Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:35
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe
Resource
win7-20231129-en
General
-
Target
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe
-
Size
5.5MB
-
MD5
ae7b34e264e11f50cea8e45395ea6f02
-
SHA1
3f1aa1afb4573bba5e551dc082bd7292978c0096
-
SHA256
0439a8f2751ae3b3a084ff8df14257c8337815670ba1d07931a2de2fd36cdfcd
-
SHA512
e5c47e0a74552f69b3443afb501a36258b12293b503b09d3b0b5dd2a5545ed458ea99f1c80591fbba433cf9bf8c8426e15bc1af792570698e9e6f4abb62922e8
-
SSDEEP
98304:cpEEYEKdrL/LGgB32V/sosbjy79tJRPNXwY2heuDiD93YC:cpEPyS36/sXbjyDFWeuDIG
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe -
Executes dropped EXE 22 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exeSearchIndexer.exepid process 1496 alg.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4788 fxssvc.exe 1508 elevation_service.exe 4552 elevation_service.exe 3148 maintenanceservice.exe 2888 msdtc.exe 2676 OSE.EXE 3208 PerceptionSimulationService.exe 3180 perfhost.exe 3472 locator.exe 4336 SensorDataService.exe 320 snmptrap.exe 4412 spectrum.exe 3856 ssh-agent.exe 1224 TieringEngineService.exe 1348 AgentService.exe 2540 vds.exe 4392 vssvc.exe 4528 wbengine.exe 4504 WmiApSrv.exe 1636 SearchIndexer.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe -
Drops file in System32 directory 31 IoCs
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exeDiagnosticsHub.StandardCollector.Service.exemsdtc.exedescription ioc process File opened for modification C:\Windows\system32\vssvc.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\System32\SensorDataService.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\locator.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\SearchIndexer.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\fxssvc.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\spectrum.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\System32\vds.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\wbengine.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\snmptrap.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\System32\msdtc.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\42cfa3ea4d74bb6b.bin DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Program Files directory 64 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exe2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exemaintenanceservice.exedescription ioc process File opened for modification C:\Program Files\7-Zip\7zFM.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\7-Zip\7zG.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe DiagnosticsHub.StandardCollector.Service.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log maintenanceservice.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Program Files\dotnet\dotnet.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Windows directory 3 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exe2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exemsdtc.exedescription ioc process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SensorDataService.exespectrum.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exeTieringEngineService.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
