Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 23:35
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe
-
Size
4.7MB
-
MD5
aab33557c85ba58681ae5a868881e1b8
-
SHA1
a01778d12f92e47081de63ce6913b2cdb10266ed
-
SHA256
fbed99453a6a3bb1916f2530dfcdc8a1cbb98180545914e5c5b9d92188e704d4
-
SHA512
e0c120c60218e299f976b379074bb0036d096979d150227d5e692c6b3ebb220ead7766851ed9b6cbe975d6de33bd9615816914d67f1d488dd39e1fd55280172c
-
SSDEEP
98304:yqJkdmBucaT57K3C4qJ31B0G0c5S2uf+bGhwmv5:z2dV7VK8tj0QufMQ
Malware Config
Signatures
-
Renames multiple (5962) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
steamwebhelper.exesteamwebhelper.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation steamwebhelper.exe Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation steamwebhelper.exe -
Executes dropped EXE 32 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exeSearchIndexer.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exegldriverquery64.exesteamwebhelper.exesteamwebhelper.exegldriverquery.exevulkandriverquery64.exevulkandriverquery.exepid process 868 alg.exe 1772 DiagnosticsHub.StandardCollector.Service.exe 5028 fxssvc.exe 1716 elevation_service.exe 4460 elevation_service.exe 3376 maintenanceservice.exe 4960 msdtc.exe 4472 OSE.EXE 1152 PerceptionSimulationService.exe 1220 perfhost.exe 1540 locator.exe 3996 SensorDataService.exe 4788 snmptrap.exe 232 spectrum.exe 4304 ssh-agent.exe 1688 TieringEngineService.exe 556 AgentService.exe 1480 vds.exe 5116 vssvc.exe 404 wbengine.exe 2612 WmiApSrv.exe 2504 SearchIndexer.exe 13588 steamwebhelper.exe 13552 steamwebhelper.exe 13288 steamwebhelper.exe 13192 steamwebhelper.exe 12952 gldriverquery64.exe 12888 steamwebhelper.exe 12836 steamwebhelper.exe 17484 gldriverquery.exe 7064 vulkandriverquery64.exe 7204 vulkandriverquery.exe -
Loads dropped DLL 43 IoCs
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exesteamwebhelper.exepid process 10448 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13552 steamwebhelper.exe 13552 steamwebhelper.exe 13552 steamwebhelper.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13288 steamwebhelper.exe 13288 steamwebhelper.exe 13288 steamwebhelper.exe 13288 steamwebhelper.exe 13288 steamwebhelper.exe 13288 steamwebhelper.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13288 steamwebhelper.exe 13192 steamwebhelper.exe 13192 steamwebhelper.exe 13192 steamwebhelper.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 12836 steamwebhelper.exe 12888 steamwebhelper.exe 12836 steamwebhelper.exe 12888 steamwebhelper.exe 12836 steamwebhelper.exe 12888 steamwebhelper.exe 12836 steamwebhelper.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 38 IoCs
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exeDiagnosticsHub.StandardCollector.Service.exealg.exemsdtc.exedescription ioc process File opened for modification C:\Windows\System32\alg.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\System32\msdtc.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\System32\snmptrap.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\f56206758ed1090.bin alg.exe File opened for modification C:\Windows\system32\msiexec.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\vssvc.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\locator.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\spectrum.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\SearchIndexer.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\vds.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\wbengine.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\System32\SensorDataService.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe -
Drops file in Program Files directory 64 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exealg.exedescription ioc process File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\Install\{6FB5F2B8-50C9-4E27-9F75-756369A42747}\chrome_installer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76312\java.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76312\javaws.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\7-Zip\7zG.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe alg.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe alg.exe -
Drops file in Windows directory 4 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exemsdtc.exealg.exedescription ioc process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SensorDataService.exespectrum.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe -
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
TieringEngineService.exesteamwebhelper.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 steamwebhelper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz steamwebhelper.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
SearchProtocolHost.exeSearchFilterHost.exeSearchIndexer.exefxssvc.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d8fcd26b4489da01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007bd2096c4489da01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003c5ff46b4489da01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000078c4996b4489da01 SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002f4ce16b4489da01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" SearchProtocolHost.exe -
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exedescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exepid process 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exepid process 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 664 664 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exeSearchIndexer.exealg.exesteamwebhelper.exedescription pid process Token: SeTakeOwnershipPrivilege 1464 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe Token: SeAuditPrivilege 5028 fxssvc.exe Token: SeRestorePrivilege 1688 TieringEngineService.exe Token: SeManageVolumePrivilege 1688 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 556 AgentService.exe Token: SeBackupPrivilege 5116 vssvc.exe Token: SeRestorePrivilege 5116 vssvc.exe Token: SeAuditPrivilege 5116 vssvc.exe Token: SeBackupPrivilege 404 wbengine.exe Token: SeRestorePrivilege 404 wbengine.exe Token: SeSecurityPrivilege 404 wbengine.exe Token: 33 2504 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2504 SearchIndexer.exe Token: SeDebugPrivilege 868 alg.exe Token: SeDebugPrivilege 868 alg.exe Token: SeDebugPrivilege 868 alg.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe Token: SeShutdownPrivilege 13588 steamwebhelper.exe Token: SeCreatePagefilePrivilege 13588 steamwebhelper.exe -
Suspicious use of FindShellTrayWindow 16 IoCs
Processes:
steamwebhelper.exepid process 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe -
Suspicious use of SendNotifyMessage 15 IoCs
Processes:
steamwebhelper.exepid process 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe 13588 steamwebhelper.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exepid process 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SearchIndexer.