Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
187s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 07:43
Static task
static1
Behavioral task
behavioral1
Sample
8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
Resource
win7-20231215-en
General
-
Target
8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
-
Size
1.8MB
-
MD5
0f755611f46a8c95abf839fc096fab6d
-
SHA1
6e5671c63cfc538718c6ddc4390730d81f83cd31
-
SHA256
8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db
-
SHA512
17ca3184c6dee6590d922310dacf3bb79633af1fcd9fcff5f821400f403f462aff0346fc070d9f7089aa0d85b78828a6ab6dad5acc71cfaf0ca7b1af82031fe5
-
SSDEEP
49152:Hx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAGgDUYmvFur31yAipQCtXxc0H:HvbjVkjjCAzJ0U7dG1yfpVBlH
Malware Config
Signatures
-
Executes dropped EXE 12 IoCs
pid Process 3672 alg.exe 4764 DiagnosticsHub.StandardCollector.Service.exe 412 fxssvc.exe 4288 elevation_service.exe 2828 elevation_service.exe 1376 maintenanceservice.exe 2008 msdtc.exe 3520 OSE.EXE 4208 PerceptionSimulationService.exe 3868 perfhost.exe 2768 locator.exe 4856 SensorDataService.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 25 IoCs
description ioc Process File opened for modification C:\Windows\system32\AppVClient.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\9e6d45dae04146c8.bin alg.exe File opened for modification C:\Windows\system32\fxssvc.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\System32\msdtc.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\msiexec.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\System32\SensorDataService.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\locator.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_vi.dll 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe alg.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdate.dll 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_de.dll 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Temp\GUT2026.tmp 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7z.exe alg.exe File opened for modification C:\Program Files\dotnet\dotnet.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_ta.dll 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_ur.dll 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108421\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\GoogleUpdateOnDemand.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File created C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_et.dll 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe -
Checks SCSI registry key(s) 3 TTPs 36 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 4764 DiagnosticsHub.StandardCollector.Service.exe 4764 DiagnosticsHub.StandardCollector.Service.exe 4764 DiagnosticsHub.StandardCollector.Service.exe 4764 DiagnosticsHub.StandardCollector.Service.exe 4764 DiagnosticsHub.StandardCollector.Service.exe 4764 DiagnosticsHub.StandardCollector.Service.exe 4764 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 668 Process not Found 668 Process not Found -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 4876 8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe Token: SeAuditPrivilege 412 fxssvc.exe Token: SeDebugPrivilege 3672 alg.exe Token: SeDebugPrivilege 3672 alg.exe Token: SeDebugPrivilege 3672 alg.exe Token: SeDebugPrivilege 4764 DiagnosticsHub.StandardCollector.Service.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe"C:\Users\Admin\AppData\Local\Temp\8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4876
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3672
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:2796
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4764
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:412
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2828
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4288
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:1376
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2008
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:3520
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:4208
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:3868
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:2768
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5654808ed8b191a078a579a7107bea79b
SHA1c37bcbdadda9c0e2cff7652ac9bc6b23945bda56
SHA25678b1dcd879b113043df4f4459a9830463b48c00e50caada23191adc585fb04f8
SHA512074cb15df34fdad04c32a3cba604214e97b30b785d055a1f7d7c1ea46055d6ac7e121f6c6453b15afff128b05e95dca434fd500ecc68efb0859b45b8b3162d8c
-
Filesize
80KB
MD5c235c63bbd0c4a8197b29bc7958c6dcc
SHA11a51f07ab1efbf0b917e0ba2f3e64358e58c7f16
SHA2563ecb344397cf55c1f6f4a5b335c95df3641b43df1407b641c29a85e49d8caf5f
SHA512cae8d405cfb6ace8c65450252dfec82c34828d24d0d75830e671a7fc19d4be28f8df3b3313d71cb704990c1d81340a5edb01599c6b052d7732393ad07bc7e8de
-
Filesize
77KB
MD54a146e19b6c8e81f83afb06aadfbf16a
SHA11b04021456612b5f481a72a858031821d127bbd8
SHA25681afa99e9b08e913022e4bd30968c92bb5c911cc3889071ec12272ad0fea2b88
SHA5121e76868f31a7c310b88451d1c559c447e52347a59183359f48ef4a9fa98c40a437f4b07f248ea29abb2523a743bfe9f462abe3f05e1e6066876a4b9647bd9343
-
Filesize
896KB
MD52238a61118c2cf37afa5965562a3b87e
SHA13f2f804f82309475fca78fa1d7e49a1fcd3c5d19
SHA256d496de982f9318dc43bc2d6490951470bee27695f86f798ea85104ee119993ae
SHA512c931df355cc89bc4fe09b75f3c5759b185c5a7bf101575856cb119fc0689e1fa85abd8fa7bd2c37832016cd9203aff02f59a36c802c28dc5ff8a3e42d20548c8
-
Filesize
352KB
MD57e7bfbafbf43f42572ef5e153613841d
SHA18125589b8ca8756b819281dda13be87501b0fc71
SHA2561a8a3bb9863dfbf708a10bb8ae95999d3353cf826e21582939b98496e3c129eb
SHA512b906d9583556a3f3d4afdde95eb11f2402bb71c5ec7374dfc2b98cb2d452a39a0d0ace2599ab8be763e365cd4698d3e1d786aacb301157c9f40d91aa0cb60601
-
Filesize
128KB
MD559f69121637e41ab24bd52f487ffde58