fxssvc.exeSearchFilterHost.exeSearchProtocolHost.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ee630ae8b44fda01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000473941e8b44fda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009a864fe8b44fda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000029ec13e8b44fda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009ceed5e7b44fda01 SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000189c24e8b44fda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008e565ce7b44fda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c0c40ce8b44fda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchProtocolHost.exe -
Suspicious behavior: EnumeratesProcesses 45 IoCs
Processes:
powershell.exe2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exeDiagnosticsHub.StandardCollector.Service.exepid process 644 powershell.exe 644 powershell.exe 644 powershell.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4292 DiagnosticsHub.StandardCollector.Service.exe 4292 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 672 672 -
Suspicious use of AdjustPrivilegeToken 44 IoCs
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exefxssvc.exepowershell.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exeSearchIndexer.exeDiagnosticsHub.StandardCollector.Service.exedescription pid process Token: SeTakeOwnershipPrivilege 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Token: SeAuditPrivilege 4788 fxssvc.exe Token: SeDebugPrivilege 644 powershell.exe Token: SeRestorePrivilege 1224 TieringEngineService.exe Token: SeManageVolumePrivilege 1224 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 1348 AgentService.exe Token: SeBackupPrivilege 4392 vssvc.exe Token: SeRestorePrivilege 4392 vssvc.exe Token: SeAuditPrivilege 4392 vssvc.exe Token: SeBackupPrivilege 4528 wbengine.exe Token: SeRestorePrivilege 4528 wbengine.exe Token: SeSecurityPrivilege 4528 wbengine.exe Token: 33 1636 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1636 SearchIndexer.exe Token: SeDebugPrivilege 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Token: SeDebugPrivilege 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Token: SeDebugPrivilege 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Token: SeDebugPrivilege 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Token: SeDebugPrivilege 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe Token: SeDebugPrivilege 4292 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exepid process 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exeSearchIndexer.exedescription pid process target process PID 3984 wrote to memory of 644 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe powershell.exe PID 3984 wrote to memory of 644 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe powershell.exe PID 3984 wrote to memory of 644 3984 2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe powershell.exe PID 1636 wrote to memory of 4432 1636 SearchIndexer.exe SearchProtocolHost.exe PID 1636 wrote to memory of 4432 1636 SearchIndexer.exe SearchProtocolHost.exe PID 1636 wrote to memory of 4620 1636 SearchIndexer.exe SearchFilterHost.exe PID 1636 wrote to memory of 4620 1636 SearchIndexer.exe SearchFilterHost.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe"1⤵
- Checks computer location settings
- Checks system information in the registry
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3984 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:644
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:1496
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4292
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:440
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4788
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1508
