Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 05:00
Static task
static1
Behavioral task
behavioral1
Sample
fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe
Resource
win7-20240215-en
General
-
Target
fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe
-
Size
1.4MB
-
MD5
a0b3478ba7d88729a009bfcf718bdc32
-
SHA1
a1dff40decc50ec571936748dea4276637071f13
-
SHA256
fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3
-
SHA512
36ff76038676e4243fbed563eb02f5d656592326ddbdf2ff030a7f0ecd3ac75d6f8a9be2e263206148e0b61cf063209b2949023a7f406f51191b6190f0b7cc7e
-
SSDEEP
12288:Y2zoH/uLJOyo937vGFWxwFJI+yeuVb8r+ZP712Ii+51cjVWtVj5J:lI2JOt934J7Z6bQaj1BvUm9J
Malware Config
Signatures
-
Executes dropped EXE 18 IoCs
pid Process 3232 alg.exe 4736 DiagnosticsHub.StandardCollector.Service.exe 2084 fxssvc.exe 4092 elevation_service.exe 2748 elevation_service.exe 4272 maintenanceservice.exe 3212 msdtc.exe 2176 OSE.EXE 5108 PerceptionSimulationService.exe 4580 perfhost.exe 4464 locator.exe 4388 SensorDataService.exe 3340 snmptrap.exe 4472 spectrum.exe 776 ssh-agent.exe 4176 TieringEngineService.exe 4440 AgentService.exe 2168 vds.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 33 IoCs
description ioc Process File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\SgrmBroker.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\spectrum.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\SysWow64\perfhost.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\cebde4b1822cf6b9.bin alg.exe File opened for modification C:\Windows\System32\snmptrap.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\AgentService.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\System32\vds.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\TieringEngineService.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\SensorDataService.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\System32\msdtc.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\msiexec.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\locator.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe alg.exe File opened for modification C:\Program Files\7-Zip\7z.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_75875\java.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe alg.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4736 DiagnosticsHub.StandardCollector.Service.exe 4736 DiagnosticsHub.StandardCollector.Service.exe 4736 DiagnosticsHub.StandardCollector.Service.exe 4736 DiagnosticsHub.StandardCollector.Service.exe 4736 DiagnosticsHub.StandardCollector.Service.exe 4736 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 664 Process not Found 664 Process not Found -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 4028 fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe Token: SeAuditPrivilege 2084 fxssvc.exe Token: SeRestorePrivilege 4176 TieringEngineService.exe Token: SeManageVolumePrivilege 4176 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 4440 AgentService.exe Token: SeDebugPrivilege 3232 alg.exe Token: SeDebugPrivilege 3232 alg.exe Token: SeDebugPrivilege 3232 alg.exe Token: SeDebugPrivilege 4736 DiagnosticsHub.StandardCollector.Service.