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exesteamwebhelper.exedescription pid process target process PID 2504 wrote to memory of 792 2504 SearchIndexer.exe SearchProtocolHost.exe PID 2504 wrote to memory of 792 2504 SearchIndexer.exe SearchProtocolHost.exe PID 2504 wrote to memory of 1420 2504 SearchIndexer.exe SearchFilterHost.exe PID 2504 wrote to memory of 1420 2504 SearchIndexer.exe SearchFilterHost.exe PID 1464 wrote to memory of 10448 1464 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe PID 1464 wrote to memory of 10448 1464 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe PID 1464 wrote to memory of 10448 1464 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe PID 10448 wrote to memory of 13680 10448 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe PID 10448 wrote to memory of 13680 10448 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe PID 10448 wrote to memory of 13680 10448 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe PID 13680 wrote to memory of 13588 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe steamwebhelper.exe PID 13680 wrote to memory of 13588 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe steamwebhelper.exe PID 13588 wrote to memory of 13552 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13552 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13288 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13192 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 13192 13588 steamwebhelper.exe steamwebhelper.exe PID 13680 wrote to memory of 12952 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe gldriverquery64.exe PID 13680 wrote to memory of 12952 13680 2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe gldriverquery64.exe PID 13588 wrote to memory of 12888 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 12888 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 12888 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 12888 13588 steamwebhelper.exe steamwebhelper.exe PID 13588 wrote to memory of 12888 13588 steamwebhelper.exe steamwebhelper.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe2⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:10448 -
C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exeC:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe3⤵
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:13680 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exeC:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\Admin\AppData\Local\Steam\htmlcache" "-steampid=13680" "-buildid=1709846872" "-steamid=0" "-logdir=C:\Users\Admin\AppData\Local\Temp\logs" "-uimode=7" "-startcount=0" "-steamuniverse=Public" "-realm=Global" "-clientui=C:\Users\Admin\AppData\Local\Temp\clientui" "-steampath=C:\Users\Admin\AppData\Local\Temp\2024-04-07_aab33557c85ba58681ae5a868881e1b8_magniber.exe" "-launcher=0" --enable-smooth-scrolling --enable-direct-write "--log-file=C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --disable-quick-menu "--disable-features=DcheckIsFatal"4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:13588 -
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exeC:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\dumps "--metrics-dir=C:\Users\Admin\AppData\Local\CEF\User Data" --url=https://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1709846872 --initial-client-data=0x368,0x36c,0x370,0x344,0x374,0x7ffebf23ee28,0x7ffebf23ee38,0x7ffebf23ee485⤵
- Executes dropped EXE
- Loads dropped DLL
PID:13552
-
-
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=1660 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:25⤵
- Executes dropped EXE
- Loads dropped DLL
PID:13288
-
-
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2136 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:13192
-
-
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-agent-product="Valve Steam Client" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --mojo-platform-channel-handle=2496 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:85⤵
- Executes dropped EXE
- Loads dropped DLL
PID:12888
-
-