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4552
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3148
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:3208
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:2676
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2888
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:3472
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4336
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:320
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4412
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4528
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 7842⤵
- Modifies data under HKEY_USERS
PID:4620 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:4432
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:4504
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4392
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:2540
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1348
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1224
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:2768
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:3856
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:3180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
659KB
MD5f91102ecf113189dbf076aad48476e3f
SHA1ce055cd980e7b7b07eea0dac4ec18d5caa8a7f41
SHA256660d2e53310ff3ade73974fe8bd2a8bc30c883219a4a816ee5bf2c35a3f9d12f
SHA51209e2063041ed7210a9e5ff1702aa6ac51b10c690c48c031690543dbce4a58c66ac82f8d47e1d414c2bfb459d9f108996d7c7d8eece22f015fe7f41c021ea7462
-
Filesize
57KB
MD5cce5cf45ec57e5596cac624ee86ade23
SHA12f81eacba782018145ac07b9be85cdc051fbfb66
SHA256da4eb2c2d2bbe44911e4063171f3f0859c3d4b9fd286eab12c592482b653cadd
SHA512a517a20a8424947331c74233c2b0495fa994ea03359268ab28ef4638f74085e9997dc44557a84748f79222c17bc02a438ca12178a8c1c6fe918b26f3f88aff6d
-
Filesize
356KB
MD515ecf2ee3fb48d2bb8ecdae4e8b74fb1
SHA10e18f93c4670b3bb3bdaa2676fed8ad3e0a4babe
SHA25601e92de9b47080524f7b5e3299260d3a2773ec778c636304e4ba57e1aa1e470d
SHA512eee6b35cd8cc2f67cf76c88d43d00db8016032618a5bc0fbe3f6aa32eb886dfc23c4147a27e81eebbc65169377f9ed4dbae681440b6d108ced50c083a670cfab
-
Filesize
1.1MB
MD55a9d7fdf3168a07a2f93266a8db629ac
SHA1f47d5af69a63820f5faaf7956ba9b5a0753ef4e2
SHA2564ec79a54347718cd298fb37d8d7b41d965d8e530fea98a7559592c8aadd9a7aa
SHA512d502e0fae821e81cbecf6799efab14d3908cf6583b6777a1533e11cfe7a262ca05a50418f10b213bde9467b6cc8e774a921742202fa28e48e15d32db8402647f
-
Filesize
1.5MB
MD5c5f567699f15b387a78f17a1d48aaa37
SHA1572a896bda5a4c710938ff624589d5674cc3338a
SHA25679ee1a98d18c6ff6b3dfb4638ce347c47f9e142ecd221579bafbffb65154b1a4
SHA512feb99208fb87c203c18001d985d5551842fc7cb29317be685ce59bc3b6dffa0316ad6cd568c6c80b180d1bfe5e8ff301c2e57916bf1e4bcd96dc378de8d0d4af
-
Filesize
1.2MB
MD533da71ec239cd9b74c4ac99322263707
SHA19d7e70e2196780f6832e09765d634b95e45df5e4
SHA256ed8e9204773c07e6058077256461996106e1992e83ab6becacdca2d83bed2350
SHA5126249b6b579aff481175654d22dd81b01b0b2a718478058be22225b8490a3610988eb1b4ed1530ca60fe42b8dc30bacb94596e3ed624b475bf8667dbd09ddecd8
-
Filesize
582KB
MD55fb61d641cae0309c29db5a5a089c100
SHA1a198e05036891ba96acd46ef3e39de8bc607f538
SHA256b1c8a9b44825ba18f76c473014330f0920c8415c8b5ad3d10e8c092072c64c10
SHA512add43a5db82422016836370605d3d768528fdf953b75894e7469d1f76545443998b4dcfe7c632f499d731e1545b6226cccf773859462d4bde10096312e23f94d
-
Filesize
840KB
MD5429a6d516b20829bb993a42f3269ea04
SHA1781b9b8d9b61db2391cc5ae13e6842b11f50ee39
SHA256a40d0ec53eeeaed52083e525588a82c0d3197e5e7aca9f3c1c189eb2f7b286ac