SHA18c611abe3b1be9eb8cb9086f6a669d155baa65e5
SHA2560075ec1ebf5de4dd20c73164e2765d32d63b5f3f2c66e0e37d8d19a517342f5a
SHA51236e838f106d64f665837deef58d0bb15e95735f9ae196436ef97d60ebd6e37250a73af24e77d0f5b17a92e78fcf31845f122fb4f3146fe8176bc848f9dbc0daf
-
Filesize
439KB
MD537ad56f304882c1a6649673d57ca85b4
SHA10fc84e00b5c5d9c3363f6e352a92e94a4f3ea3e6
SHA256d6426364fbea1134be52005a1fedfd2757d4b423d21821be5b66df916d61b4eb
SHA5127f022e5cdd640bc20c100745c0e4e48afc729e8388413c58dcd5b84e4ac932082891caee7185b688547f461a8c6baec4fd92ef1290b6300443e27f4dfb3414f6
-
Filesize
280KB
MD55a7d58d25e3b48ba8194197563ec7e35
SHA1f8b43829c8159ff21a79bb0b016779f9f1abc156
SHA256e8b9e8ca59a89460e9f693f463d389f622ec27248e9bd5712d7a2f1b4e543c72
SHA51225e9163008df5fd4c0b3758398f0940d44a47a1d98a702f590f553e397bc209be9f7058408d3f366d4e6a1916a97c830b78aafe7bd1aa62104663d7508ddb3a8
-
Filesize
480KB
MD57aaaf00114bf700fa7691e28f57770dd
SHA1189a5c54a2970a9d9eabc1d28d59ff0f312e9d41
SHA25611624179e4628c83bbf68f723e3b9988408b14999c0c5921ee7c1f2208994dc6
SHA51292d9c01d3a86da1ae48013967e2c4cb1f16643560e162fbc413b36c78f82a21094b14db867e9d7f17b1183d7b0c691b8ea654b25dead0174cd95470338f55863
-
Filesize
686KB
MD57bd35e2b22e250c287c86f081a1efa8e
SHA14a3863f7fc7c32f192174a192e80bda9fb7cd088
SHA25609414bdba2db291db5d9c267ce04bb3c56b89b890d69b06739138f81005fbc3f
SHA512fc1d88fa1582da23f0392754718576211775daaa45ee41435fd56ee1a9927a7bdb4af4416f008cdccef8dacfa3669a63089aa257523952283ca98a1d5e5b2ba1
-
Filesize
255KB
MD5061035aaf42f2362f4c22a33270025e0
SHA1ee6330703e5a9a2aaf03217fd15792c252ea294d
SHA256eac9e97946ad33cf0ddb8567c095d439a92d0b7c5b81ea419c0f5075c7bd213d
SHA5123be32e4a579c9dd5b678f33425d2d64df5c138315757393648d6ae30fb125784dbd4fb5d5ba46f2f72a2ddc1cd8ce0211208e1032742895e862c3aaecdf61a85
-
Filesize
128KB
MD5268d555cd0cee153685b1b0775ab7135
SHA1c884564b1302e6a169b0fbf0f65a00cc2e8b1883
SHA256d5bf7fdb05094d73ba2880c556caa9320ddef70be019b17beaabad4b0c40cf30
SHA512e208012491b4f13cefc9d087baba39f15ffc6ba83f723688c9a11ad8e4b6eb46613becdd06a9e10456f002f57bc3d9d91c523bc9fd8e46221bd76fb4d90c6f67
-
Filesize
342KB
MD58a9a6e4ffeeb95a7df8a2354d912d856
SHA121f1414bc60b326aaa0c81309e32e87dbd4d306d
SHA256a54b0f9d0a28fe50b0a44c9ed6c58b347dcba8265dfef9c9fd321db1b33169be
SHA51241a6a01f38dab9bd49491e6d4cec33ebc1afb5610eb483d786f6be7f2858ed278726fd2d94426e3e5881224cf8a59f769bc77ae2f1f80bf328cab574a0cca498
-
Filesize
92KB
MD5195778011cecde4ef4b37eca5d33a76b
SHA1f56950895094a437732b439e3358eed404769d12
SHA2560f4869a659f84f201af0c9a6380bac835f8c0fff854c6bbc6d5f02c8862d40c0
SHA512ad80867ca653267c4e04bb4d5f59c6b3cbb0c268e1d3d95dd4ae33fd2f6163128ef80ca370ad67664b8286ceb3578d6138509952e0da88095e0a567d3ac96216
-
Filesize
64KB
MD596fded621eca701f9f3cba75eb28043a
SHA1ae82e29f9902d4347b03c933e5ec042752d116ad
SHA25617fa8fa647c613de7ac10abac63597ea618e878380c68e4c476904547910cf6e
SHA51253461af5ade8bd32e2a500bc104d60eb4d64acd716278c4ab1275270121078dc1833e041341fa0f65dfbd566b0c5ea9ed9671ef1d2369a182657150369b31823
