Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 23:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe
-
Size
4.7MB
-
MD5
1ec78ac0898f63c64eb19b0475e2322e
-
SHA1
bbbbf53c06c387bf2dbc69d779c20826512d1c8d
-
SHA256
a70135b3bf5c57e6d39dd6e9b16b25839b679fe0c44254459cfdafa8cabe4519
-
SHA512
6bb82dfcb3e1a36de9aa362cb9ca7a26eb70a46c2d8aae010d5b73feba0fd18c833051701379c6d03c1897cb5085ada3c541fc548b8f02fc365c355873d4f159
-
SSDEEP
98304:KqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhGmv5:L2dV7VK8tj0QufMC
Malware Config
Signatures
-
Renames multiple (5962) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
steamwebhelper.exesteamwebhelper.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation steamwebhelper.exe Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation steamwebhelper.exe -
Executes dropped EXE 32 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exeSearchIndexer.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exepid process 2176 alg.exe 1584 DiagnosticsHub.StandardCollector.Service.exe 4852 fxssvc.exe 4776 elevation_service.exe 4232 elevation_service.exe 1948 maintenanceservice.exe 3920 msdtc.exe 3576 OSE.EXE 3068 PerceptionSimulationService.exe 4700 perfhost.exe 3088 locator.exe 3568 SensorDataService.exe 2320 snmptrap.exe 1760 spectrum.exe 3620 ssh-agent.exe 2468 TieringEngineService.exe 4940 AgentService.exe 2136 vds.exe 4516 vssvc.exe 4680 wbengine.exe 1844 WmiApSrv.exe 1196 SearchIndexer.exe 5552 steamwebhelper.exe 5408 steamwebhelper.exe 10836 steamwebhelper.exe 7764 steamwebhelper.exe 9340 gldriverquery64.exe 7444 steamwebhelper.exe 7364 steamwebhelper.exe 10092 gldriverquery.exe 10408 vulkandriverquery64.exe 10004 vulkandriverquery.exe -
Loads dropped DLL 43 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exepid process 5328 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5408 steamwebhelper.exe 5408 steamwebhelper.exe 5408 steamwebhelper.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 10836 steamwebhelper.exe 10836 steamwebhelper.exe 10836 steamwebhelper.exe 10836 steamwebhelper.exe 10836 steamwebhelper.exe 10836 steamwebhelper.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 10836 steamwebhelper.exe 7764 steamwebhelper.exe 7764 steamwebhelper.exe 7764 steamwebhelper.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 7444 steamwebhelper.exe 7444 steamwebhelper.exe 7444 steamwebhelper.exe 7364 steamwebhelper.exe 7364 steamwebhelper.exe 7364 steamwebhelper.exe 7364 steamwebhelper.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 38 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exeDiagnosticsHub.StandardCollector.Service.exealg.exemsdtc.exedescription ioc process File opened for modification C:\Windows\system32\SearchIndexer.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\msdtc.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\System32\snmptrap.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\spectrum.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\System32\vds.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\fxssvc.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\AgentService.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\vssvc.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\5e053ac0205991d4.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\System32\SensorDataService.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\wbengine.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\system32\locator.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Drops file in Program Files directory 64 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exedescription ioc process File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmic.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\dotnet\dotnet.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE alg.exe -
Drops file in Windows directory 4 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exemsdtc.exealg.exeDiagnosticsHub.StandardCollector.Service.exedescription ioc process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
spectrum.exeSensorDataService.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe -
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exesteamwebhelper.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exeTieringEngineService.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exedescription ioc process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz steamwebhelper.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 steamwebhelper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