SHA51251d428b753083383c054ace7e980015cbccb2650973d0b4014a335761e6b1e3695324e409eba7cc2f17073fa287df7512c1eb50f04ef22dcda99c6bf89249292
-
Filesize
1.7MB
MD509e5ba6a95525f0531bb4ff280773282
SHA1de35d7daa3367f6e34733742d61c6fd80caa6b87
SHA25687fde58811f00799287588bfc4e6c47295245227a179bd7c4f43fc0d66240043
SHA512a5565e70ff71e7e9a61c7d60d03bb7fea339bb566f009eab2144e2638c84826069dd061405b423c992171cb59af03b612afc782897357677cabfe23483884abc
-
Filesize
910KB
MD53ea420ff704a4ad1b2975004f9889933
SHA136ce331483551c7daa92bb1c438b13ffaa8fd607
SHA25616c41efe862af6ee4fda8fea5d9839ff7ca49f6e17c43d0fa898b49ea3502aff
SHA5123765f451aaf53e895b44651885606066a62c180515374f343b6cffe7d6ea5d795628375efe1b3775ef90ac7a48f573e41fb274002ca2a5b8ac3b1abf508a0283
-
Filesize
1.1MB
MD5214d20efc1b25f1518b490e01490a081
SHA168f0f27fbdaba29c3ec63752de7a0c12a890df90
SHA2565a843b62106769da4c63105dea65a6ce6825ab918b749eb4ae27708b2381272e
SHA51288e493b588c0071eab03f8827e232162130fac6871ad9c785d77a12ff55f236b0abe15c51d363bdbde905ac8c6eb31815856933ff5b497c59e628c7c37e15748
-
Filesize
1.4MB
MD5237279c06832a256fbf6c3bc1b8e5a17
SHA19c9cd75355565a81bf03daae3d9ee280cf6ed909
SHA2566b052beacdce530184e6243141f3d219b6ec3ddaf5d0defee25dea06f56d63db
SHA512a19fd198de2181196e69ac1cdbd50bdc6c1bf7285c3db693c7a3c078135bdc38571317d6abf49695f3439c60ffe96e4c696d3d2421977af75af794e411e17a8c
-
Filesize
1.1MB
MD57e66cb9b2ecac0dea0e3baa18ae0de8d
SHA17dc3e194cab3b5a20b73e59433e4a70cbf4948a1
SHA256d0eab74d46a3951b6be249fbc040fcd15f06168eae29fcdd6bfd6e810c0623df
SHA5128334cba1bab06661715ef25fe273bdf7aca6c807a0b5a267a0cae29d5b1efa8dd5483283f58c9e05e50f33fa28af2d33ffadb2fe5158e6aedfc76e969061010c
-
Filesize
106KB
MD56c3edae814e6f5fd66d67b15cda10957
SHA1e7335acef0c82543c9defe24a989012bd8348d03
SHA256d4b9bbb5c95739963835bc7fbfb4657c2ac649af63337ebb4487f732f7965026
SHA512eacdf1475ec36d1f18bdf8ba7759344e7ad28fc4c7b030e300cac62396e13ba85c4bdc45d6ef930dd06354c3516cf9a45c3973b3d097763a06c2f4c31bfbbcca
-
Filesize
576KB
MD5d82876d584dead099889f9af92a14f5b
SHA1d1034b9da66933a8b4673557edfa3948cebfc6f2
SHA256e1a3bbe49990da443b36012290e29ebdf1f09479f80accc6670c95ae6679db96
SHA51262c6eb6ba73f3bce03b2bba14e0c0cf1d0b617749d568ed40c7db9d344c9e2fd029d7f3c6ba118beae5a6f250735005dab1e123f44bdb88ee1d547a73051031b
-
Filesize
644KB
MD568da5299e2228a0b678a0a985ec05ac9
SHA1c1bdca22a0bb08bc26e5ad9fecf588fe63e27886
SHA25610d310b316fb1b1f29802a7f752aba9f224e3c9f6a08c55517a45c89db3498f5
SHA5121a3dff35b0b586b2e2ffb0b3907f4da5a2797e9c184c8ccd751ad859a2b25dc5d487921f753a6248fbc9b1e965109cb3b012ac5eb3f1c36d92c051d3018311ce
-
Filesize
886KB
MD50a3f98d2a9cba257e66750254e12c824
SHA19212d8d2d077e407b1f551ee3c1e91abe6a6b71b
SHA256f37fc4258e214cec83c8fe00f231851e7f74e58cebb1ea00d1a0038cb7cd7d08
SHA512f27becfe743766ee98578b8306a9bf71864eff2e291e55021001f25840d626db1446b7f1e3e7e6635b6266b5495615c7dc02e08708d1021da82b0ee70dc15a97
-
Filesize
757KB
MD57cc21bcea9ec1cb5a704fbc9868d36a9
SHA1534144febbd5a1b712da55e3d756b28023bf7da2
SHA25605c151a3e38dbd832c67198ab0801895b93b5e497089b4252260f7dc5c4a1e63
SHA5125688eca1cd2273db0a0934bb21fc9bbec62956b03865e6c081861a760804e450ff1baf77d9dee2ccc3d0988e4031effaedfdb25b3effce6b620e588518eca056
-
Filesize
313KB
MD5d5afd2337c7b346068fa915ea6a04b12
SHA11a3cfce9a11e5a781761eb772e41629024e83ef0
SHA256711fad98762cd2427d40716fa56f249b915b397b0d7f840d47d001a86b362b19
SHA5125f7fc25d2c93e5aef4e5ae2dfe026b70d6e6e25a2c29fa549944d87ac69f8d00792a98f835dee82427d97ff6ddddb2fd5412801eb9339ddb62e1c21b1d1215de
-
Filesize
555KB
MD560b9bfc745416226c6f2073ef730f320