C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe"C:\Users\Admin\AppData\Local\Temp\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --user-agent-product="Valve Steam Client" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --buildid=1709846872 --steamid=0 --first-renderer-process --log-file="C:\Users\Admin\AppData\Local\Temp\logs\cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1732,i,4099752451629212425,12076556204286913681,131072 --disable-features=BackForwardCache,DcheckIsFatal,WinUseBrowserSpellChecker /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:12836
-
-
-
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery64.exe.\bin\gldriverquery64.exe4⤵
- Executes dropped EXE
PID:12952
-
-
C:\Users\Admin\AppData\Local\Temp\bin\gldriverquery.exe.\bin\gldriverquery.exe4⤵
- Executes dropped EXE
PID:17484
-
-
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery64.exe.\bin\vulkandriverquery64.exe4⤵
- Executes dropped EXE
PID:7064
-
-
C:\Users\Admin\AppData\Local\Temp\bin\vulkandriverquery.exe.\bin\vulkandriverquery.exe4⤵
- Executes dropped EXE
PID:7204
-
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:868
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1772
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:544
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5028
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1716
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4460
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:3376
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4960
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:4472
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:1152
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:1220
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:1540
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3996
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:4788
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:232
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:4304
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:4420
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1688
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:556
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:1480
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5116
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:404
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:2612
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:792
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
PID:1420
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f4 0x51c1⤵PID:13012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD58a0d5d368a4e228f457c6417c7959242
SHA1c58d0cece6cb39896e1178cc18133765bc9f48ed
SHA256a0a737274311a4a38f34af912096ebb3fe0e15f76cb5b1e982662c2af93313d0
SHA512752236b752e2836584e2c76b682a49bb6fb9aafb89cce39026103f34a72b7fed5cdc06e3f1e90f4961c7f91d260b55537be18ad416f5e5cd8502b7cfd3b7f888
-
Filesize
1.4MB
MD5118c7fde5774b2088cdb1f744d8473dc
SHA1ce7a157580f16778682fd1cf847c3d691a478dcc
SHA256452f5c4e55e086a3295de22b6ce82922408c3b1fdf75b3097fc23a588ddef345
SHA51275fbd87d17d10c4eea0441a6f24ac90f9d0d45f9a69cba80f23fc40c9d410bec71943dd240797ac23c700a35abdf2c17591ac8820eb3864ac8d00e9f3478d947
-
Filesize
1.7MB
MD50df33ad9451a69de4702584efd86158a
SHA1c74682e126b132be9b4fb4d1b2a0e88a4e289e1b
SHA2561bd59774fc47877dd22d65c5a8674ac6673331cfcc0cbe8467bb18aa67658264
SHA512e944e78432961627dc6542477c7e4f680fa04c49a4753c1499b88ee9590d953ccfcc75cec190a495c9fe7364beb6d9256ef11ee956d49ddee64d2a2f70d14334
-
Filesize
1.5MB
MD5cef4b9856da9e9b688def0db67e8a01e
SHA18ba00c2da6341731f051a84d2f2a6f4304e9b430
SHA2565e7bba4c14bf0bbe05355c48bdf98b6cae00be8f9d861dca52a573a8a8e2ef8a