SearchProtocolHost.exeSearchIndexer.exefxssvc.exeSearchFilterHost.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000046ac73b14289da01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c5dc08b14289da01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b599bdb94289da01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" SearchProtocolHost.exe -
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exepid process 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exepid process 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 660 660 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exeSearchIndexer.exealg.exesteamwebhelper.exedescription pid process Token: SeTakeOwnershipPrivilege 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeAuditPrivilege 4852 fxssvc.exe Token: SeRestorePrivilege 2468 TieringEngineService.exe Token: SeManageVolumePrivilege 2468 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 4940 AgentService.exe Token: SeBackupPrivilege 4516 vssvc.exe Token: SeRestorePrivilege 4516 vssvc.exe Token: SeAuditPrivilege 4516 vssvc.exe Token: SeBackupPrivilege 4680 wbengine.exe Token: SeRestorePrivilege 4680 wbengine.exe Token: SeSecurityPrivilege 4680 wbengine.exe Token: 33 1196 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1196 SearchIndexer.exe Token: SeDebugPrivilege 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeDebugPrivilege 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeDebugPrivilege 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeDebugPrivilege 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeDebugPrivilege 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe Token: SeDebugPrivilege 2176 alg.exe Token: SeDebugPrivilege 2176 alg.exe Token: SeDebugPrivilege 2176 alg.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe Token: SeCreatePagefilePrivilege 5552 steamwebhelper.exe Token: SeShutdownPrivilege 5552 steamwebhelper.exe -
Suspicious use of FindShellTrayWindow 16 IoCs
Processes:
steamwebhelper.exepid process 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe -
Suspicious use of SendNotifyMessage 15 IoCs
Processes:
steamwebhelper.exepid process 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe 5552 steamwebhelper.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exepid process 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SearchIndexer.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exesteamwebhelper.exedescription pid process target process PID 1196 wrote to memory of 2080 1196 SearchIndexer.exe SearchProtocolHost.exe PID 1196 wrote to memory of 2080 1196 SearchIndexer.exe SearchProtocolHost.exe PID 1196 wrote to memory of 3584 1196 SearchIndexer.exe SearchFilterHost.exe PID 1196 wrote to memory of 3584 1196 SearchIndexer.exe SearchFilterHost.exe PID 2852 wrote to memory of 5328 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe PID 2852 wrote to memory of 5328 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe PID 2852 wrote to memory of 5328 2852 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe PID 5328 wrote to memory of 5488 5328 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe PID 5328 wrote to memory of 5488 5328 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe PID 5328 wrote to memory of 5488 5328 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe PID 5488 wrote to memory of 5552 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe steamwebhelper.exe PID 5488 wrote to memory of 5552 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe steamwebhelper.exe PID 5552 wrote to memory of 5408 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 5408 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 10836 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 7764 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 7764 5552 steamwebhelper.exe steamwebhelper.exe PID 5488 wrote to memory of 9340 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe gldriverquery64.exe PID 5488 wrote to memory of 9340 5488 2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe gldriverquery64.exe PID 5552 wrote to memory of 7444 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 7444 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 7444 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 7444 5552 steamwebhelper.exe steamwebhelper.exe PID 5552 wrote to memory of 7444 5552 steamwebhelper.exe steamwebhelper.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe2⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:5328 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe3⤵