SHA1ca663ed4480e24382e809d0396e9f2ff635ee18c
SHA256b19a7fbffa4634db3f4dce6f8df06d113231a5b4578a2391de25b2fb87b878ac
SHA512548bbfde20bdbad4bc375f555a0282b8cbcbd58ddeebc050c433d8997a7e2cc186a259af17deb18ded58510a7829b2caae11699e004529ceea2d62de8dba7c35
-
Filesize
775KB
MD556cbc7208ed796b6fc3a9e8422eb59c2
SHA15615bd34c6e03adadaacab3c0c6ae94fdcc1dfa7
SHA25618ff699a1782496ef5b70b2a355bea136b7db86a12624b6d5ba442aa37f84d12
SHA5121d29cf4facbf7676eb609babd702273a32fb40372eab16f053d0538ed5a9fb6313b248c14d651536fcac2f4ac9aa84b0d2abdb112335ff1405c2cc1556d15b60
-
Filesize
581KB
MD55ada93c546ca8c0f778607f23584cf8c
SHA1538dd0d9d54a689e38e0a62ee7a293d5fcc8e13e
SHA2565f4e4780f2282e2531d7eee4b17caf4d308830a9cebc5adaf3c50f2e765df454
SHA512297bc9692659ad14573c34cdf63597f6d3a374b53a6de757c0cfce65719f295c9b0253ae4425265a440d5706ac4cbdf0b649ef827b0b904bc79a76081507ff47
-
Filesize
581KB
MD56d3daaa86e2d05bca24af4b5d554273f
SHA127b8dfaaff90433bbc84039d377ebde5247e14d0
SHA256203594c00af8e0b652d3c8c3cd16be32ceefa3c4e499f8f59017926493614a23
SHA5125a0ed58fce6751aacbc620133e806b9730c73856ad29e883f1015967f598b1e69b94e9212ca2412bfa24ede3eb1c37a94ad5c384569cc8bccf08290a1165632f
-
Filesize
579KB
MD544a819229bbccbb0bc13e4f9cbbfb212
SHA1dcb3fa6f210905f50555a47552d331c5b8a1d4b4
SHA25683f9f153ee78b5e5853910dfc9d95c2c199159b6b4e635f10eb02e51ac3e9545
SHA512ca1e05b08821e97c79920f4d07bfe332d2ab4858def3338a8370ce27d2a423552be0fb19867a51d7e98b991105ef49a8d4fd3f46ebed9d099d105d397f119191
-
Filesize
601KB
MD562b5c25b9618f4d6797a20022c7205d5
SHA13d62ba2d4d38c127670bb1253aafad3fd4781d07
SHA2565f881ccc54a6076fd8289c6611cd9150f830b1e95d3ed4eca12510d0ec0a1624
SHA512724a37e04a1ebaf5ada38fbd33a4c6b4612a3fd2904dbc93b283bf745a6b6629ea0ec0da701ec769c7937e50b8fa9a0166cecf42c50c7b29864ae7e6f7f60e8c
-
Filesize
581KB
MD52d3352747b60d688eb92af24e15ab882
SHA1c4be3f43b562197f9bef7859bb3ae1f5412cb779
SHA256175c9bfe436f15e36025b3de35acb8e783b0a9404790caaac27cfaa385cde478
SHA512fab3b5effa01cea8adf272eb14dfe5a8c6419cf9ac00cd6c608ef3c5c28a15a1887d97c8c24b9667fbee305973dd698c90c8626673d284fcab7c4007c9f8f597
-
Filesize
581KB
MD53cfe93237b833f7b3cf06c1694411921
SHA1538571bf8393b6081f2f8c7a1ea266dae7d1e748
SHA256a06e0aee0bff19215fa2416aceb089cf757070378fd5db677685e3b647fcbcea
SHA512c873146cea12a82ee3d1f249ae1943938dbfd38012a11e6aeba6cdfdf57b9d4b2ab6c0d412a0cefeedf86420c0fb0fe600a2260ab872e2565890f36a3d3d924c
-
Filesize
575KB
MD51209d8cdd3590f334563a7ce0c9094c6
SHA15aaef9a47598a75a52f0bb5e19e98d9ade907d5d
SHA256b529b8a4312cfa40d2faffdf5a00bc35777e98267433dc7e4241bfac3be55101
SHA5121a0d9c518763fd2f3b3298c880d6b0ce4552d921fdbb68637b8047f003a5c367731fba8a76f7e12dd7994f192295928b1c67e482d22438850e82c0b5d0a66394
-
Filesize
488KB
MD59a18211360c5a86a485bba610dba3ad7
SHA1b4479932353fbd6b9edc85f6960580a69e0b4926
SHA25608ac7dacb526bf4940c90a821935ce28f5fe7a5bad4b5afa806612b58c8599a1
SHA51225644565ed7842ad8c507bef87f189d467ccbd9e5ce66f29c086370b2152aeeb95696b30b7d5701f1e34051054c5f6f326ecb5623841d0218ab09f9c2386c0fc
-
Filesize
494KB
MD54865dab4215f532b5e21e08335a7ff73
SHA11c00e3bc2f7a2daf6f467e07bf0a88060574c32a
SHA25609ad02af346e6d3c00592446af14b67742aa461613027edf8fa5a8ecff9786d3
SHA51257f170f4fde1ca64afa26048aa94ecf8add4fc13c706090fc0c69a408a59fd6e6b08d9e75ccdfa18494c94a27515b15ae5837322ec1bd249534830f2e2a5b197
-
Filesize
417KB
MD5cca6b64fc4b59365799268b59255fc3d
SHA17793f2133d70ad8a2baceb684cab3b291863c918
SHA256aea704004c025d04d5b6885a7f7d001fcff5a14bbb5201473b30b0b83216223c
SHA5122b0cbd8c2db3d063d5a255eb7ab635b52d53e45f414d0ea268a6e7dfcb5d445365ef94df30583c4a568e698c341519e36e62d03e20febef964494c77f775eb4d