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe"C:\Users\Admin\AppData\Local\Temp\fca902b91106c95378c0ef09d68b2f455e2df179eb68026da650454a2758f0c3.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4028
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3232
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4736
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:3236
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2084
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4092
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2748
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:4272
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3212
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:2176
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:5108
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:4580
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:4464
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4388
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:3340
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4472
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:776
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:4412
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4176
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4440
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:2168
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5b0156a4f5eac51c5a3044bbfef0e2ebb
SHA134ac56536e4a425949194a4da823030280da16a6
SHA2565b11d737288f954bd3d9c1c5d83909d53872f2cac4c65ec5829060d4d80ceb03
SHA5122e8fa35181f828ae9658f858bf918f2791c80960f4740a731cab2b844180046710f6eeec51c3c69b02a64c432c29456ed6a10d3f395762989bb40c2b2f72f905
-
Filesize
1.6MB
MD57d2356cd6d5a78ab4a2b0b7818237a68
SHA134b787b0ebe6d20340bee727f89efb19cc765a3a
SHA2569c04dc4dde7522a5b0e0c7dd9d2aa3b78130d0798a3fa51b9a3631032d605b3f
SHA51272247a362adb39249e87e0fc338adf4bf01671897f06ba80b9571b3829ef8f03355d202d1ca2a4871a050a5e7bf53f299b6888ff57abd05b8fe2f664454cec26
-
Filesize
1.9MB
MD5b94dc43991f3f7a157b7e6ed153acb29
SHA1440c7b258fd85926fa30a0701e18b3d1e361f593
SHA2564ecee7dd1be3b64ef475eae98f639cb5db9d72883ce8d027daf8d9ee62d604c7
SHA512ea5114295627ba4bc1ca6b86c28c439ea435fb4107adfd34546c7ac531ff638470936e9758b43cbb20800c4806884fbe2908eebbdbe0ee7531641c3e3af11bed
-
Filesize
1.5MB
MD5c15fc03a50b90f66df0fe8b0eced45ff
SHA1429e3108288fe5b0a26b41552a142b624ca8fcbd