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5488 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exeC:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=5488" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\2024-04-07_1ec78ac0898f63c64eb19b0475e2322e_magniber.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5552 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exeC:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x7ffb7222ee28,0x7ffb7222ee38,0x7ffb7222ee485⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5408 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1596 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:10836 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2180 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7764 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7444 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1744,i,13635918389281439149,15530338254803204291,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:7364 -
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe.\bin\gldriverquery64.exe4⤵
- Executes dropped EXE
PID:9340 -
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe.\bin\gldriverquery.exe4⤵
- Executes dropped EXE
PID:10092 -
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe.\bin\vulkandriverquery64.exe4⤵
- Executes dropped EXE
PID:10408 -
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe.\bin\vulkandriverquery.exe4⤵
- Executes dropped EXE
PID:10004
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2176
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1584
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:2676
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4852
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4776
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4232
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:1948
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3920
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:3576
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:3068
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:4700
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:3088
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3568
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:2320
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1760
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:3620
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:4688
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2468
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4940
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:2136
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4516
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4680
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:1844
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1196 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:2080 -
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
PID:3584
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f4 0x4681⤵PID:7332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5efac0ce32467f58f888902cb76684ce9
SHA115d64601ac3ab5d105e10eb828261b9b3745b33b
SHA2569eda7e589512879b206d3dff7132be4e3e78ad790b7cbbe192e0eb26db5ce5c9
SHA512110494503a3081e96fd1d48b19b6d923c2e5b9ba60f6438821590ec02a1aa7782800a5151c34b40cbf7b7a1ef184877fa6bf30adcf8a465ecccea14bedd93eee
-
Filesize
1.4MB
MD513e202472245638c5a7da3385b946f85
SHA1492ee2d08b130fb7c3dfff88aac6882f44b7e475
SHA2563a62aebfac0fb8c79505858d6833031ad93e8241addc2f787c7441b695a09fc4
SHA5126f2393e15937376c5d3d1dbe1ed49821c5bc25bf011bce634b3c429d122e6c44f9267426b129b6ec5e70f592a7fa59e1f52d73962204bfbfd025c483f1cb7569
-
Filesize
1.7MB
MD590224d5d5d99d6e1e50dcb531280b78e
SHA13d23ff5c82264108589e9937af929d40eb3e2279
SHA2564e53eb23fe539e5a33b8614cdef770218a3bc723014c7d3ead16f312a449b4d8
SHA512891dd98c45c5523673a7879dc96bc917a80a7b1f119954f1999854636e251d5ff5ed253cbe9c3cf339182d24add6d4c35c82c803abc6d207337d2aa0e85f2e51
-
Filesize
1.5MB
MD5e1ba5a2564779875be0ba6d6c25b9fd9
SHA101b69b498ee6eab84fa64c78ca3354c690544d9f
SHA2568706deb6bb0c2c33a674b18c692b6b1865c6c632cd5340fbc46e9ca009d03d4b