-
Filesize
433KB
MD5fc4ab24bcdb4c4df4fc6df0e9a94cfc8
SHA1c2c7b602aaa85e2c780998de05d93a580ff959a9
SHA2565e0ec90b5f579fdeec7416bf5d6860c84687dca00edfaef867c4c4f9a1d04505
SHA512c13ee87de397912f47982c478ca898f70305886ffc7f08c820f6ae8c5e7b2b26a4bec13e6edb490e6d585e4a4d3535fb9cf32573f86669073988f0f99046bec6
-
Filesize
347KB
MD5c602d4f3e9e7aee0d487624bccbeef7a
SHA12ea9f81298580d548a0a4cf2c04bdaa6a5c5602b
SHA25694270a180c35f4e2b1196dce677251278a31ebbc716d255abb02176a74062be2
SHA51295769a2a4f77d75ff0299e42527144e30530372172730d9e2b3ad62b597b39e31a40ad5f3c82b9c8d7897948ef7a44e6bb76cd259f9be92d53a37c90f0d1b0d8
-
Filesize
376KB
MD5a9620f22110b96cd2b42a4ed61b8485b
SHA1fa6535428c69e4ad37659acc4e86254d9cd00920
SHA256224021ad7c1f8d77bc5769ee5aa642cc727d486536bdf6af8f3684976e62d99a
SHA512a55ebc933e5307e2f530e18837e7d131b6e11c5c66f56ffc59bb697a6083bbbfbf98db46f538aabf7dbb081e21e3e44be0a22bad231e6b6dfe6bc47ad8afacb4
-
Filesize
365KB
MD56d71751aef18076191a29428067cba81
SHA1b1f3cdc2cf9c345bc6258dad2144010637f0f396
SHA256d2af27baa592bc8d31304a1d0f4c93a7efff7585f0446a1222059a1fa6eed141
SHA512a2a4f3415ef9be223ec8a92c827ad42bfd96f5204827542560f22f7a20f698fe4f20e21c0b91bd828d31e6c4ee41bf496d1ce8506d5c840c26086ac6c05d58fc
-
Filesize
696KB
MD5ee0403b3d1efbb1b7860aeaec7000169
SHA140096c1a5fadb3419d0a4da1e5f8503944c22803
SHA256438a9b12f6fdd2689c56f94c2affb91b05a7ef12ace68d2a7bf11a85bd5292aa
SHA512483a34ee041f24ff86d9510fab06db15bdb18581c621d537c98562ad02a61ff0d4cbf54e7f68567d500d2bd57ea31ca04a41ccb22c4d99c4822e2a51a58c0fc9
-
Filesize
10KB
MD59c9b0d6f9f47234fff9513a0ca80b9cb
SHA16180c38af7986069ca79f40255c759a421a20dc7
SHA256280b1a03e596eb36d9699725dd8f63dba958c1c9ce715651874732926ab5451f
SHA512a62e1be095d0c6fff465c87a40c87767fb7276fe0fa09bbbf1204fc01af4dd4774cd8eb8a57390cc507fb53eae1e3b1ed8fecfb9c5dc7cf2dc0ee4240cdf3413
-
Filesize
26B
MD5bd3457e50947d4280734e74b51b5b68d
SHA1424635c6b5622a6c01a59d290a1c9ab8e593effc
SHA25623d647979bc5dc186de5ba3e00a222a912ab8e4782eb6407efa70e29e95979f5
SHA512e83e3615a5e94af288eb1c9b92f55e271765cc43531ec94574371debf63c0c4a58327b6fd8a4775bfba8a3234220cb0396b6d33164309a09a1d826c0689143fb
-
Filesize
3B
MD521438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
C:\Users\Admin\AppData\Local\Temp\OfficeC2R90E2E30B-9350-47A8-9A12-A7100F7C595E\VersionDescriptor.xml
Filesize20KB
MD58dab2f2248f23feea9b09681c00f9849
SHA1e83d66d05d6108e5633596fe92c161c112424759
SHA25693b133cc9192a13b1639ab2766375c1c15384fddfe8ef1007af7664097665e48
SHA5127858aff3bb9ec28620affe9a14f524cd12b009c6c679d498542005426ac91f56a6cd3debe2b7084769b017bec48996e99b014b3933ad434cf7444d1761759fad
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
342KB
MD5a0143e27c8412c5143f7ae423f95c7eb
SHA1d2fb08dc8914b1b01ef4b1f14edd874b185ad7e3
SHA256f92d3ee2c0225da99d9cf763ff4454e6c82d19a0bdc2cec98c33807241ad8b7e
SHA512de33fc52682f0382bfe4e05108d9bdc1846387d8c7f503e6118530ed62c957e7be4906f66828a66db614810f7a97694e0b8f02e5f2091308fdf4e8b9a1da2fdf
-
Filesize
126KB
MD538406723dd201e72eaeac1a3df285681
SHA1301fb740b481711d450b64b5a7dfc12d205d35c2
SHA256228ff77c773e66d95a85a3849432320a39b5bf361eba5e679f145e00be65b010
SHA512f04cfec65b5ebfdd1c78f192cf642d31909e84ace5b7b0280c49f2ce869ff9c7c95f5988311ea687cc678cda12a89b3fc371a7af68d24974ca68a8ca7db1c2ba
-
Filesize
659KB
MD5503cedde2cf0ad8892b509e3bc8d7d21
SHA1081c1c8d4c99db8dbb1ddeaf323c2bff8ce77b0f
SHA256895a4b09559e17595f1a968f4a6a79f7cc0840b3c046c665cb174b447eacca6a