SHA2560b6da5b016fbe6c257ea67f1a497983001eee3027e051b43e0d6a1adade26c3b
SHA512a77abfcd2532acc8b8898d3915ed3a09326c2be3f55e9f851d0c9f1cc103cc9f3cd1a485b6932cb575e057cd1aaf04f5eafd7c3f3ed55f22f78e77f856d40eb5
-
Filesize
1.2MB
MD5f4b85a140104ff5ebd0dfc70bf85564c
SHA114348e5ee7fc1ea1d13be45596ae43f6c403afcb
SHA2566415d2fcdbb53b758d0c3c335e0138d8cfed35ddeef3c372b99bbc7293259ca1
SHA512d67be937ecbc8ac82ebf0b3f6f321efd30dcf7ffde465dbdf967d602118462778a305ae475173022a25f4ea24bc972fc41c4b9602b7c564b6ca5e0c613c5cae8
-
Filesize
1.4MB
MD56781b20c4f624b16788fc2ac79203c7a
SHA1d421618b6c75b5c39bdd59c13ce93186b00ed542
SHA256cabdcdbacf7721a7f5a97b09548418552e9f8d21ad641a16196e568dd1ee28ba
SHA51275e3ab830b89ba4f438276b9935bf858e00c61f5e6a4cf75c6936b20b0d66200e4e3be0e93a363e346a482ccfa581d1220dd08bdc51e73a4cd324f1fd37463d9
-
Filesize
1.6MB
MD5cae64f3045b7317bc4172a0a21fc4c50
SHA13460f088888d9f4e749a43acf01b70d540c63abd
SHA25656989d514cad3806e7cd8d1c39e34ee2564c5311caf8e160ade327323aacd946
SHA5122a64c5e47b5addefc8f91042428987d7bce2d83f04ea9878ecd7f9ad296ca486551fa9822ee5e884a97ccf2f242312ecb4b83591828f959e299efbcb1e327227
-
Filesize
4.6MB
MD5d0d5ee62020239dafd4f6e0a5da17e90
SHA1c3adca763578803195a5f5fd33018a25d1df9fe7
SHA2568a704db51f637df2a6884ffc4c1958ca27cbcd3563f7dcc45eaffe6d7bff286a
SHA51218da694c26fd3b09c8d80850a8778913ae1b8ad382fd2e9966539972e637eb1a43833a10e091ee658fb4ab3e3a9192c69930a1f8ef0a56e401a44f6b739fcdfb
-
Filesize
1.7MB
MD55adca024bbc601ae0cdd68a4b14011bf
SHA116861669b33312a41dc2047ced38ebdc642b89ac
SHA256c8a309b83a70a76c9ca08f040812ceee4e2040b8c5100982e4c96139fe668534
SHA512c63909e8b080f27e49b72970820c2007432b280022d7baf99c5f3c62f04118d98f6f34fb6656e2da2f20f9c4375f472436e0718f148e72258ce0ea215b48e066
-
Filesize
24.0MB
MD5505c82845237ab5e9b21ccbc1bb9e57e
SHA19840f89cfddb364d9668e908ec3dfe8f71c2afe5
SHA256ab1f4545e81d7272512e72b035b2823f34524d082d6d1192295ca835e2f7e2fa
SHA5129619dc48e0aaa988dfb1880a907e9b795de086b2edd3c37a6fdfce65c518b290d9298da26d874d23604660034c3683cd39d6cb5d5d0e9fea989719e3203f1a58
-
Filesize
2.7MB
MD54f03dc109298a4c34bdb975dda778b8e
SHA10930309f730a70fed899d51c58c63b72126208a7
SHA2569402fc35f9c4057e6825bf3b08a78cde5627d3a9baf7b536bc6cd176435bf3c4
SHA5121b2359cbc588b7f65389905469c15d01c6dac11d82e43da1bb70e51c1239705e57ce93622e39477588982f67c7f185d62b66cb4bfd3b4a7ef2e512ab09a70d00
-
Filesize
1.1MB
MD57805290f300a83fcea05cd58f25e8cde
SHA1cd8fd8800b557776c20992c9e1192e6d3eec9a22
SHA256cab94104d616a2727ad0d5f67d8d9f4c591b287af824d2f9422e2e011355df71
SHA5123cac2143f6cdbee93711d27ca5286b4a9836b18d3559feaf48733f84d290ac76610bbc85470da5b2a3549b77b87a40e93458ee04208bc62bebcf65a0b7baaca8
-
Filesize
1.6MB
MD5e8fdaa67798d2624ac3a310ccdc39f11
SHA19b95266a4542c9caa5189114150aea95c706e59f
SHA256220b1c95abe185700e1ca325685ca6954ac50e6c4be7e1927cec03e492a455ed