-
Filesize
267KB
MD5f282d93536e1951dee3d26089b40ec7d
SHA1d4ef80474e8f1197430209816a284d41af0127c2
SHA2563497cc90e9895210a66b88c1b144974b1eed44f6045f64e314399d16cffc3df4
SHA512ed109860ed4543f81f07b8a65dff43b229718b4591f06b185cd1eb420bf1bb8fc87cd6ebcce6940beee3ece669902ffa6b6ce5e1fc1f13c5c9714b5a1c69dc78
-
Filesize
215KB
MD59c37578e5e0685861a2b536c49e7164b
SHA1c3888e7ba8b644ae885bd843e44f2a6cecec707b
SHA256234f136b106d602b2f86155d65578041a3db9689c517c43e4db602d392f5781c
SHA512596b0933677074faba20113c9d9cfc3eaee96d4243efbd4e641e2cfd6b5270bb78d94bd81a899ad7e005f6289e0af06045e3f77a3e93f2de0d37a6d0c627d091
-
Filesize
349KB
MD54e21020cce77c5c1109549fe2976fae6
SHA11a54ce2052f2a7fb89d234547b0eee897005fbc8
SHA256ee345c4009ba1b1e78963f3c8e8a7aac5c45625dcf7ea0fd8ea4162c1fb4609d
SHA512efb0983c17c953b683fbd79e5b04f3a09edf580efb4cc990f791f75af29065d3fb6a85d44744db34cf6e653d4c90e71816b182365d9ea8a96a4130cd75e0a7bd
-
Filesize
100KB
MD55bf0f87a2c31e0dcfefe3f29a528523d
SHA13083310cea178bf5edc424b6afd7097e61d317a5
SHA256c0075c34aedb014fd84d9624bd267bcec392c6bb72ccec8958e4e467c3bf4976
SHA51250c3c2b2201bb2d2f0c86425223bda3dc2f60234c42f2ebfee5cd984da023bb52ee7ade2af2741731e57d627fd02f4d57beac6a41fad256333a082785bcc5b90
-
Filesize
321KB
MD5d16364d6158b0a345593406195b75a71
SHA19932c53a407b42e56a6595cf65d097dedb586c0e
SHA256f1a422c0a98f10d5574756c00795814c1e81a6606a893831cb6cbdab21b5f588
SHA512b15940ec760f28b03d31c0465b1d03b5edccad1d18c33877b6043dd104f23ea1495da5c30d457c2c64e33ba4d4bab3ee415cc525ec3faa9b460be9b222597782
-
Filesize
60KB
MD5407947ed0c714453f2f548878f671700
SHA1c16a8541e2ea0c407759be5def88b1440e101871
SHA256051947bbc5e8c9dde75fd1bf9075147fbb111d6904c9102bcd6fd93b2d2981dd
SHA512fce31b143fea083e8ed3d8550d9f02df0bfd737d35e8f0656ddfdd8c698b4cfd0b50c3df6a72434835d3d52a4918c194ca272bb6a8a84381ef29c9439ba01ab7
-
Filesize
78KB
MD53ae81273fc31a209eb9c2b01ed4c7920
SHA110a2ca397f68a70a8316e47e53ac6c13c3e95c2d
SHA256f47ba47442f0cae48883a462be514de5f7cba5b96a400db4e5a09e9a30ee5808
SHA512fc1dfd6d94faff4fd80b4e5365c68008062c672957ffabc60ef9ed8ccf13430f250db387f7167c27470083b7c0a23c3c7cd177d513401843961ed2c2acc8e377
-
Filesize
139KB
MD5104e8eac6a73d610f82b78d547494fa1
SHA106d3126c68636fdbd6a083b241ff317fa4792d90
SHA256d1c05df9a3af0626bc6463115b5222b23ae7563a0d1fbba51a5221ee0b2b723b
SHA512f3bf2874e0b1516213db58dadbd4ccff253f2fc881aa37e64c67e27983fab37b5c855e715157a3421116b4d1a94b285583b9e441493564569e8a04a7090ab73d
-
Filesize
140KB
MD512f0291db3260f198048f01d8bf7af65
SHA10a5ea00a809186d0c2f235c2122b9b8bc224dbbb
SHA256bc0f3e4598eced6b75044ff37436d3a78b9d31b893ab12c7205e00dfcd037017
SHA5125d679cd44a96777782e35fcc01974f72382309e594cdc5ebaf9aa99e6d31f247518e1782096033b6b9916e20ece22fefd3e1eb03869d9dd2b46ea3d490c9403c
-
Filesize
80KB
MD5ce73135a4a0140b9db137f2e3c4fccfb
SHA1da91986cfc120cef6f7484be0a45ea46dd981580
SHA25699a4d11034bc4d26b5d356355f2874c655a2b9a49fd72786a303f32d5fd719a9