SHA512c94328f41d6c09220d307a98a0785db2cee4b65e4614d076e9978d7011fa48a98ec1e371373d7c042c8d14697767de0984ca772aa7df120655a26f7772d39b87
-
Filesize
1.2MB
MD5b603977cd604ae650dfab50a80dded33
SHA1ab80d4fb611ba6ff6753cb1ca5edb8a6f1595ea5
SHA25633a160661fcf339e96be9e7d0888acaa328bddc8a729bee93efa81ed74000c12
SHA512af770ce3d55e70b01495472acfb8623e058df4ede4700ec9d4b50275d5c0dacdcffc3859e705d4f909c5cd5bd47f7bbb971ad40f299dd52f6125a33adb539149
-
Filesize
1.2MB
MD5dfee2326ccf6815ff557cfb621a339f6
SHA1a8d06823d59e1004732efc502a3a9ad9d5ea2ab3
SHA2566c1f0c780b8d8b2bc6e0d9caadb86634240adbb1252e251f957337e4abc6d725
SHA512c080b0b4f8424e5398c7a6356d4ffc1234f0779e2720f2ef90bc1ac68b69d8bc8fcb6a92389d693389b74ed030ce400e048e32cf37c0521bac5e3bbc49e4d9f8
-
Filesize
1.4MB
MD51139a0fd13aae15eb9b08e7efc020b76
SHA158d6ed320267b93b7b358310dd7495702d88b393
SHA256499ec34fb38bbf8b3d240dd4366203bc86ab623c2c6a950e3ec4663d2af8dde3
SHA512428bcf700641c0b4aa2114be0dbb8cd4872fc187b822f8c43e46a79647a065e085e821b253189a18860cfcad30ab4497ee99197de197ad75a5f1f321bdfa4658
-
Filesize
4.6MB
MD5d196ae689a69a0790102045dc4d88f72
SHA1200869424ee5fa0db2148364a454e2af476e8bf7
SHA25649f3c9730c14968ed80ecf82ba21439d143246ba204f33ab6b9cd6b7d5872e7f
SHA5124b0d9c47bf0935ae4b7654f1b6eea63915e5d33517c1724008346b9b608d511c9780aebe9d91aa442d7a58db4f5193d0977d716b83c380dc84c1c671bb5697c4
-
Filesize
1.5MB
MD5d8c8c00058ebb6faaa494be5e13c1de9
SHA120e885e135443d2c38e086400cc546b6412b3e85
SHA25634184fc421fa2bef4d11a3a315361b7389eb825eca4e289496a8de2a5d769dc5
SHA51257d457ee0ea00006fd2ac41a4074122eef34d738061878f16dd2bd528941ef0df554ff4778a48f3d141688a16de4b886dc624fac66639d330d29a0d87550403d
-
Filesize
24.0MB
MD55bac21e4a6373cea3132671e933d364b
SHA1505e3be819d03a3fc31b02a4d6c18fe554f6e943
SHA256b721c0e6372708cfbc16f3e9d017f98ac5f1ac40689826d1a6a72d92775316b5
SHA5126a60d76291b8ffd813a28a71e6656b438ba5a66a3f57759f1b4d4649431bb236f5a723bf582765bb361df7c4e662146568a6430b4200c40c5dc38b057b0db2dc
-
Filesize
2.7MB
MD58c9e01480616ecf2dd4515b1ec5e9f70
SHA1b7f64d25eb7daa3a92c78c6e9389aa69906ece6f
SHA2562cb2e5c923c142df4dff64d1b0a8cb14c401e31a027adeaa4db1ff308d95a105
SHA5123f82639e08b33740a259737b1a9e90b7c1cfd61b654e12720dcbd016875e94db2c0d12df6c2228cbb236abbe9ee89c259e48a8f31c09206f12f1ae6da909b168
-
Filesize
1.1MB
MD5d13835a20229afc681a345653928af1c
SHA12d285e9662b0309668d902c81bd4907a9090336b
SHA2565d4e9efad79e168d135aee4d9d85d81b10b144d4b278620140de397edd88ea35
SHA512bbbf0d2ab9e213ab1858679db43453819c9941c0200fcbad35b297a10b5e44d2ec82e1288500f302873722a52205d75045989e9e23eac9480438309063f3019c
-
Filesize
1.4MB
MD5607f646323d65bec8d08c9fa906807d8
SHA11ffa372ea1af511bcdb00cdb913e153a32f86110
SHA256f98bbac20325e07675a7b73edd1393c2560783e12c4ddc47c297e9046607cca4
SHA5124514addd0ce1436edb7fb8566ba5a91d390d97b941439b1040892df21fd4a195fd02279544d0badaa5dfee41fb404342e2cd158472b9af8634da39dc13705b14
-
Filesize
1.3MB
MD5dec30b06b9ebc0b3bcd5ccae3ebe73ec
SHA169cbf663653d4cd192c92120499085099c5bb6bd
SHA2562a228c78ece00cf8928d9ce2c5706e892cdb9e3d931accd64d93a9c0304d4c7f
SHA5126412c70ce25019e31d3a7b07f2db787bfd4b394edb30c86909d308ca1ab2faa0791081fe685b7458b924a5c313fc26f14a4b64f66582d4710da962a76ff92c5e
-
Filesize
4.8MB
MD5517eb03507e43f4a8776bbd0b38514c9
SHA145081cdd83cf571b1860222fe3b79ea085e86ef7
SHA2568398cf2d5397f8e97b291aa568c60535dd3b9c9924676408984863ce512e2cc0
SHA512dbfab8c564b9ee9fcf3580770decf8e8685de391c2b3750103740d77062557b10f9de13787648eaf33e0ec129bc66ed94b16dc24c0aa9b51874bb3eec6796f96
-
Filesize
4.8MB
MD5b4e14d29fb62c6770f48730b90264a2b
SHA16d5181a1b4900cb4f5e96eccf25e3597a73aede0
SHA256ad3ee9d0234134c50a446d73d7d63c1cff1ae04c6ed8f1412b838a37b191bee4