SHA51287f64cc35840f6bf08c4f56ac97799b6ee369883d2d33b6b57ab4abb4bd766881ab76b6f34db3be58e10242e409837ed664e3a97888db9640e44c634d01c5832
-
Filesize
1.2MB
MD5b3082cb0313a1855b506610a209552af
SHA143f1f276c5f4cf061a1409796992ab4510e81e3f
SHA256fdde705b0b508e9b4eeccfe4e41ce7fe36cbfd2b1d1855948933fb1ab6713f6d
SHA512242fbca2bfbc9fe4268151ec3606b76157db8fd06a5b6dcbd4c1b65380c7d6cf8cf9fb1fab0e1c885e6f10f73df38c93cbd3f063e1db0de041bd21c47062598f
-
Filesize
1.2MB
MD57471d981e5eff4d1442335e5fc078064
SHA108d762592b36916aecb5f254f6d8c3ea0821cacb
SHA256e847ae4ffef40a3f61e19f1bad5278538673dbdfee8eeef9928053622a538248
SHA512d83924c6f06122f8f59fa8946fa77e257322f5641e4ce9a7bc4fe0b5976a1ca0c1d842a866e8218150a543a8375677314c01b4b4da62b6a80af2c580bb8d25bf
-
Filesize
1.4MB
MD5debf954ccf8727f9750ba54f8f97974b
SHA1212e7b0cb9fd7b509ae9527234a23aabbac228e7
SHA256554bb15ca0c94e1622715a266d71789e9ed0fb05a0d8d0163b46649966db4bae
SHA5125361aac2253615ca0468d9fcdd15c514e6d4e4c8db7e0fb6f265f30ef656f3f2907ccbdef761a91c8643683bc4b0f99b539fe2fd395d66050cda2d50fdd4a968
-
Filesize
4.6MB
MD5f2a86dd04397935c3827e1f658c7d3a7
SHA1274ff3db1846994005d519ec2c4e42db24794476
SHA256ce54141e7bab645ac03986c6bb9e3cb33d9cc6e3efa88990da0cc9ab39beb4f4
SHA512227e9298bbafe1f062a8a8edd779684d720c793aeae2cec32ab0f30af9dd150870839a4765e82a0705d674bea72192ca889d7a8237f3af56d479a78f224e340c
-
Filesize
1.5MB
MD57008bcca68a1357e8e6a86063dc60f74
SHA1e952dee27baa79e76a3d430ada5942ebca7ae812
SHA256dde1627d9ebbf88409368dbe74bf41b853c1218709bd2bc508ed3e2a58158d59
SHA512a1b64b3a09e565aa7271f84cbdc1d7b136063f965a282ac244235798cf08fdd05430c68088bb3b158d8b3b9c7604490424ff89581b2c5c5118f913e3ea6d290a
-
Filesize
24.0MB
MD51309f3d02e68351240dc5f39bea09d7d
SHA1ce64d3d9ec351d01f3f7cc6c7b44a245385cc149
SHA256ba57add183d3bf9b411633cb8b88089edc294b77ad879a297662991b83eae736
SHA5128b33e97a25e6bfeec4d5686b5a1ba3ad26fd407dbea26ff386516d27398a3ae58ceecc41520e96c39bb905ced09b5a9c069d50fd3b365093d9ec16cb973f022e
-
Filesize
2.7MB
MD5ff71db12c6946d5c105cb8e421abd962
SHA1cbf0f6687dbadd8ec133bc8e20e8c3eb5e6ba178
SHA256db94ed8c7721e4ec7342572e1be7bf896a20fa477285dcda2b38c627329223cf
SHA5122baf9b776246c866e43f96ef131ed7ac3124d8dad3b86f78b537ce00f5a4746217d986e56a7493015aace2a7ba1d6f70cb71fdf27d31b7a21a81112cdf9bea13
-
Filesize
1.1MB
MD581c11e5baf4e1c391a44ea38acfe93d9
SHA1a9e49f8251a2bb4c71b34edbb2a0945f0ad9462f
SHA256fd2c36350362fe67e4a653f55a0e1e053787e7bd960e24b31d750763357cb275
SHA512279709f6558899e518df11a9c6e9fb7f976284f6d0f87da4412392e10f987b8c80c64a70ff8a4a677ab0a5b7ab2fdcf8c3068249b7ef083f193910cd5daa5fe4
-
Filesize
1.4MB
MD5debeaabe57c473b30d745a4d948d061e
SHA1db1fd830347ff843abacda1310b8dc5d4b28b181
SHA256edb3d3af24faf7fbbcd06921c49d08371fef1cc3de8c06db1e6e082785ce0717
SHA5128e3aa37f32bfbd495f40838b0df4398ceebe86acc211329a12a0dc9941c877d6173c8986d8e911492ba01f938f971921b4939c56d733e93b6ce3f183558243ac
-
Filesize
1.3MB
MD5ffff009710b02c68eebb927e9975d145
SHA1fa6fc1d283503713c5b259633fe11b724bd962b1
SHA2565f1ab6db231da8eb05fec9f49c2895133f11feb66c6303d67da1843004a9d52e
SHA512c89f816277a1c9ed09d922448a028aff750a2fae7b757d3ca6cab809d813d9f3f8241e75cbfc53bef23e36c574d8ef8bb84d561713dfe2b3239c347950ccfe7e
-
Filesize
4.8MB
MD5fb47f4d034cd8e3b7ac836ea16e795d5
SHA12d30559daf7f3a6bb2f9e40f5c6ad66a262e5bc4
SHA2561bb0be4913d8e2751f05cc39e016e540808a6a6def08a8eff563f6555ff3d483
SHA512078d3bb3994a646f914aecdc35f5f91276852a31a0f7d31bf26568e2b0d0cad92684574ea25890e07d7bbadb87813239413b403e23263c929a820af91ff2aa92
-
Filesize
4.8MB
MD512203d3c0123f8a0503900ac0b158779
SHA1f08fb785f8ae6eb3aa7a99f2a6c97f74864b8e77
SHA256fffb512772ef64d06c4eaeea6f70623e9c98d4edb4a2a0ad3eee233ad23e842b
SHA512ffa60e7d15466c4e3ffc35590594020132352917d34ed67da65a6e99ecd635a970b360e0e756fc2f303ecfd07f864978d603bc0115a6c9fe35c6de2c0f617650
-
Filesize
2.2MB
MD5266d36d72c4a169943fe0e37bae4768f
SHA136884cfb469fef4fc4be1f06de9da2c14c637eb2
SHA256c0d068bbac19149d128648310addcd44661bc41634e475bca02fec21de9df9ef
SHA512aee6837a8b7f61dc701c457e66e69b077b8bc8dfaf9329684184ec4737c6b5f1dee644d4f617673e21f9fa728603b0013821b6e78a99be6d669caa5433f66627
-
Filesize
2.1MB
MD5da0fed362a7019923a64707b1f63d64c
SHA1f2b523dc1449f4a0c798442bf3e7035a62375897
SHA2561c199b58863be5284286c14ceb1262d179c515c9002d37e7f03d5ba6eb6e5b0d
SHA51268c3a48bedbfa2e1703a45b748c2f2b450f0f401b168de9ee571f338afa2b604e5f36fddfa7ea87165c0810f6de7378978fb9ac889ffc9765db55027069ac17b
-
Filesize
1.8MB
MD582e8140449dfb563e95fd40346af45b7
SHA1a5227c5bc8c17cca92f72f2a277e02df90cd88a1