SHA512d7ab95447dc76173fca69fff5496b2fc7281c0fe0c0fde6a9189b389d2f66c90e533f0e6e5fdf58da2dbb51a50a718e1d732479d3878667d6d3910e94292ffd4
-
Filesize
71KB
MD5979cc0447ba444802de05667415bc43f
SHA12e202eee9132c291b0d754fa8d6fccdabbfe4428
SHA256c59098285ca05f14be73eaf63822847c3ec25688c0c046cf8e7510630cf1aea4
SHA512f58b9f4f7fe18ff12c0a9af84a311fea965adeeb45aefaf168a7180a6416d98cd5417be143883188a6d5b9935c1e10bf0344239927bb4a70b9e8291643829829
-
Filesize
106KB
MD5a71e854e3ef5e6fa962dbe72e0be4b83
SHA1982a8f6bd5afb652d8159429020517609778f440
SHA2562ce5820e47f24216a890232d73a3590ae279d6c073630f44f0bdc218ba64132f
SHA512df11b2a20739919885e7ab285a744a9b87b5de7ea00b465e3487b218b2f5d24ad92f13ac1472ac4c455010145d84b44e2c1280cb340d232541c5029f7f39476b
-
Filesize
199KB
MD528fc7e63bc6760ff02f6a71fb1e5d09c
SHA1c0b21d0ed6a81c0d206f603b2cb1c8df40f2c44b
SHA2567507f3a955ebed31f69bcaaf254b09de89ca65fd7d73abf73951640557f95a2a
SHA512fb13e4670c06f4b603704036c8c5c25daf64525ce9370bd321cff87b81dc271d2fd7a0989ce70ff5f468a8cd63e6b3db4bd1787307ec38fd2fccb5ffda04d1fe
-
Filesize
70KB
MD5ab6c8db9bce99aa15dee1ef4b8ffacc9
SHA15d3092997efb40010703ecad64360264ecbc613f
SHA2569bbb8ed688de838c3b46f175dc920cfdec2610669e4b721b0f5d3b13defd0cb4
SHA5129bdf73f574d490ec51a7413e65a95df07795e47e3c2c128c16dd339d74b4729b6235200d9e9fae119832c2db2cd94fdb1381357237976e1b96e1932dc8864d0c
-
Filesize
75KB
MD5b0f4dca913dd27c4edb97dc2b6aa6cd8
SHA14674f1023dccf9b2c1a3588a6a372ca5fc6a9734
SHA256c2b18531877ddb12dbb5d94202b54f698e8a8526c5d85b8788b993824f910a06
SHA512f4458950b281e08c47b1850331f72b6bee0a60f7295f0c159f62e3d0460b414fd905d9cae086c120e900a37155ed8afe0d60d94af8fdcc28494f0fb5510b6d9e
-
Filesize
99KB
MD5df71677ffe8c6d8b6431163b7650297d
SHA19abe67712b275bcbdd9a625485554e1cf12d8efd
SHA256dfc2e3566797b25fe120b7079e6428651d5885f07844ccc5e35089a1cfdde48c
SHA512acc1a47f251eeb3a1937bad184c2b3e2052290eb0044e1b82cf1c0b89648b14ed09093cc6ae2d598b0a04e77960d8b365244a61f5512e16d5d4e2daa61d97272
-
Filesize
149KB
MD50021e516c3dde0874e4d1991546426a3
SHA1fb7b3686166ab0abe770de3dc8361e982cbd9b8e
SHA256dc38e7e6b1c38d0188eb60b04b0c228ab8c516a69b9b4ffb79951d643dd344a1
SHA5123b7fe96e8c7c3cdbc03e56a2317647b9374a91efb655b4a4d6d0f0cda4d5b7c3bc0277a1aa63eb5d4c52c6d32c2dd63c201c3d131c5e858a9a5e4bb42099eb3d
-
Filesize
149KB
MD51428a4b70518d5d5bd0c691d2eefbf5e
SHA1efe0435a63f4a0fe47d68df31028b3f6a317254f
SHA2569cfde18b24ac8367a6a4778057da915edd7f1087713afa5fbbc7645e6b3fdfa0
SHA51260847ea20bcfd488c9c75c56050b9bc0914fa845e9cc01ee75f97392929c0d8150490d81e88ac6048b883bb9f9a6d1c676cd9b73c0b0764c783f16ae7d5af2a5
-
Filesize
91KB
MD5ffa9f3ebc1352b805a4f6efd490bdec1
SHA1a14fd073dc2ef9e99f0e2e69efb7ee71761d8343
SHA2569c2080c0493e9e29362458586abaebef5d8a4f8b8682371e619668768392828f
SHA512179284e3e08a9c251f0e2558dda5673be0e9fb3aa8c021d1e5af4dcc8f0b65c76fba3e2859d34795a1c96590d80a36697a7adc92757fde0101c69b008ad8e8da
-
Filesize
94KB