SHA5123d89730338495918b5e0bc4001ad609a89e9ad94d2408f8abfddeadea0211e13d93b150b08310bb9dc9ffca4c00b2afa202739970323154259dfc9e3facf25ed
-
Filesize
1.5MB
MD587be14d7ab5653d6684bfa1f5f9d1e47
SHA1f4196ec040b4b984d83dee60cdedf691c6592beb
SHA256dfb71d613b1634357b0b2032002e3fc6e6394a161965d4b7e8e05f1376882b3f
SHA51286fb57c2d68d79ebf42c202f654075df77afac2c9caac854f0693d29bfaa1ff5ef5b3ac164a47036a1efc694440958ecd90695513f17bb20ba726dd44057d4ae
-
Filesize
4.8MB
MD57053bce0b6d5d2f84cf1fd87e05a34cc
SHA16fecdb56e514ee9a36f0dc4b2f58c70004d53e0a
SHA256850d3b437648e332a5f18689845205b3f953d7cad0e693430d26897b3f0a68b4
SHA5128929695751ac48de7a41a58fa213e5b15479f6b5e4c758f6340477deb83d213b3439b252634ad1783cbfc3977f72d2528fb867d06dea1415e013bd69dc3a538e
-
Filesize
4.8MB
MD5b8b734b4e6bd24e03a239829d71ecffd
SHA1281296b36ba156cb449d9edd333aeadb5ea736d1
SHA256ec3ee9f94c5cf9d9df770fbf3db03b6d5d34b3abd1ccd6334fa09b3e911c60f4
SHA51257ad4735891a170984cf13efc5fc30cf940a6e2ad0c86198b7a1d646698f20b7ce0fb85e0796e598cf57db12dcfa6ba311c1843ed99903f068472776a4917b1b
-
Filesize
2.2MB
MD50e798ff9afc3a8503a29413f04b08719
SHA14adf1e15c7ec89a4924e7875879c3856add470c1
SHA256b7bebcf9d580f71d3a5fe00e52098a5b57ef047b0239b7325c050044007bbe37
SHA512abcf2a96f53b976e5ca97d91e2acf67a5319bd66428246cb02c22b548152ce77d94f83195f6144962e4b1dabb4302d0fe143f366c89c6f25f8e264138b47cff9
-
Filesize
2.1MB
MD500b7fedeebeaec327a59056568efb549
SHA1d91819fa4e786c68785f8810f3a345539c64259c
SHA25696ea71303847f61735e2b4943cc862e27118bebcdcac8addc572972faf3dab91
SHA512554b60c1852642ddf44a6d46ef1dba979cbb3a3933e3de1041a5e5b4dbf0501da36b1964d7a9cd8e230c0f030c1902f100b74178bd648e1840eb45a37d83dfa4
-
Filesize
1.8MB
MD5f4ec06ce2b153db2d9092b4c3c344bae
SHA1de68983a70cfd0d9e81daeb7d3185a28782752ac
SHA25620c1486122c3f1b3e158552ae9582180888cb2734c42c63ae71fa547e8c18d12
SHA5121be674ea9bae284097e74486f68cc7e2fb333c0f60ad0fda63b947c936f94aa81f3749221b2e8a03d9abec940962cf5133b56219f4f1679710b964600505e571
-
Filesize
1.5MB
MD5c5a6e07c01bc836e5cab7cbd0cba821e
SHA13ec9fa3a737cc86760ae7cb423e6d3172d9e19d7
SHA2560394f98477527d3a04b56a0b81e678a45d2cfd5e5911266c6f47c1dcdd2f5294
SHA5120ef01b70476636a2d49ab2574e1b54650d68eb851f2d8909b3a99f2bc30d3e9c7e388c577abcf811c7580df9a890c3200efc33639760ec413fb8e33687bff187
-
Filesize
1.4MB
MD5fd21be46388daaad223aa2ad2fd481ae
SHA168fbcf89ebc3726004fa0aaf283b450dee7d507f
SHA2563bd87b4ef80dbda42ee4d226838e1d0f356a611f1b5fe743e38e1bc015395474
SHA5125946f6096a786f20e16108439d21601263bda7843bad79e9e547c8eec369ba70a0c51540b8e993806b47fe3ad37befec9d03e4bdddf7e1172d98581cab431d02
-
Filesize
1.4MB
MD55620dbec079edaa049762b2b20ff824b
SHA1b08f1d46cc0dcd4090cebb2b048aedd2f257aba9
SHA256e0a2eb8d3d9f7d832e320ac147a5c7a76e7b8d505494d18e42373a79deab7230
SHA512868f7e1bd95e4b812971597bb774ec5077019f6babf1ef95a0d384980d9122764948d854538d23c623b561d9e7f14f818c1c6a166c387374c5094e6029ac3f6c