SHA2566814f165ab49d840490a7faf84ee326cdcbe734bd4f806801bc0fcb7ff688d6c
SHA51287e129448e5ff059ad5ad7026100d2af50ed94c449adf4abd3194440b37816978d72214a56896220c526562bb2e48560dc5517de70096c314e06fa0ab3659979
-
Filesize
1.5MB
MD5306d74307863e6158c5238a808110e06
SHA1dd0d4eebcc594c3dc5c0a9fe2b795a9105f414b9
SHA256a5c880f780eb66c46e398560a67be1ce96f1778dc0c39893e4ffa303ccd96408
SHA512e2bedc29a12b45d2829a07620ff4d283dcc210f4871a87ec3ae86f0fc070fd658b9ecf8dfe370322dc9609c7969d03b09d5dcc36b17890f194b6a885da67b4ce
-
Filesize
1.2MB
MD5f7771a4a4b3b5e4641b2aedd12de83f2
SHA1ae3f0785104a95cb6bf529b6b68cac1aec1ab9f6
SHA2562cf7dc2698991b5da945cd07d5781ddbdc447e53e5e13c02e03f693cf027cbf1
SHA512c338d958d992fcb522afe20dc731d64a080a170f326f85d8a09eeccdb42db80437a345fc4639c13ad5ba6290b722aedaf51f4704d900c90e3134d4378cc7473b
-
Filesize
1.2MB
MD511072bd4f1ea6be3ebc8e508d28c58c9
SHA17761684c0557b4f10d9f2aa23615db960335a099
SHA256a6175907b982cc990fe1a201109c05fded777a3703097b7f2e697ee1710d8a20
SHA512a27d2f8510c400594ee3626c9534328aa7a7ace3e09d43a9d1182e1fa26530d35338bc67ff67c111edec348a9bbde337e1e92d46ed7a7b9c3af773719885c887
-
Filesize
1.2MB
MD5816dc862e7a971f19fe7a7632b8cf3b7
SHA1e0c341953c157eb056497b1cc6604bb15b855c3e
SHA256dcffaa5b6fd761744c759ca00520ca678e869e1a4e5f46708adb94bf214f03b9
SHA51216601fda98abb625a95e0b3c62a8673b0df9c41b519109a3d1576daa96df6bbf854f9ced368bb662af225252a6f67589d2943c3afde13119694428ba03a96d14
-
Filesize
1.2MB
MD55f8aa6ba4b3b0b5d17dd64c6568253a9
SHA132fcabc99b958d3a067f94f52c0dcb7b2497a748
SHA256df9e7e456d1f919ccc857e8ea5e9e0893f77293a249f7237d9d0a58195c16ee7
SHA512509f6cd7f91224b870a780f14191f431800aeaa1a4d2fa059c93530ffeaadcb390ac5ccec608ec575b117fc2ede2c47e827322b3fda762ea38b77cd6f4fd364c
-
Filesize
1.2MB
MD58154cc173bd4be97d2f057cb260c5f67
SHA18e60055122df2dcdee224f467b65aa19c9dca289
SHA25622722e043e62fb226b42dd7d2efd71d957380325e689dc49f9d9b44c26c806a4
SHA512cd42e98ec53c7eca1ffa74a9cea0276873efce8a8db9dccc886401e5a0ea002efca3dc2a4235787edba273f5bad19fb442279df2cdf246e1d023558e9ff8d804
-
Filesize
1.2MB
MD54849b28e96954691169aee2e1ae7ee8e
SHA1c7c9a63d2cd64ff656811934ff1145b4ea2ee183
SHA2564b121c494ba0cd14003d523023c419e0c9ca0474cfb5dfa343b0d10568fb8019
SHA5123ff9f4e75f1a33d240b5c61301500c789dc05b0ec5aeb365bcf50f10f0ffba67ca47701cca5bafcb0df82e7b2752870948d4b78cf5add4590418c9442ad388de
-
Filesize
1.2MB
MD5b94e7a2526765958120b2c6adbf2ec96
SHA1f8ae75892ae78deaed1fdbcc277e54a3385561a2
SHA25642b8e350bff0126a28acc3bfdb8c7604db4555b707fac7524a6617f9e21b2cb4
SHA5121bd727646ccabbd315e11931fd6e3fa0cc2fdc353f0843af5f39a43bcee06cd6aec522de02d76e9ac531423a50940c81ad75dde668bcafdb0a6918bf3fa81a41
-
Filesize
1.4MB
MD5c211f95d2107d01232efd3bf5345bcdd
SHA14dd0b2ab15a007fc19565deaa52259ed4d169876
SHA2564d890f7f9d806b583a518f0dfba95b627f2f9eaaa3f86a2227d78b1ce76474e0
SHA51296dadfa75540eba1683338673c8cda954dbd331f168684ccaf3ea6a37ad5b014706532ea11dce16e74cb92308ce79457fcc2d968306abca915d9112eab654e3d
-
Filesize
1.2MB
MD5cffbf35e457b99e7e3ae4a204d7e7dab
SHA1e9fae35357d417991b82af705c7e56591294f53d
SHA2562806976592cf59b24695257c583e21476d16f2234e2b812b3428921c1099e230
SHA512243e0a33705fa71f32c93a90e9998d44cfaadd80cebb6b79c3db8cbf33da3f45a3ed20d28956dc0d12f5a66d2038252ef9262d22502b81e67fe195fb7ba015c0
-
Filesize
1.2MB
MD5a7e5d7cd897f06d3fd88b5e6c787182d
SHA1925231f94ca14b8ab290dc53622ac22a972e29ed
SHA2569892358337f613bd2d977e1b460c535831a3af7b00aca3e59ce0d249cb0187e8
SHA512ce87a6ce18609df958e4ff21784348a707bd0a340a251c2ed4519a6021645e2976f9f7c7b4fb2e96bc9f704ec359adb9ec2af0ead5aa09c1b05d0fabab4e9ea7
-
Filesize
1.3MB
MD5eaccadcb7a6cbd9db4e8c5ec41998f50
SHA1038e890eacf649dcc4d7185e9e7dd20c1942621e
SHA256457ccde0e01dc70a2214ffe65e7e7ac45607a42e8b21e9ff3eada40db332c07a
SHA5123822afad1884057ff28202a41bf38b32f9a651b4576ec6a88a48e862a56f97be75da3ccc18ab84290d670aa7dfa302cf2496ac4f52ce269138be52e5388c3ba1
-
Filesize
1.2MB
MD57ce7daa01e57050013a03bdc3d9bbde6
SHA1a66a403a3a6857d63c0e13dca6862ac1bc037f88
SHA25634c1cf21ecfda6020d742e317039f58c228eba61e0c7a4aa3318d817e0f91c8c
SHA5122751c38317f9f70b9e91bdbe6b7f7a2dbbff774c76a92dd2e7687b5908585f743fbd66d10a713071a562c70c16c0b19e536e00b4fbbf8925a2ccd3fdbf378033
-
Filesize
1.2MB
MD51a9882fda4ad3acc1e6c95463a9dd685
SHA1c0f3decc5aa609ecba51ee7c8372898c1d5a8b36
SHA2566039eeaaa79a56a2146efbf736ab3dbdd63b8948cddaa7d20ab7a36af84c0833
SHA5126fad8533af301cc8a7d9d0a56ae56f47690afb1374c361787e6afbf8ea47ae54f477d1426aba0cc2d7761c33e0b7ea02a0ae8e88705897dde89a24011f090db4