MD58a39c442b327bcf62e5936ff599c4360
SHA1827ce16ae4dcbfd3f64c7c4da110b3c0031d9c92
SHA256c2b3696fda7d77f3548bfb271541680f6cd010cbae735ca33eeaf8af03e35477
SHA51282c5f6c1346c98a9b53b76453f7f870b4524643f91dd2ad6c4671cb2ba5aaaaf0ed3605d24cdc28f8542948fd8643a58efdf6f5c20397eca1739cf19ba9c79a4
-
Filesize
57KB
MD5323e8fa35e678102fe8706e20af31513
SHA147388af6c576a87cef94c5549aacad74aadae6e1
SHA2561edc48fad4e3164caca384541408b036a970f5afac1484b341927c3dfd9ce07f
SHA512a5b83e63d8cf2a49268ee4890f904cc6835b383f15f9f729075c5fbc7fe64f546e5c94b8d4707f34aac4a9fa70572f8c5222217162e41c6a5f63fd9aeb853b98
-
Filesize
67KB
MD53b83fda966087cdcab25afb5f0f2d28f
SHA1e0aee40a25d94a936d0ff937812178981bc83c88
SHA2560631ddd899203bed3af41d465861ba8d4d5a610a8674cffa16d869bc69f1c7c8
SHA51229b931088a04ee2471415d84b03d4efc86fcf7dd6e2eebaf09dd6542501c49b30f2c2cff0acfda576c9a6adebccae8a0315e09f2f80ef9e22acd580c35affadc
-
Filesize
132KB
MD5c619eb0f27e7a4defb21bc95381be331
SHA15decfc0130aff2eb218526d097b6ca59348b17c5
SHA2561b5215400abef35d139c08b3c9965944e9a34075e41e877ffd8ca29ca50a268c
SHA512d7ceecdfe285d808b9320fc5c475cee938ea27bf35aebc6b3c3e6194a00b1d24a1e9df9f64f2f3a3d33f66f06e468ab0897d1c69a359772e6b5d40e0a6165cfa
-
Filesize
76KB
MD5adce4446e3f892c8e523132bd3e5ac82
SHA1407b83440a2b535008b551f7f03ecc605febb6b5
SHA256b5e221c6ca03f139a151f8db3e735cffb05b25a363f064cdb56eeee1460fbcb6
SHA5127bc83bce5fe19e899943c8eb9d95befb338f77a19471a1b4de34f4b945b5c2fa921ca2cca0e4810d825c981dc5eca1761d372557976f9205110edc96bf1ee29d
-
Filesize
84KB
MD5a045590cb2dc91d2923233996ef3be2d
SHA1d34a7516499cb5f78e23f77d27873436fdc6455a
SHA2563028fca4bced512352fb0d60bb935fdc6007190f8d54a6c769846ea8d792b4be
SHA512a7c158526573af355749950561d86003285bf10d40c4fe0abf6a84cc7422c6fa83b876a44d0de05b02e209815ea22ae03545fa66ddcaad1a88e92d66715c9a13
-
Filesize
51KB
MD50e825bb5ba4015a32082bd69bc9581d6
SHA1bc63aacbe4a14eff3d44316c835534af06f73532
SHA25660dd6d53ef606459a5d526eeaf57cc05cf7eb6c75ad76eac2c5be2ea9953633c
SHA5120dd00bef9c9fd8248e8f56ff1ef0c280230f7b3a09fa2dc9884b9828719c64e52ebb87206d857a1417e63f4c8e4387c7a909b4e1e25015489876be0d8d390209
-
Filesize
61KB
MD54f64806f685a53f8a7cfae4470d33b7e
SHA19f68d507d1ad05bddf31217a04401b46fbb3125d
SHA2561e75b9953f683efae0befceb83ff1ea227b90a06f00a89f5d1adba028f1278f0
SHA512b8a2f5ea0c21e5ab3b15b245f746242dad78bf51112d933dcad47bce0f57bf6a35c0d2b27e7483473bd83f2b57c67a435c29fd37295d7d2d828ef8ef97985235
-
Filesize
74KB
MD55185243779babbbeda4a4f801f315d0a
SHA14819cb35ab23243dd7c2e8bfb61bdf49aee419a4
SHA256eeb514476e2e58037445f8f9fff6f56d1a693c867bc660b2e666ecd0e1e93fc5
SHA51233d98a9ceb24c2f6118d65204f118ced62b0252a0d802e9648f6ca355af22cc916941426fec079df67fee56935600bd89d8d1f715bc9d0199ebc26b461e1940e
-
Filesize
57KB
MD54052f9dd9e5dff0e8cc365118dcb9733
SHA147fa43a6db29b1a69555bd536593287280737fe6
SHA256263d9bb7f53243056cb376c35bad1bffa3468021026c88f094e35c4b75652bd1