-
Filesize
1.4MB
MD5f9047fe54d118f80138f07b33f9c1d7a
SHA15a56b77536b5de936684b006e1b020947bfdd0fd
SHA2562d703e9b83eacf7158f14beba302df14f76d6a6738270b6dab08af02892cded7
SHA5129990212e22f057345cfe66677a88492ebfdce4374724208dc4b0022c8a06a2a62326b6dde30d7952dbf3320a8db95d09242cc067272f96d31e2ea8d87cfeda8f
-
Filesize
1.4MB
MD523acfb349a275106d05b5e1654843240
SHA1bbe2b6a11bac488029f768c1b4b356aad24f4aaa
SHA2563945503a22b194cd6b8d5de220dda86be9423b6f7c251f0304a5a545eb05ffe0
SHA512a2525a867773bde3cc58121f310bffc963f35dc4dbfc0105f4742dfeb8e3357a474cdbdc7a1fcbc1c4041046aa0565233be0a478c2814dd84cce2bd675c5c91b
-
Filesize
1.4MB
MD52f4a93e16cc7f935f1f5d8c18f4d1439
SHA12dcb63fedef00762913a44c2680685cb7c21d96d
SHA2568869cc8aec440e59f2d3bb88d08bb1a3d4158ea002aa236c605d04005488a562
SHA512bd02377f0ab419f0f1ae8bc4b7b77e94bfc201d46e3adbd19d15a56bfe2c29f5bea143c3e9cc4530a54c4cd7eba96b73d1ee8e27ab14bdc9153788f2c40a27b2
-
Filesize
1.4MB
MD5258a731c35778b5e8fc985aea7c030f8
SHA19922724d72bfed171fc0a49feec842f50e94bac6
SHA256f915b6a112025d8464c1a0c3828fff82ec21c3285935f6977c47508f4d4b1deb
SHA5126e3c69fe8dbc869b65f486aeb31b8b5a80c1756600ce2ba3bac00e7143eab6219fc1a3fc413497dd8c75c6aaa3cb513ca7718455a5a2c0feb74b834324af993c
-
Filesize
1.4MB
MD5123872e66a15e5110ac9d371817088f3
SHA1f593154db01fa3b2e2fe4b08068143e00bbb4c31
SHA256281f5cf06523a9ad5888755a6e35df9b6567658c871792018418ddd5e8f26ab1
SHA512f1d1778e2ef13e020b59e94f56e713787b02afd869f0dcf411d554b7191f609c07f7c81ff26404661b4bcbc87524e0ca2c0e8d7b9cb7d42d52a68a10cea3ad2a
-
Filesize
1.6MB
MD5f268d72041f875c27f7c94750aca1490
SHA158cedaa3153c9dd70f4fff6054985ae1e9b38f90
SHA2561d181a1465396a17cccd2097ba446cd0b6e7b7e673fe81952b71eb6ed99cdc0d
SHA5123291bec5cf5dc5e810bc3030e5d96e5e867e5fff38b936e1e4492b1ca2296a331bd5ec583c839bed93d0099415e77fb5a7fbd3ba31d2b0064fc7895abc3b94ed
-
Filesize
1.4MB
MD5191093800a53e9b9c099e502eb2a03f2
SHA14dbdf7c5cf8013906209a77ef256c5a4c7c65b2e
SHA256e6cc3a24ecdd15defd3d689cafb9ad7f37a142d3d201ca9eaef898d96ae7507f
SHA512b7c7c9e11092749a5ab30b3a0385fbee390626646c1ae5cb5ac9f730902c002a66f051a6c528fe324e8a8e5a4f4ab04a0cfce0e0edc1d5fa928355123d03565f
-
Filesize
1.4MB
MD5adf027ef6010f6dc4f240b1e82f887f4
SHA1e12f73edc088b8690f2ea2ff823916341e259a6c
SHA256f92534f148d8eb0fa9dfb7f5ac221afb57236e1a6a1636e33ae9d8f3815fac02
SHA5128a9a3be8b644a77c7cc3a55e4cdb69c072e13703160475f6825b86eaf35991476518b4faad8273439318499f41fc6de116c7bfb0365bb41b76d200031f6899db
-
Filesize
1.5MB
MD553a69d7e702193264c11aae05fd313b4
SHA1e216f11c410dabcf23e519aa7f9e0eae3148728c
SHA256e63ee404b81d14302c9e9141d565ad8cd9c72e818ecd4236b0b7fb05c5346809
SHA512f1a77937430d1364c61ddc33e343a0d64c944e2bf1130c09a1fb2321a87144c6aff50c5f83c40b6b4eb2c2c55227f85373f9db37d06463aa4a0d693dbb464433
-
Filesize
1.4MB
MD531b83918fe0cd3b9fd1bf0fa98eb9a05