-
Filesize
1.3MB
MD56c9c28b8e573ba862ce961dd20b23bcb
SHA1ff57f05cdd24a6cb7fd20f5aa7d04c8c94d2f05c
SHA2566bc22f9f1e8e8c725277082af8566e2acb1a2fe35ad9cac0814b037f93e087aa
SHA512647b4a671b8d37a5a2f934144e5db4c025a5f230cd84a63dd32de3154dde322daf83ace62f4fb2eda114335cd7ed2abed132dce860195d9199b1a35f25bd705a
-
Filesize
1.4MB
MD58f2f216795fee2a7ec57bfe959ecf7e0
SHA1ae1272ee6994deee424f1726f6c087e0f9841a52
SHA2567b8f91542b2a8159141d9bdb90f715b59ab9de90db5f876b90c6b14223ed477c
SHA512fc33d372bf689b9eb47881a9f0028ae2b7cc681e64274eb69be518004d451254cb41608d628bddb8a4545258300b9c4dd53559c3970e164bf017b4af7e0cd002
-
Filesize
1.5MB
MD58b93074ea45fe76fc2ce77ecfb670697
SHA18b1aaea79171cd77ed190e23d232215bcc8101fe
SHA2565ec88305a5b36c4b2144b017a93205981c1e495ba4d691ac5b28cf8aa2f9193b
SHA51231a80726898c8a1f4ea75e18a567548b987378c557629d42680cb61f17402af20dfee1322e431b3440913bd2e69a1eb0da599dfbc5a0fe560954fac2aeb5d3fc
-
Filesize
1.3MB
MD5abbfb729a06d3714b50ed8dde622eabd
SHA181bb4ee1eac61a6e3f56a8f915c743e7f0845069
SHA2567bb0a2be273ab0a514779c2b8f6245500154c89895e91fc9041aed6ccef5632a
SHA512a73d2d61327562fb8935006451e7d4ae83e71795305e36cb10934d13744a41261f4cac7f21da222372c7cbba24b74e02e8c098315809e9856ca97e8cf4c59dfa
-
Filesize
216B
MD53c41b09e10e0e54b0431f56ff3429270
SHA1237370fc3712d338b618d9d051afe4203958ff12
SHA2560682184a9b5f6dd9c90b400b618030a8ceb33d019fa3da0f4aa17973b74fbd57
SHA512ec95e56a2cea2f77b27e584505a5a778cefc585789fb8727edf5675233fb4fb928b606b22fd552236ff1a7a7004d097ed87b5a31a1c46bf72936d7a36e09a162
-
Filesize
48B
MD5402c3ead80f39a55d453be2125b6b1d8
SHA13eb63f8f02faddeaa480d171f7b1e0b0f140a32b
SHA256ecdeb5a7d9209dbec7e50247dd0f4e90309e37bafff1fda70b48fac06fc53be1
SHA512d21b4ca26ff18766409c7a0eff882c72a79518d659ec016053b859f33437f09cec6f20257f9073aad4e65210d7b562c4a211ee3458f72371c2b55299bcc96268
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
693B
MD5dea4caed5dffa473e7443ba0c84c39cc
SHA1a6965b25a962752da47a7f20ed9c124c11cc9a5a
SHA256d91877c64b9f5e3ebc32ef9b8a038607def927587be649da5358b72903c87cf5
SHA512e77c1664163158c89f7c07c8cafb871cb1e61b2805855ecfb838cca1139dae775bf4a0582d0b2d1e0c79e557902f8d12b3cacb60b3a149069c355b46406643db
-
Filesize
484B
MD586608b2422c5b9228223a2a6fdeaafff
SHA16a7a9494d9cffde4da092fd35e54edeca09c933e
SHA2568643c37dc037f301505c7891fda41a869f19fc9338cabd34042cba5d42082a8e
SHA5122900af1ac084a56f23dbc1b6076bf30c385f776962753dd3de4357c008137e33e24e2640af76cb2966a3c535542e4d9d1fbd48f301d9cda7dd70295c2bb664b2
-
Filesize
300B
MD531f5d7ca5792f1081f45e08868ca909e
SHA1ebd8bdf1ad381773dd1d7cfb8876923751fb2cca
SHA25633665274bffbb2b7003b36eb6fbab01d3cd3e77aaf54fb180260875d2ae93fd0
SHA51247285f30f036545abbe74ee77e7fb8c0d369195c031c3694b2711142571bcda813f973cc420ac3c956ee7815acf41b37f86f69595de26d17dc4b4e02c2980759
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
9KB
MD5efb6e815a83a9222a7263e78209285f1
SHA1e178c8468d4e2ac9e66e7cd597813e6d85b30044
SHA2569d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a
SHA51236b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72
-
Filesize
444B
MD589cb2bc5ccdab01b0653d4dbb3d6a062
SHA1afb947fffd5f5f3723e0c8c3b52cb8cbff406ee9
SHA256ecd13153d9d438809a38de30f3abbb0f6f92837a7e3cacb442a9a9309bcd78d9
SHA512e5bef83bfad930e2b68720e00d450aa879619dcabcf8d96f9f8c47636a95a9662bc91b04cfa9160081d8af79a1257b75647d89677123f28b8c609808d5b86653
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize6KB
MD55a5715177822e69c98aab578421ae78f
SHA1175ea27d6ef6df27fae93a724c94b2c770f78205
SHA2565afc5816946e0d7b6d57a99a60be71d9e88670d9a63c18e249c9266d8e95cd2f
SHA512b11d05dff7f9ce55c2b30de82709f5aa9b410734e1b88a6879e3489394a5b36a27389022de0a741a16f70d0639439d4f75942c3fd604567d63b9ec229d86b331
-
Filesize
14KB
MD5c4e538289a4c12da96cec77e7a3e36d8
SHA112d57144c0e79edbabc8033a9bf22b1720299f2f
SHA256c7a1b0021d1f943e497c592d83050ac85a3b93aff732f9b94cd26d9c41b37ca3
SHA512db3eac8c05b7277a6ab9974c682b20350705fcf616040204bab053d98cf193c2d6fc416eb571ca67f7e53bda59ccaddc0351bf60310a64dba2d83fd9aa539ab1
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize15KB
MD5577b7286c7b05cecde9bea0a0d39740e
SHA1144d97afe83738177a2dbe43994f14ec11e44b53
SHA256983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA5128cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize92KB
MD5323181f4e9013b8b341897abd322e56c
SHA185e2e4a5d38c515185415bd4aa8d24f32d428fa2
SHA256e0ce36b93ae67846424364085ad79ee24fe5c036e5f6a78a4acbe1583f22daab