SHA512c1ea079ea75b030f840c3f5f14c76c86fe27f21e786a7927e03fbf0ec627ec162a79e88c9343c4af4e5d47c15e650ba0bbc87db7c12a377bf857ca164a082c47
-
Filesize
122KB
MD5768347ee0eb21605e743b7a3f03b67ff
SHA1f11900953c89752ef94e53f7d8f33ba4fe8ad388
SHA256596bdb5cd3061f50cd0c98ea88f5171f8905c483172c7a9b8bd83d6aa881c944
SHA512fb8271476d917a89d6c32d2d7990c75d506ae81221e750baee9edc3154f65798dc1ccc16bbb525307378952bd170f494af3ec85ad49822933c8ba554bff629d5
-
Filesize
115KB
MD51ccb3f04402cbada356b4ed8c3709ab7
SHA1376c738f5b0df87841afc1d7d6a59ba76b3a12e2
SHA25608804cd6cee61083729003346f9a7e43d5b43edd5c14af1b7045987a89f22b9d
SHA5124bac2678fc4e55300883fc68e53b975f7b14559d3046c0f4261b520eeaf018cfc5751c5aff397cb3b8a6fc474e9d74d33cf02bb16337e8b3c0c97956d8e964f8
-
Filesize
51KB
MD546ddceef8d49b259e057d136759e3371
SHA1a82b5259cbd40f7dc903826ddd1dfa58bd618cc0
SHA2565fbca640e8c5283bf74424181af912632ebfe575a6444d87ecf433fa87b0cbfe
SHA512cfcbfc4a713d0c08790c029381317cf5a542bc78883b918868a84fd6b48c6a8a79e96035d84484d15880da20e0dc79377e7a019d1f247dd2a3b9f05803c3cfc2
-
Filesize
79KB
MD57d49493d36716a8fcbe03ff8a332f91d
SHA187699cf8d786561bc15dc54cadb4e3f05226d66e
SHA25648ad1c5dad8758904e3d4ba614ea66b83cbde96fb4593cb1a43775f54099bcca
SHA5127e57b47290c0504f3d9fea9c2744808f1f71b40a581b861347bddb8851c34a0ec74b9da67a2226cd5aa725d2ff59cc39ef4d367d55005fccf117e4ee6e98afb1
-
Filesize
102KB
MD54b1fca201e62ad6d8cfadd82c4e14292
SHA1efa8abb36f4518617640ae61a394e42a62410be4
SHA256a99b3c2d496049b8aeb69229e7cde6a7c2cad3483f28e1af471a006e45813886
SHA512d53beb3789af19b6e28369b3685d2458cbe8d0e95e7d888c6000d40d1e36e0386f87133c67e3043b8f62a6b869fc5b0aef6a1d9528064f41f43c3094311abc7f
-
Filesize
215KB
MD52617452759a6739c3209248316f4514c
SHA1d4627934405d5f5dc90904313b896d63f358c9bb
SHA2567a1933a32d4f21a67ad0b76b7206f6586edfd2b36dc6770e6a5e2d290ae93ce7
SHA512309286af87042d156e1e8c14ee091f1b38c20c0c9af1be5fd35e10aa461bff05ae233d9000aeee5363ec04b888092d26de04d7aebba49440e80e4fbbd9807e7a
-
Filesize
8KB
MD5c428ed8e5e441c4e0318fbfc59705ac9
SHA14f07cda30cf9cc1f2621f451e42ec6a8f62926d2
SHA256c3527b3d04cc12ce6be8c70bf1f8ed435551851c800d54627a52bc4a098fac79
SHA5121c2b1a9d7f6f7cf1de0266a87764f3c89083bb7cbbd66e5d754662b978ca2e92c374873e9f245e94721aeaff9cf46a3a38d4c3767b32b948b3269bd32c48103e
-
Filesize
510KB
MD5539a66796d924fb9ff4ace7d81f22dbc
SHA168573c1bf3aed5558dd5cec029753a2fb4669b77
SHA256008b2f8a1557afda94147f48c201974bedaa374f8be31dfad8e5ee6ed94f02ca
SHA512294bef926e922945bdb42ff2bd0423775889473be1907a4d4fc4d23f682fe3ff98ff7a6309831562134995a500298009b9be0e9d0e7cd945c4947887363f627f
-
Filesize
672KB
MD548b3645da5026e32ea5da7d1010a1195
SHA10ee9dcfbe6bf286b06907c97bfe3146107739196
SHA2566edfdca00661fba663edd7edb8a2c6247564d6fa148e2145e0c3cd654bdf1281
SHA512fa8e3b2523961af9155818a842aefe3ac5cb1ec857993e66d8361d750778714ad3cadbf117280f507fb172332b7532c4e25f5f206f26c247e4aa274de2e4d992
-
Filesize
211KB
MD5eb44a2906636bd7d81d92e96a64e5e25
SHA10965e28aad51fca85f9274ddc69e301237858d2e