SHA19d168d7d24e7aeef2f2d7e119f3b1c539abf35d2
SHA25655e647bdc71dcd1bc730204d38cc89e74d1e3b3d7c09ad63d19e7de11dcf4ef9
SHA51215c6a36bde40b016a311f9258358bd40abae56b4583169c48d2c8b8cba67e6a2d446b86f2e3cf9697317b9d604f6aa9d4fd0dc8b36ba9c46ade73d6f3b33b625
-
Filesize
1.4MB
MD5f98e43665756b3432641268b09d87031
SHA10c24fd81a75a96286611cb75763ffe10ba03c7a7
SHA2567339888019fc64847ba230b167b52870a3a567030913c55a52378be20f4081e7
SHA5120f59604f48a249ba0e88226e50634eda12e0b645b0b77c9cda308c01501f8038f3d5eb27d202db88504cdd1c90d6321e53c312f733c14be0837ed18ee8e0400a
-
Filesize
1.5MB
MD52e7c583f19996691b8b583e564d9c6a2
SHA13f47d877cbe9822ceb1c54b7f2433c5184a099be
SHA25607a5b26d19986a73920fef3267735546a721f3cc577b65091d81c69d1446e323
SHA512da9e2950a4e1ea4c6dc73035ed79ad8738ad006d9e7a2c8a5a474b401f930df2a943e5fdd823cf298aef4aadf5cb3a451e721537aca6601fa655356080fc9275
-
Filesize
1.6MB
MD5a45d01856a262a5a30196e15d271e7e4
SHA133d6a39cd41817c0633a57ca1e6a47c19cbef943
SHA25606138fd3d63162a889b771b4694e05c0aea17029b7e30ddd726e839d2e7a08d4
SHA512fa722a8eb6548e32b0cb5f21e2456a6be08c38deb10afeb9f2a0d90c48a05034091f1e18f3b3977e18d8835d33ba91443c85261c176fee6b500881cb6942d884
-
Filesize
1.8MB
MD594d485538d5f454512620dea0b473e94
SHA1eda590c3f1b770e08cd16d3be5c310f77ed98044
SHA256cd3c74bfedddc89a03a547a9dd04fe861c3501b90887970722baed1cbdcb1fe0
SHA51233a398ddce93c8f71b1e0ebd8efc4cbf3c1bdbc66ba85b21ab177832c60aa6e1e0695ae97192a5135f9da7208e1005deb3b4d1655c6555f2ebbb617620b2aa2e
-
Filesize
1.4MB
MD58e427aa7648df607e74ffebb3989f88d
SHA1c1dcc4d4cc169846370c6bcb91d4a171a75539ac
SHA256bd366a73ac2d513f490378a7d27c76669a9abc5b81dcd5a6609b2b354c23b7af
SHA5127907a3ef58f6b1727075c9a01d642cbb94b09d51f08956c25762f61925f14e44966d54e027c2e2b9cdd1696c667869f01173f3ddedbf322ed9e621821c2db3b4
-
Filesize
1.4MB
MD5728b3464056044ca7635086f60c60589
SHA165d6ed4a9c23084f0dc4d98214dd6bfe539b052d
SHA256e15d217b929308037c52ea21f4da537a8c0e6dd9d43a22ade639f5a1794af657
SHA512bb5ddec345580b45f991cd535241870d4692dd968914a5fe031a0cd88108baf03371f28610c770587e5a9db8924ae69502cddddb92b0866dccfc354e2d948cd4
-
Filesize
1.4MB
MD50c59201b3ef8b4dc56c44c89bd9cfe4b
SHA1cc7702364cc816a2a6a295272bca75228b3c3843
SHA2566ce9c062b35874d20395202c9dcac16919c5cd3f0759c5a180cb9b24a144cf12
SHA512e2d281efcd3746470cd53d762bf96d9256365c5676ee108c8d835742c3855bc166b80cf95d17d0391ffddc675495116f0c213e85cd48c61d040a11a219b3b4d5
-
Filesize
1.4MB
MD57d2d74dcc350ba45bc71bda094ce29ee
SHA1153e7155090829f03aafd76c4e21a216aeddfeed
SHA256a21afabe754b2deadebc734e3ce7fe00257ba59a465eb9f072b9c94c90e56cf0
SHA512c3811cefecb051d0ecb6a65ede9be3687f25559e7ce61920d61d89dbe86ebc2d759b3fbabf5fec8438a216e8d7e431d93721a442baa59ba1a1828171b1c9bf2c
-
Filesize
1.5MB
MD57f87a0c58e96d3ec9e58ad0512be8522
SHA1c75bba578195a09c8065355abb7922bb05612059
SHA25611064b40c34d859efaa73e8261da6603285db6b42053224fe70fd2909e1c9dd1