SHA51224fc5c82e25f2ee689b0888c6905f13ae74037e8db06a39b247d525071c858e8a284600dc5e33f006a2657d04c0b045c146c2af0951c7ecdceec34082a95d004
-
Filesize
20KB
MD500bf35778a90f9dfa68ce0d1a032d9b5
SHA1de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041
-
Filesize
48B
MD5bd64c051ae2410eef96839a3cb7297f7
SHA195a5b0455d69127fe50e396153c795d9914ce0d4
SHA2565caa5fa3e79dcd8ec5ec20256ed7c77efaae77e0ae8d89e4a974c484cb177d84
SHA512ea2f76c8cf5dc2fd15017ad9b942d020c3ad5ce1cedc2a1604137ea02f8411cfff4166ffe93c101756b404344488b304cf2b4a71c25b2929654dda9a88a88793
-
Filesize
47KB
MD5da277b7a17374bde018ffab02015238b
SHA1ceaafa1a1ed7d2101ad3c2884159364aacbf9dcd
SHA2565aaca90948de8f7d11264ed608a2f96acba061e6463d337d658b00ed1c552449
SHA5125a6e542ae9938f560d40348ceac663feaf889a6c990efdcfbea919531dbc34771fe2f0f366ab7adc15e998e5ed392d80dad78a8392f11b9c8fdf2c67f0431a53
-
Filesize
64KB
MD5be3a210738638c4f33aa7e01cb475e26
SHA102276a10cd77cfd57e4c796c45d69d526f8420bd
SHA256fd2abb8945c06a6b9c5444baf6ea523b52bf7a03a58b34ebe0a6a110630ed5f8
SHA5126a11640800df51a8d88ef4224acd39cbb051dcdd6239bee82575ca11772a6a52e40c6614af3ea61320d29b4f75fc9611f6182ad2a55d7284863fd38d89631feb
-
Filesize
1KB
MD57ecf5b072a3c49209af4710481dff5c9
SHA16b49560eb27b2d7cd169c066208d4fd3a4863f3b
SHA256f747d5fd27e74412be05bb376c0ff12fcebb7f39c158eaa89ab6a0a9d92ef3b6
SHA512ec9ed9d824471655a48b48324a023a7231560810f6403f0ded04af35b51dde4dcd244bd4147570ac9c5cf0c841af33caaf8de7d60cf20f6fcbedbd1717d6d262
-
Filesize
23B
MD5836dd6b25a8902af48cd52738b675e4b
SHA1449347c06a872bedf311046bca8d316bfba3830b
SHA2566feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA5126ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80
-
Filesize
33B
MD5dd542d7ca2128ef0e7c3411b5ab9e8d3
SHA10a98ce0efdb5fd75d3c697f06f3c084d5882dc49
SHA25677f0055faba992867817c485930c5f60cf64e65c65b410128426dc35fd8d862b
SHA5120d0c1801d0bdf69d2010b0e26ce0a156fa50baaa0370330bdcdb879cbd09a6146d7bc89de2d5ea6f3615123a60e1be87def44c07f92de24615974e3cae2cab85
-
Filesize
2.1MB
MD51ed17a7d11da47608f99d98a8d249e6f
SHA1ea3d9e0de541be2a346e93e63286f0265ac302fc
SHA256a24832de8b80e206143170a899ab91e76e85685aed74963fe2f490344bbf6427
SHA512e423be766c3d615dee6f3ed8b0b7bb5735ec13617a93f6f5403a3e7c4c379b9ab87e9fd5f0c9fa9338f656e321488d0aba895ac9f77da413e27473b2218b9ac7
-
Filesize
1.2MB
MD508fba26287cec928ad1bf92bd11accd5
SHA1fefbe2aa58c06e819c2d250e33e1673eeac30b1d
SHA256f4e5745710a203e97e002942fc58961fea99791955d170ce926bdbd000e83896
SHA5128a2449d70f1d2e3f4e9b54bfa6ca58ac7e8ef57e735a0411f6510e3ea1e99f50fa533a858df2cc45ad4594c45880ed063ad8526ce57577202d8b9eec79feac31
-
Filesize
1.7MB
MD5c75f4f7a78168cce7fdf384284ef1c70
SHA1ff1c4340b3da6134854a38831740ee97ce474a76
SHA256850452adcaeaf70f47e7ed140bdbeb6cff0bc647b34b496f5e6de7bd0033cdb7
SHA5128d1bfa5d4f6dfaf939f727d1181fd2e6b41a51557df25ddd5764ac7960d4c9e4bd39636e8cc8782ebd7c3a75a065772019f8640935ffa49a971cb2b84371952e
-
Filesize
1.3MB
MD5b6f186f4fa40ffdd288d93b13a74d47d
SHA1d3ef148bc6799cc1a3cda96ecc6ae27d471402e3
SHA256ac3398a2f743f1abca1cc69ceb79eb6a50f43bee97d710c52c89bb06db68aa12
SHA51240d86e29b704f1af8e6c19d9cc452215427f39431e86a6705c6dcf7f1a75f42cdf8d816c8b7b7c06266cd46a447df90d3164baa45932215d66fb5ace70ed8883
-
Filesize
1.2MB
MD580db78d910f2d11ac046ea4e9ee65afd
SHA1090e75aecbaaab01ae2d71859492bf56e1c9173f
SHA256b27538a5d0942d8f8581538d6e79c21a3fccc0e0df957486839c5cb00e23b080
SHA512c096d388a625447c4952003ca7f7aa63282ecf802df13b55042bca8505ab1c5631462c5be49dcce69f15eac2a284ead1caef749dcbdf5182a91786b3bc730f63
-
Filesize
1.2MB
MD5b46dde5a0adf83b046be4890a9f071e3
SHA1b9b0a52991b1a84727ea0324951c8850b852aa99
SHA25657788ec1886abba73d95af33704cdc3c417413b72fcc1d78c9d7c3fe795a0d6c
SHA512e6e9f31c17a7f80ff09f1bb0a82487d69671e3e7edcfb032d43a7450abeaf13817421a674d43aa784f76ebdfb8abe2925859715d67f23f4380cd0409218995a3
-
Filesize
1.5MB
MD5dc5b0872d9e03a5bf5efae53b2964038
SHA174f114841ce32bac25429c68f276394be8a0c1a3
SHA256655d9f17e28d7c0b64b77d6fbc9f2b517424f5e0a54170e2e52ef8d2d44a4d7a
SHA512b64a58b6ef8ab26d90de5c3956c18d29d7608c7d087802c7368e3202c2f2c0a8d6aa03b7bba72342680a8e2d2d83bf6d350159179f09884f5c8c6be4aa04c1cf
-
Filesize
1.3MB
MD5eb3224878658ab97c68fb9680cc1cb52
SHA11550f733b75a9180b9e69686d1919ec9aba5474f
SHA256805bc2ec89f69a44aee8bd7d424bbfb2f85eb94a440a38e423b83d903538e2ef
SHA512a58c2ef7a57c88a12454e40b7d6170cbbf424956983ccc35f7c763137c99d3e1cc34d5c663c9ad53360401b36818eb5eda8c71cf8c5bf570ee30febaf7418cae
-
Filesize
1.4MB
MD5f4dd337a2f65715011b10572bc1c1c92
SHA1b4f04530c1e03253acb679819a0a8843fbd3f184
