17402564aeef13a93312c320f5c7a97ac1a94967ad05f0ca5e
SHA512b701cf836c481da53fe1a60101735f730a23a4e2c1695e38ad94a96c810421b93a74770eabb80d8a69970c23aac847a80eed19c7bf54be02323177a942c6e7af
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize2KB
MD550c58018a3ca0cfd155c4ae9ffb7c4ba
SHA1804a0abd754d065e93f867db86d0f24f5c262fff
SHA2566f14749d142383dc6eb5ed79e6a83d54c57f93fa90e86fba01ae8937353688eb
SHA512b59ef7d29539662ba355d518efc7acd5e192fa9df8fdb3098984a1b90ce4fe8a1fe3e96404a38806bbc890e1f636881b15a1ef8fe54642465cfdb98cad78866c
-
Filesize
8.9MB
MD585dca9499320b4697760756af08578db
SHA116c683f0e22d186bea2b44eeb3f395554feaf5a5
SHA256ea3a74162d382da92f23d922548e09a432a893a6abc4dc92580fd7f0e49f0767
SHA5127979b02400a9147f547a9af0deefede034e39636345978f57302ab70753967ff62b402757aaab84967200d4aeead63d2b7440997579e90160c850c91a29e1eb2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5nwvfgbl.Admin\places.sqlite-20250201132249.256000.backup
Filesize68KB
MD558b4f36e4874cbc6a0a930e91ffb2c89
SHA1207138ddac715a55c24babb609fb1a480658f3f6
SHA25669d959aa7616101ea0d194cbb3afa08047ea7a9d169ca72a9d375f7e96125e48
SHA512cd6b989135fa8d7951606e1ff1285fe3f2ac2859414a4c88b3b7c71e02c765988775ce60d4e382183528d55cffdfd9fb08be1e9b96f692ad50ba473a9f84edee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5nwvfgbl.default-release\extensions\staged\[email protected]
Filesize1KB
MD55a40649cf7f6923e1e00e67a8e5fc6c8
SHA1fc849b64b31f2b3d955f0cb205db6921eacc1b53
SHA2566d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a
SHA5120fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5nwvfgbl.default-release\extensions\staged\[email protected]
Filesize688KB
MD5ab6d42f949df8d7e6a48c07e9b0d86e0
SHA11830399574b1973e2272e5dcc368c4c10dbbe06b
SHA256205ebf52c47b42fa0ad1a734a1d882d96b567e15a32b19bdb907562db8ea09e2
SHA5126c4f9bb726384c87b6523e08339f7821ad4ec8717b26db902ca51df74eb89b46e4ded1504a131683b07b2bba3e6e911a549a8a83b2aad3971047c0fe315a1ad5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5nwvfgbl.default-release\extensions\staged\[email protected]
Filesize5KB
MD5856242624386f56874a3f3e71d7993f4
SHA196d3199c5eebb0d48c944050fbc753535ee09801
SHA256d86ed80d2a9e4e1af843a991a6553a2fefd5433b2144be0cfb63a2f18deb86be
SHA51276d440fe2ed535677a1d249b289463bfedfc5d2afc0e269e4593bb113393f165856c07117735cf3e5a230b5d04a61c7126df24a466594d8c27b47b2047834a09
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5nwvfgbl.default-release\extensions\staged\[email protected]
Filesize1.7MB
MD5e68cea8c6d4b16641f30dd930a952ebb
SHA17e8c4b51e6e56f35a2983ab6cb121341aeda565c
SHA256a7f3f788323a12158d66f341c4711d71fc2244a2b07a68fb8df4baec0ff76f35
SHA51296351e36a4c5020ed464b96b72bb3063db819981440bde7c6c3a50f7fe470e1d70f0350ec7c4bcd4808fcabe2ddfbdebfc7039ae2248c1455e2245f53ce44ec0
-
Filesize
1KB
MD53adec702d4472e3252ca8b58af62247c
SHA135d1d2f90b80dca80ad398f411c93fe8aef07435
SHA2562b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335
SHA5127562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0
-
Filesize
313B
MD5af006f1bcc57b11c3478be8babc036a8
SHA1c3bb4fa8c905565ca6a1f218e39fe7494910891e
SHA256ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c
SHA5123d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af
-
Filesize
36B
MD5c8de61a759abfa1ce679c62637ae3825
SHA12ff944964d551a6ba099a6931ba2a73a06b0d032
SHA25637fe06bb631f53147de9358beab2c440ee56af830b7d8943c5889221528b58fc
SHA5124d9cac9f9817567af9d70eb67362565a757c763be5568c0fe0543346bd261ce5ee3fb7acb29e98e91ca0114d2c4f8177b4c9f3110a0c214b1294c0011f690adb
-
Filesize
183KB
MD5397ab476de3fa72a10b8712d4adae0fb
SHA142937a6467beb0ed70bc443e03d401ec7e4954e7
SHA256fb393e8c6366d4b8b27fc5e7b708380f4949e2ff911822745cb0c1a9b8ad3add
SHA5126c9fc9485c09da4316364d8135fc76a72600247966f0807f2fbed8ef4de17afdd9cd55456f31b0ccef369cf05900e9e6deeadfc8f1a8e9d38c33eed1114ed85b
-
Filesize
190KB
MD53eaa3733c0a1c79d15ff9bd0ea8ec80d
SHA17c5f9331d8c8cc4fb316e25045fafc5438db6efc
SHA25642747eb3321242ef4c551f1e0f3dc2891a72b5d24aae685b199751216162962b
SHA5126bee660636049122b9b729c6568d5a9997deb323808b6de5c02ae4631874f5b186ccafe31f2103a90457f9b76141f1bee31f787a2fe836c4df9e3deed3713c1b
-
Filesize
423KB
MD50c03eb93d1ffa26e3958048d1b2bfbdf
SHA1acdcf4dd3c374642f8ef7dc7399d847cf57a973a
SHA2564f789f9f51cbd3195baaf81e50ea15b544ed46dfff28ba4f1b0e746248ca1422
SHA5128b3cc62e7951cec605ece2835e8160cf5796074e2e5d3690920f74ab84815b106aa52b73ead708fafd583cb86e774a8bf2198693994684d00dddb265398490d2
-
Filesize
264KB
MD5fa6fad99d5d7ea5fcae4fe1d3a4f0038
SHA1af23126f210ec5fcea7ec51db519c68be1b4d362
SHA2563936b42d82e12f01d80af3c9f677772082a06211c4d6172198af31696c99b3fc
SHA5122211694fe9454c7ba380435ef9cc75a3e1868e732aa174c7884cac9a18ffcfc75fbcf23aba71cc1c66252ef4ea2ba58015fed3b1829fe771d887a5fd9b6b34a5
-
Filesize
7.4MB
MD5a7483df6aaf185af61a2d6122ae2b12b
SHA1463c6b8ecc4ecd9af05f5b738651b9c99e77195a
SHA256f7c56249239800c74ce1e24c042f7207c0a9fca323a7bda0125c72f1bcaf10a0
SHA5126393e62b224a5ab630016f3b275f78aafbc0144798ab98f817813087a9fe3c138cb28c7fef34a40269a887415f49f2108c3fce8b1b77655e7ebd6b4670286b58