SHA512be630d39c3569ef17a369c8afd48dad9a2110816c3f30c5320161bccf04d2d6699b551de306fb5361fd87c558402469e4112a3e9fed04e569d3bba3df6d7e94c
-
Filesize
1.4MB
MD5a5e012c17a6d8b242e529c5152dfe256
SHA161c045cc2a6005466b0f47bdd0e3523d593e3778
SHA2569dc836a6400d7072f197d4a180e4430bc75d4540116f905b398b6d8bc9c998d3
SHA512ea934f9f4ecea0a30799b4d044f3ce2f09c952e9140d5325ae951459f67b333f1f00664c16158c1fb0a1163fa1e1814735439c4e81a75f963a75088aedb06f6e
-
Filesize
1.7MB
MD5fa219275f6bf9491c4f08f2422283b25
SHA17954403d6989047c6f36c72cc46f499e72a28a99
SHA256bc0b5167383ecb4383f21881e8a671b7acabf9929a0b5e945f4dcb056cdccc60
SHA51274a49387a6d13ade9124db2bbdd66ab006962c7361e49a0c795638b8ab9efadb90c1260aae30f9ad69cdf26723467b8258f6c294cdc532722a16fb753cfcfea7
-
Filesize
1.5MB
MD57f0f20a4d04fdc33024fa4e84c7bf7c5
SHA1288eac010d490529faa825d54d559e6fa086b85c
SHA25677089f552e976409fb2110e6fa3196f632c2bb7b7030469ef02f5b3c26a9195a
SHA5121cd00673005b083d5dfe36c65f84c30eee1ce0ae49596c59d8e9430700ca505fd12aa2af3cfb6a73ef6fa35ab839155ab50482e9fae887f6ea37b762eaf21185
-
Filesize
1.2MB
MD577b532ea86b7ac847005e2793d883f38
SHA1058e444481f05845952d27a665c12f40b1449659
SHA25601df75511952feb2d7429476b23d08d10fba3e8646949fded19709f615db61c9
SHA512e6945eb9c963cd74fb24138efb589c3a1932ae99b686e743d78b7871d1858fd6e5fb88c4ea78ecbbfaf8609355ca27262b0cb774de5bcf7d4768c8d22a157853
-
Filesize
1.4MB
MD539851f4ffdbe7418842bc5fb1cba4910
SHA14baf4693852a0cbfd8fdbc0a3d1aa9a2c2d86af3
SHA2564482228c09e02c4c5df45ae4c1b6547421f2a455e0dbabecaf0622b3fba11adb
SHA512eb38e0198bccbf83fc510cfc1b891f0117c4d1c13986ec4fe000e7eb65e718a2b46cd7cbdc0194b392493c66abf750ea049206a4d40b0e26cdc849c48d25cfc3
-
Filesize
1.7MB
MD539c2b26e6f3c36f58c760790578a7cc1
SHA1236c5977534fe41f29442cd4a59a31b36545d760
SHA25662c9dc887436bece42f420a472ad4bb0bb5ad1dc7c9032f4129b786410520696
SHA512f21bd6d424f25bbce48d580defe7c1f0e5548a98e9c814744d482c981de4a3cbc13399b7fe88ebbe87f762f56b47413a469441203aa81221c1e3c9a4567d7964
-
Filesize
1.5MB
MD58b68da89b65dfed199a2e6076a3cf3f8
SHA19cb190c9e739eec41a5bd48a45ec0c53edeb0367
SHA25623001e6eb594259d64996ab1608f5326674e98569a9277c959c1ac1ab339c384
SHA512538e86d469ba1e7283db33fe5979c76ee256598f1d59b7050bd5df636af5e0f4f6f10ec86ec2e4de35fd08471357a825c88166e97de9fe755197e6268ce9193b
-
Filesize
1.8MB
MD5e7d9a504f4819085d9d7fd232e0d97ba
SHA1c118c9e60b3d89b277f3c16d03f99f46da39c25e
SHA256886dc72aa07ec52245f233bcaef773813d712c63af31893030bd2d1a857d1b34
SHA51246a9452525ebef3868839026a2d25350be6ae60254de5866ea729d85ce460cae038a80f262d5aba51d56887713da3091340b6d53911487c985dd0d844416907e
-
Filesize
1.4MB
MD5fbc1ffc4eae5935344f09240ca0db673
SHA1c01936c27a8e47f56c22f027b3d730f64181eb56
SHA2560f2af8adae5c6b3acd934c3aeb6701366190d6563222a045df4bdc540e5a661b