SHA25613bdd02177efbad3f48b8094ac078d7dcf829e58ed54115df711272899abf78f
SHA5121fc126b68e23e2589d48e7d9a6904936c7e93f7094011270eabb0db6983ee635996cea222bbe25a1d6bbaa18cfcb625c9d3a59a29e39f2369983da1a7f22aba6
-
Filesize
322KB
MD5853d45a583fd2009266973078e40ba25
SHA198f9e05083250b200bab5196a9b9159db1f585e3
SHA25622089f9b0fe5c5213fec78c8ffdac0df1e62987423b6d47f497b83bf076de140
SHA5129c2a188efa9bb8e3f6a414fb31d6ac5ee988f6666ae83246fe4f2e1e53ab16320987eac8cffe15e0616aeee9c3cc42dea2d89bba8be4ebb7bbf284646a222cfa
-
Filesize
149KB
MD5275811d5bb96a078a4cd2bc16c9bb8ef
SHA133ec4125fdab74ec50db5edfa2b8d36b0ed6044d
SHA256ec2b76a5010ba8996109599cbd84f2f682878eafb03033958b4e2c41812ce24c
SHA512d05c5963f63aa891991845333116295f307d61b051a19221deedff3b25d025c4afa92c5905db4c1d3aa360e099d7f137ce2374c14ba33e2ee061d2d37bbcfec4
-
Filesize
958KB
MD5f74249391927cee5ad0b5a8ef7ee4837
SHA1f630542318903156d47662ad40ac84daa71e0f0b
SHA256af55229c76b0937edbc0c741da215ce05eef3bed544a0d3732785ec9026fc6c4
SHA512a0db7161e09d3ab7753830265904a3879457bf449152e7cf81e31efe4d38943f149b8f7330ffa3597b35031d5c27320dfaf5a0cf950d84a5b87e8f0b4900ea9e
-
Filesize
448KB
MD503af83510b1237093d040d78b46933c3
SHA1aa6d6ac61bbbcbafd12509a8cccdc00d4ba7840b
SHA256b4ec7cbc3f51e98d9fd31f998ba22e5dc367e1230ab42eeac01212e814a572c3
SHA5129daf64f0f1c4171e0abc5ec902fb7380acdff79afe6d9f6448c53fdf87739364fa6c17593bb753931129c572a582721916d8bf20d1ba7371d07afb91cc9cd710
-
Filesize
238KB
MD546d864a1c7d4c5a41afaa3f12979fdaf
SHA15c8dd8609fe355b3d9e18626b0d34409dcbecaaf
SHA25655f2e19ce2101deca3e9a7d85631f5e870fbf40efe4bfdf98bc0942b6466ecdf
SHA512a14df53b81af08d238c6ef41f26216e101d1470c094ee8b87455cedef1b6c8eac8aea02df8ad7ad52cbddbe5085fd5d4f98789fd6ab403cac034819d9a84741f
-
Filesize
74KB
MD5023f02a4622a0d2ac214f7eafe9125f6
SHA1b1650bd7695189457c8c8bf448be1d57e46fdd1a
SHA256e0ed02f34e05d58a4c37ccc02f84b2aed8049dc4954f841d1c45a23cd03a5c6c
SHA51252aea8a2d923272bae06503da327d75edc83e3bdade48d3b667070556dd3671e155571c9af7dac8150e28d4b8b32248dedc1c7f9b91afb8ef44c9da887f982b7
-
Filesize
92KB
MD5e2e8ee87b8e9107d4f1e465745b61e39
SHA1640285db6f03bea84cc2c11441e61312e422ee8b
SHA25691d72bc1a03d7ba21f80796b5f839d9b01173b162574cedecd25c3eb7372b408
SHA5120ae75e55c67f37d46a0afbc6b51819d99f78ac329585624f63f8515249f8a695379ab9cd497b64150f0e9f7bb4123209f915057227f79212bfe29adc62a33ba7
-
Filesize
88KB
MD5cbf3d6b320bfbf2ee31f8fa453af4421
SHA1fbe1efbe0aafccc16dd3e85b6e02a27cea851a3d
SHA256e70752f27c1530d8c95a61ace5ec08907ded83e825a8fae08f750d099a73a75a
SHA51208b7852ed0d3597c4042a9f041b036fa1fad70da4525a1432ba3f435ec97691f75f30c20a7177acdfec2a8c0a31f77524df333de80c6c7e1ebe77d201a09a08c
-
Filesize
384KB
MD591e2e114b61649a776ffae27e7c6b20d
SHA13625a716a9f1588bd0abc1f9c2174b29755051aa
SHA256cbadd3d87d41b9d34f963d8838c978ad45f1f8753cc614378156e29bf512862e
SHA5120fed4b384fa7a6b9acda55c207a14acdc32042f43c1e5fc4767d326319aa1a2f3fe4f7addb4963095b1d6e851da0fd754df6964a35717243d567c0ec63e90278