SHA512b8136046e5a22d31e1c9f744a784fab627125a38363ddf701a7ed48f44e10c1a4e8076480b4d6209455de5a3f506e1c11ca35e86ef2220c0fdfa10fb768bcb04
-
Filesize
429KB
MD57315d9b8075700c3a4b81dd7c757c32c
SHA1663d283fd9fc04f03324cabe9fbd89e437363ad6
SHA25625ea78b4de0f91a90dce50ba46782c6f09266d918bda3d32c21dd8f74d591b64
SHA512b719325aca8c292ab97410a8381ec7e86200f061f1abfc8a28c67262ebd34febdb417048a3c4c43d72c9195e433a9ce273c5f0a296fef6b0da89158802bcf60c
-
Filesize
125KB
MD5bb36918ba3594182e04bfba54deac048
SHA1787f483f2dee5542e23cae9cdd65664675754206
SHA2568e35e40178c564fb5e32aaea1650b5904a349ce5591af2ca6dac09da6ef0e61d
SHA51295375e94e16a089f3c810bb89fac2dd20f468d19fff1a71d61ec09548183b64f294915942796cd8cb601a1ed8058144148ade110bea196239cd253e0e15ac76f
-
Filesize
147KB
MD5270fa722cdae23bc47fe13836ed17248
SHA19e2b66775277835e60d551f431af892d0a618ec9
SHA2564846a0daa72c2a94c28573f9d741d5ade64651dfa679e48e3e057461bb749fcd
SHA5122336906433bebcd9ada89e61226cc16b7a50d288b1bcd17e5bf29d433804db1be2c467a75076f18249955510235e52b895b2e092115c382370b2db6ba0992d90
-
Filesize
61KB
MD57376be56d4c5c15a0f74d1ea5a50e86d
SHA107c713766255c65abee24726f0869764118188c8
SHA2562a2aebff5e39748751e6b4ae2d2a0a3adeff0fd1ae93e90400f03102c1f51ad2
SHA512836276168577884f07143cb5cc3cb34e0859bb9c236a5e13478ec628f6daba74b14323922ec2aff2b27db5f58598c1b6ccb6691435ebb446a07dfd733a7acfa2
-
Filesize
10KB
MD58a00f6000523b2e5b668016b88c1b4fe
SHA1be66250f3f6254426b0dcb9e805b8778085a3f54
SHA256eefcba3e1662ba804ef763af590316f4b66a90347775ef77a5132104f6134a4d
SHA512ce07f17805616ddeb387a22f91254fa3481d10d637401c2bf1766d74e3b9e6586331585e94252be174c4e5c2d34cd0a08872a73e2ccf87aa80f56e19cd099ad2
-
Filesize
77KB
MD522a52f73f8973138e97c5374d2fc4ba1
SHA12820c8793f4c71ec8f7a2a5d00353b092860a2d3
SHA256da3fc5ee8944b2c2798bae523fe4d7c3512056310b07c3d53774c638a75dee96
SHA51270e4b0f5f3ce7c7951df5d53ea34c23b581ac2550471020361eb62f72f269b507801554114d31d58efb2a7e9edfe69a8cfc3254cc70650c7dc4ff4b674a4c1bd
-
Filesize
235KB
MD5e8431e306345449fc69da6c63861850f
SHA13e80d6ad5e7bfa251e87e90a3659dcd16367809d
SHA256871a4d9ae970710f407b4f47d08bc985bbdbeb27eccf3bee47175da5112fb74f
SHA5126732be78bbb0474a1087caefd9e4acfb25e5f7d80947e81c908e51ed58752a57e59f9cc43d024d6b8f4d19b00d769258fa846809934d948f2c83bd06ec1382b8
-
Filesize
569KB
MD5892b389a7e0033ff47ec2ffce2142669
SHA17bfabc3f759e7e78ce72a2dad999c84eee81bb4e
SHA2568fd4718637fcae8f9b558e73b2cd7d74bf99dbef2fd4736a0e8bd7695af0cd1b
SHA5127a7958f650d9b67f759d7d4238d3fea0d9c4666b1eec05e9366a2a8125f895efa7b79630712c54b61e523a5011dc8fbac216e00f297ff9ddcf6f30dd40185aae
-
Filesize
72KB
MD557f0093398d94fec8acb50a2d9ced763
SHA1a256a65f41cf49d83be87228569977a1654c620f
SHA2568db2c26f29d79961ef7b0a077dc449040eeecacea3637137a87c68f8fda7426c
SHA5126ef5c3085390e4060e95129f1b75ac748c5de554dd20e3bcdb2348d76aa01e4f43d2ddb7d539fea4b73e36f8d41bfd9458a18c8bcfcbc3105837636723057f47
-
Filesize
115KB
MD5ff528fa99067a5f21bf93f92b3169613
SHA1c4f2803bf14a44cc36a8d3b1d40309943f0ddf3f
SHA2560c24a906791c7552ddd8ce08f919d6bdbbcb708d81f6671b6a0ce91fe90fff20
SHA512a30e0e1fa9992f1762f0cd0af7d6b34817eb9831a7684467ae5872e4bf3ebb2d2e573054d5f7aa4fe349934e01e7db38f60465807f280096bdfcc4d292b09bd3
-
Filesize
260KB
MD5ebbf2a37cfc4e93cd0540e5ee5ad3b6d
SHA150a017fd63d0f039afd2ff499df7753acb7b6624
SHA256c08f9acb237d05658eafee69661b9bf597fabeb4ca4fdf7f0a2c68c9f06f0769
SHA512e90f70ad39d49f93ee45cba6a4d283d1c280fa0e30b17a04f1bdea9fce1d4a9fe359b33613159bd9eb4677cc4616f0b4bb36878d075c2fc4ab0748c0e5158f77
-
Filesize
661KB
MD5b86f7fe25a8933b8f38b9b823bfa0829
SHA180f90b72002e4fb2dba6e5ee91570f4c99de0d3a