SHA5126c9fa9ed6ebca3da41626b5bc8412d163e73850cda6f2fbadf45520800a82836ce6129df5384cb9ac3ef5a0c501ee1df96c6f7e6e060e4ffd948c5e76dc0c694
-
Filesize
1.7MB
MD516cf2178504a4dc8628df0c5fd2e4fe0
SHA1bd6058290aa8de3ff6dbba352e3ed2f96d0911ac
SHA25692f2f869f33473187de18ac727634b2561fb838336161c23d9bcebf7a9b42f33
SHA5126000129e90e3a285a619ffaae5c44047de81c2f60d8d8b8d4d70d9402b1b708b6404269c23708c31b1dda6651e40307953b408ca87cd088875fd1d7b21b2f93d
-
Filesize
1.5MB
MD52dace7e5fbd6cdca9ca74769ff4c35bf
SHA1df5b7fe5be9bbe49d89bd6e25eb87884b5befdd8
SHA2568afcd0f25e91fc3a3b7c24d29e93e2e26613e4095acc9bc1c78ad6faba56e7c9
SHA512521c62bf9635a8be40f530c1e774c46779f290f406dd0aa8334784170b65269aac22e74e2cfbd5549daa3e5e4dabb39c9efa435690bfe790d5833fd9fd8974b3
-
Filesize
1.5MB
MD556f5fb68dd33bfda63d522e217e68eb0
SHA14f121cfe94c5590c31f7d1cf18d63f900fb832b7
SHA25602a46389b2de70001f145aac3be851bcc54b85fa046393423cab1d4ac794455b
SHA512d1f7b2c51003995514c9bcc3db42ad651ee4ea0e98f887a5cb67f6078017f861b0d8af627bded7ded85fb70ad15c2112e557ff8295cb99187385d9bfc371124c
-
Filesize
1.4MB
MD583bcb76d584548b015c54964d4b4fe0b
SHA1b2bf528c14e474263aced6cf8bd052e8a29fce4a
SHA2566c6eba7b632262884a326e16a6f740f6283e036335dbb87311f93bbad5a4a355
SHA5122fdf0f25880b34626bae21e2371af7fa2453dec77b03cae9e0f90e3d9d446ad1b04d3faca9b9fa8f6b5f41a4f84a4b8141e02579cf13c97e27420203b460d9af
-
Filesize
1.3MB
MD5ed5e34b64e110d7892e9fb49a3e13cb6
SHA1bf1c3bb996b25553c92230a0a80472079b29fd67
SHA2564f18ecf54c6726e688a46d8e7706d2168a51434e440b1514bd527429519ab7c5
SHA512b9890d34e92b3be3d43e8fc8f2c2fa012daf781ab7f47e6520707cd22a96150798246d0c45b01320c79d59012445483bc7935e77ebaa50c81f4fd3b35cd44f95
-
Filesize
1.3MB
MD5ba0248ac78737426b8a8a83739aee59d
SHA1d6f8b389e8f23b24cb9918415f1b07951f6bff3b
SHA2568dde2100fbd4ef82040469d5037c0b33f3d0eee3d7d8701ca37b6f61e7676d5e
SHA5127df740cff5cea9865cd778a9b13b64d631674b3e5ecddf748f77d0f77b42bf255bd0e00bb0d67ed81d1917c7c24baa49bc7596e33d088ff653a9053385a6cfd6
-
Filesize
1.7MB
MD52aff001f064427cd8e8a10e9f7ee7025
SHA1f1cf19a7a24c72cddc7a98e11bafdb9a532b3b9e
SHA2560196ca48b319877c7120bbd8eece54a934c5bc9d9e304b99600ee398dff3a6a6
SHA5120a2405d816c2e11ff017fb4fb0513db5dc5da4415e7ff6fc6db94943a2118423193ff1f79d986bde48daf27c077d90bc2162d024a04c7c8a78124156c23b2b12
-
Filesize
1.4MB
MD50c1b61995da987338a43a2eb38e68267
SHA1d7ffa2fd4d414e145273d9c1b2dfc7bcc4c1d3cd
SHA256c6ae0486b900f0fcccd4e15cbcb3feba9f2f8a611f6a4fdfcb2d3e76d8605c29
SHA5129c580de54952d5dc2fad1c3f42ec6cc78359e7618868786198f25db31c629cf72dace70eccbd06c06674f6f047e378074a2414c45dd1800b119b4f9bad000e88
-
Filesize
5.6MB
MD57b50c20874e8ee83d94da81cc299f0f3
SHA11397ac2af47db94ee8ae110d50f3f23826aae278
SHA256cba7a301fce956869a9d25cc74e1879a5d85dbb548904145d6e7fd3113aa7de9
SHA51234c58cedbd71e69983a41999be1526518715a39e6e3e14d400c8afc580f38fbc67e8d115a2f964b82230b943ce1ded327626e0fb224b9ca1bf507ecaf1d93ad4