SHA25616d5db6c565e644d0fc7801b4aa2941558e559bde99f90b3d0a6ed99b4577f55
SHA512ea04ce8def89f63cc44f2b72bea7cf50fd6384d7123db49835d967d26e8f4fa7cc9186ce0c98e651611463455a0e2bba9c54f8b2190de6edb376f4101cfac613
-
Filesize
1.8MB
MD53add7fbea0d6caec9025945dd2fbc346
SHA1f14487c5ecc2776df1ad61adad8493ef935bcb9c
SHA2565762c5c074122d3025470c159f339429eb0df0880b87ebc58a502691ef964251
SHA512d05495a63a0a62f6e98d5b162ebf5a0709e4d1c8ef1fc42582bc1f1953e2b36f2ee9829a32e3b82075adabb101452ca5b7306f0a0ea962c241ada1c2eb5b5b73
-
Filesize
1.4MB
MD57f55b20ee5efc331fc755ba28d0ded53
SHA1d3c260d80f189fe874a4ddc81a55ef7931eff5c5
SHA256b7e20b7e4b16c35d16cb1084f797d5cb380d40924a567f492ef478868546d6f2
SHA512937d98a7639bd2935202cc5a726419550839763da1547af147c916ccc32d7691844f591ca2541f14b2c8982de5480554c33f9961d7e3c6875abb29f92b29af62
-
Filesize
1.5MB
MD561618100317189baaa72da316908d3f6
SHA14bba1f2253c46ab901f8f9b96aea719e9930b4ac
SHA2567df4d8e1d1cc23cb9a61908d833ffffece6231b6e2bf38e62f7818b73034a369
SHA512b593b4e20d40b4763cc31aa6a7ae1c5c6c15a6716a22194fd80f9dd957226bd71a0b589b8ca2420556082c693187e19cd530f925eecab9d27153b2ef9749aeb9
-
Filesize
2.0MB
MD50e1731266824f930462e1a1dd6ce96b8
SHA133ca7d2d61c89a39977b040cfe39ebf032b095cc
SHA25643c72b3ac88a6b52d82f2279188a645fb9a5591f6dddc39c9e2d2a045e2d40ce
SHA5125a3bb94a085e983bfb241feecf8b753347ac599432aacdaf94fb32481dbbc2b6bc8ef7c4ca2c1b761c2ee8037daef4a4fb36c7024a56690989be240ca9878dc2
-
Filesize
1.3MB
MD5b9abd6b32efb6697618308cad50adefe
SHA1654d4c86be1ce07c6fa53881fa0ab3153f720065
SHA2562f55646350ec2c6e70c82ab4fc625d82accddce95149974d46c208055e248430
SHA512d85509d912d2904b140394925d135017d8756340a14d4816302efb5b065d4dbb062f28048307941c725289d60787b53b9dfc4cb7a20c40d35980bb412b8c8f74
-
Filesize
1.3MB
MD5a2ad8ea6c1d0ad0bad369df40284a503
SHA1af6b237dbec9bdfe40c8e9ab7386ce8b80760f52
SHA256ca0a060f0ec0c5384c5cbc86360b495953d0577a26285235305eaa9c0d4a1236
SHA5127a75676d2edeef4727e4c6f957b253ac12a9adb4de49118e8636a419529351662b6f5cb98f6322ac7d938af327a0a3b3b40ceddddd0f757892ea01f13f0529e1
-
Filesize
1.2MB
MD59a2a6f00fab7f262929178c4bc9d3222
SHA1053c97c4152072da0e358a295d308fcd600d3a89
SHA256112a2cce3f25b993536640fdb019fa686f2e35fae78eb82b536b2ec162b9b0c2
SHA512af136b6364f2fde45599b6580c58292ba29171da7f3d8226b33bc48dbd1087b0cd4c75e8758930b1763d598441e540d8c6b2356c7374a1c682bfbc41ecff92a1
-
Filesize
1.3MB
MD5320f9bdbaf9a162bbadbddb15d2a3e1e
SHA1edfa57bdb1797f58eef16673663e23f9ca370627
SHA256a848aa8b194dace17ba7952035772105120ff42ecfc3d1a24ed7eb893b47e751
SHA512c3d38caa8111871f9372166ed8e597b57a294f619d3eacf65b175fbf3484b59d0b58616e820a3ad6c277140af6c0f6bcfedff566b950409d4a76b17e8fd18929
-
Filesize
1.4MB
MD50673699b9f93f2517dcc49c9ba0c9311
SHA16a1e78d159eaf71a6010d6a739fb4191f1ac4c02
SHA256ef29fae4b1f136df49724d476e0b763553b8110e8558542fde67835d12a17af4
SHA5123efc55bcb9ead80fab74ec6f55d07a78195638e2353ffc74b65875171e3981736908247b18d151663451392c6a3dd070464e4acb983f9048d4f0a1b2700c17d4
-
Filesize
2.1MB
MD5fe03d8b0a2c75ee3b43fe251948bb030
SHA1deca12861ffcb37f8e1147df573e4c85f7135e72
SHA256ae6faea54529bbdc878d307b5b91477b81496ebbd44588db04e6eb3b15f4a436
SHA5129cf85314170d3651e517a441fe3b0db385beef00048575c55ce6fe9daa0607b1c3be7de0b90b88b3c1a0a17d884a93e03f59c93453266bd2f61ed43aa77bcf5d
-
Filesize
1.3MB
MD57b3c3f569b25a026da6716df91cc7e23
SHA137972b11e2693edf74e1b2ce54f41ec192483171
SHA256f1c5b8512ebc3bfa57ed11e250f22f942f480f438d95549b911df761a431eafa
SHA5122bcdd2b522688d4c5ee750314b73d88505b7608b5b66f840321d42b94e473685bb1abc8c83251dcdfe759eb0663e8a453a283f99ca78ec7493836c0ada0ffbd3
-
Filesize
1.5MB
MD52107e01795e096b4b183b5925697ef57
SHA128e18a894b6b071758fee613c6400b54163d32c5
SHA25668429d594dbd9a7f8be8fa3d114eb843fc07e2c9f558a32fc5be17f146182cab
SHA51208f31eec60dcb138260e95d98b391421acfdd4e486d53c356048e80f982cdd32ca240c6cae357c85bd1ef5cb463b137b365e581ef5d243cac6ea9317f3a9e84b
-
Filesize
1.2MB
MD5ab45f8b967fb1f1f6122c07e73d6b9cf
SHA14a815c7c223e77351c40f5fa03f768634604b975
SHA25603fef8b031f48fe0f1b9a713b02c72c6d4ab8069b282c6720924876206ce301a
SHA51241981bc152dc6004d9d55bc0d809380ee605b7c27efa61f8e9438a5b907446d50c8686f1108347b0913cb3afe049e3c0cb3b17627b79c7cf349c0f49a97f5e73
-
Filesize
5.6MB
MD5da767e14de33a7d54c9051f150237e75
SHA1c01ee4ea3136c1ccb2f400837c6f54bd16979622
SHA2561c80da0beeb503d0bd692dffb5fb95cb7cef8cc842d8be82d44750b065432f64
SHA5128d59de3ad5cc2696dc1659721ddac78b7538b7f627117c98d5dce81aec084c6d3f571107272d0a5443aaf597913a7a2380fc35f563f4fdaac5d1a1b9037fc510