SHA256358bca3c8abafb76d5354e5c732ffd3161860e6096cb001682578c5865970361
SHA512ae628106abd4cc47d8ed790be049645dbd1da735d7e0043b5e69f88720a9bbe098044360b7a6d9364124699f6a3c586aeec43661ac38d88f93669e0438351170
-
Filesize
121KB
MD5e7be1aa1f659f05f40ae2856dc024a09
SHA1a61c76339142526c395119221bc3be8c71de760f
SHA2561d7d4181bfb071ae22d9733c19ef11e0015842bce8869d47d67874a9e2a3726d
SHA51252938318b960932f5b8398e6b20557993d5e1ae7d46d45af7e4c9147cff888b5897890212456127f6567f628088ca073bfdd83b183d2aa8d13b8e15bf51d0fb2
-
Filesize
192KB
MD5f5cfde6e0343fea063bba74166b86737
SHA11250ae38065ad08a4b359f7fe6fe3b62d8004f77
SHA256301ba6f7770b5782ac3e83bc27f8b5b7e7bac730be423d21915c344c6ac77ed1
SHA5121cccb78619ef7476a402106f7ac259488d133355fcc91b9b748e032114f57ca1c603015a69c8ecc2dcec68e2ea891063fee4bf0687bc4c0c1a4a9594d0148041
-
Filesize
154KB
MD5e12c65e27190e27d94d0cd7b9a0b9918
SHA14511388592d14d1088068752563bd4a28b2bf6a8
SHA256d5bbdae5c92a3ed97c39c85ff07377f0f017a5f70116483bc6d6cf9ca4b2e3d1
SHA512444f1196ff6277ad16733e9fc89233c7d47923f50e8c576c1cf5741eaa7ce2a49e52c28459b0b4e76f5c76f52812537b7b8bce8f7558f85fd65282db1bfe0367
-
Filesize
146KB
MD58e71e4787958761031ab6b4d732e8c78
SHA13eaa912d63cd63338d614000121c9383169b431f
SHA256789fc7c82c4c96a4971e97ced3faf2c1c68d67ffdf2ec25c2a1df678046ed2a6
SHA512d3bfa4c5c12062cd53b5538e4612015ebdb2702215e921b4158e6a487a945ed7fca55c6a90dea674ef04cc66647d9f58fe966907e8a5e6f9d89117b9e619e31d
-
Filesize
150KB
MD5e5be009d169a7d9586ce49a730e5034a
SHA1c333cf10bf8fdd681163cf8ef58f907030bd1189
SHA256b3a0d4604e49d52ddd314d1941d5866edab9472d51545b1d041298bfac648acd
SHA512012642a13f23f29707ccf46662713c69dc7b03b0bf9d0ca29c1f5fe940ddda22ccdb77894bc848d448684d6f152a158a41a2feabb558baa8d25d708ee215b879
-
Filesize
514KB
MD5da0af0570a3dd6cd5e4e31e694fafca5
SHA1883f762f62d3e738aba9f17baaa13da7d2668019
SHA25683ae65376b93604e7fe81089e9cf5701482d8970dfdcddbf3fbfcc092603deeb
SHA51277a2e910d2411fcd19e3b22ca67bf453054403ce0e2ee0566e0846ec17f1bc73c0faa5242858fdf88055c26000f57ab52c6f5a69fa8e2d9e1a991ae264ec8ddd
-
Filesize
1.0MB
MD5d3254a7155443a68db82491679b2391d
SHA1d6806f6a1ac5133e5d905de3bfd06e48aaba77f8
SHA25677606c8bee61df157a826598b083c747c4c58ecbacee2fe67654108cd8004051
SHA5121f0132e33c2e7e539a684421d4c291e386051fe290a8c61b62ba6890521c916f0c3f82876ab2ab6c3d15c2ec62b537960904e94fadb431d711c8ad233ebb9b3a
-
Filesize
593KB
MD539b80e16c92d8eec9c65287f76edf54f
SHA17d0843985374b638b95d46c6a61816f31fdc0053
SHA256c00a4c7730db72fdc1caafd5526320022c229fc69240ce08c437c42cff2e0412
SHA512fe81933537cb34838cc11fad9bd04957be7d891264cba84d95a012611a14398e3b967d3d8d181b7b41598033a7a93e25aa3f8d370d0c77717aed31fb78482683
-
Filesize
610KB
MD5b5b6be3192e1dff69cf4197900dc458f
SHA12c91e7388847983337df389f2e76fc67dcc030dc
SHA2560ac666c1fe185774ca85ff7906435a1a1fca79fb58cd8615060b81c065063024
SHA51212124a99a5a5262a4db6cba8765c63ade884ab792bdedab1090e1f79d672fa39462c279c650cb9a1a096a2029033b5afa582028ec01b05f46fc43fdc9a1f12c5
-
Filesize
561KB
MD5ae98c136450a1c386546fc8feb338756
SHA1975796024cf2b581e2dedecaf45a0411b533a77c
SHA256308b6d793ba81c9e468f6ffa76382e5acf84f7b7fa021b73a0ebc597ea976978
SHA51241892c57120311f10c26df0e47ae0a26439c0380dc0ebafe9e50325189e398ba695f24c718e6e7d71f222f44ca416299be63980751841ec68d00f8a20fcaabfd
-
Filesize
2.4MB
MD5c5ffd1d0ccbd75f19f4944523eeaaa5f
SHA115e04ece5b06ccdc5ad1240de742f3384f4f2996
SHA256904cff3b5aa48434a0320767cd9897aa6b5a46e9006fa7220236e722d53eb13d
SHA5125420a1f15779116f57b91d962cee7fdd5ab4b2f0f15402ef6815a086abf52f8ac7153df417787169ea619b9c7ad68494a31f76e7d16bb14a284cabf1150d914a