SHA51279e4bc83366a36d6a572bf8cdf28cc40cef850bb21ff7ae461abbf93fdb49173ee7c55d1f3d7e9f6c437d4526f698d8431be500ec2dc4d3d4cf266b513538489
-
Filesize
2.2MB
MD5e3a70673388e19cb298c293181c1fb78
SHA12bf1fb68799e7fbb2bd3d37eebfbc9620f1a84ba
SHA256ca8fe9058b5fca47cff3c2fcd33e30476d196d305a011403b56e96fe1704a6d9
SHA512c2a8d9024aed5c7d9616dca7c9e0e3484b89fb24f5a37076e351879339147b5f40147a1c577ec1f014d05714da9c44f0faf40d9d86f6c0e3d6d90c8ed8a60632
-
Filesize
2.1MB
MD5d118e7667428fb887f3f39e7b6cafa84
SHA1a30322c2cc4294eed9abcb213dbec4e536558f4c
SHA256ebfd7ef79131fcad88c3bf0199e342f947f13e5e0db5cb3f539fe70490279859
SHA512ed7ead5e8752358fd2f68ddefc8c7323b70c96437babc5dc06b66b11d8d1caabb88c260a540b75e3351c17fbe381d77e940dfcc335f398c6eaaad2d7d697ae99
-
Filesize
1.8MB
MD5fff0403d663b07b1cf9bc2ea161d2f2b
SHA1923fc4edb72b7a846f9f04ce3f13bc5f5660f94c
SHA256b35750801d2662823b00dd61b4a9b68366542f7d2ea2194d56b99748af02bbe9
SHA512b27d8701aad75a48c9fbc2774aea4a4e79bf0bd0a1bed41f18f5ad9b1fed5e3d4014fc439735061b3f50dc4b27182d0c03a75b42bd8564c2c919a3acfd8aab83
-
Filesize
1.5MB
MD5c369a0aa84ab4261721e4a81129e838d
SHA19194e8f89145aa098adb191ed4bbe8d2457a23bc
SHA256ee567988bdbaf780196bbe46d07b3b9cfdab513b1b45106149010f4843bc432c
SHA512e091d0966734448b87e09305b941be3a48eeea0082d6edeb2ffe2b9fc444d9597510c58beae257d3fc81647c37aeda2d117fc85da3bf2b96ff5e0e8af20a92fc
-
Filesize
1.2MB
MD559c2a485794a40d499909e7f256638db
SHA1dd7a70c8c0ca8163cce0a520a0523d05d2d35a64
SHA2562baa7245b4a6074118143ec30ee68d21349affaa3ab2427084d1f6af55c12f58
SHA512011c39f7e6535d0f1ab53db94d5e69681250c1368c3ed9873ca55c95372eb094f9486cfe52035eba0334109782f54213b0c2e74a2f49577bc2f0a22c68b23a9c
-
Filesize
1.2MB
MD5389f055361d4360ab73b07d5da1f03c8
SHA176ef686968b86d6f95ae5486d0dea96a0db5c3d6
SHA2563bf4e1653b0ccc748e449ed9450bc990b0bd1a071e14910a1e843d1fd8e2edc5
SHA5120bc234a8261dce257b33032f3c1e31b71d735132cfee0279673085a7820117a844866d7a9a12a649527b7b97db25a8f4ae93cbcd34cabafe1d7306ec275165c1
-
Filesize
1.2MB
MD559f80645c688717e6ed58b64670497f0
SHA1a386b2c7606f8fe3fdb8fbad5a95313fd7d0d876
SHA25630843f8ddbe8ffa1df1c8260fd475660502d2bab71c2455802ea0c913bfdd4a1
SHA512dbaca31744dd80a0ed6576b2d84592d4dc5e492a0dcee676a9778233023fb15e51fbdd30d9f486241a40fe8088e0c3e74c019d99ec1d0ae213bbdc08e050faab
-
Filesize
1.2MB
MD561fb0a3eb25fecd9db48a94fe0660bb4
SHA1899b94adb25270d001dc3b3614244db1ef48f7ee
SHA256099e5a10ee6cb5ce3fba82195610459ccfd973f59b0c708887b215d8b0929992
SHA512c9cbaa1db1081327371474d1f25db125ddcff7999f3653af09cbca8fb12547bee9d830c4bf62b298937e2bdfe45c13bfd122c714ada5c41e752e729f087926bf
-
Filesize
1.2MB
MD5f6bc13ed3958de51259d48f82509cf93
SHA1293bb8d8a61bcdb05d55be2c12f27039681d72fc
SHA256b2215d9e5408b90f1657319334b00ce0eb32c7603a2b4f7f71f329076a4b2304
SHA512778336ff017b9deed844a88e20528e2a16f56cad17f24f5d44f0375ba4e86af6113d65c4d879fe7b1ffc33b0d5cf08a976a045e323df85d14c21fb781ffed2e6
-
Filesize
1.2MB
MD538e86fde2f30a1b7f78a149c9a4ad331
SHA1960040ffa77d177e28fa8b14a5841acc9c47fe48
SHA256df9d6efeb51632a5004ddcc821c09507e73df6cd40681bd628a2d5d635ffb9d5
SHA512b649cd271d59469be0f3538832532b0bc452af63635709584cefa30bbbd8bb59e8743c88a77a341e8d927488298e0496a5d440acfdeca1859905a2fead144f99
-
Filesize
1.2MB
MD5f8c2f93dc7c80452f2478ecfc29130b3
SHA1a0689a7fc71601ace0949d8f961ba5aade98144a
SHA256ad114aa1f674a49ad6b28f28189ee71bfc8965ab34dbdc8d340ceb7aadbe7c8f
SHA512f9ffee8c536f7c32d2cafd3f6ed89625e51d7c7295c86fa1ad3f3dd27da7312615ecf18bb1bf08f666b54642b13448c790708e722ec6c63c8caed48693ebf903
-
Filesize
1.4MB
MD59037da0ffd9bc17521c1baddd5f1f3b3
SHA1a07a25d237e7c51a3d622a6ab5b6f1fef6b78470
SHA25662055607892dd2e2501a1d1e9f661eed10b00df41122e29f39dbfb9403ae46e8
SHA5125af58eb26df2ddfaa6e0371eb70ea239f9244ad4153caee79a17aa246375310efae2bf14777779f85cf873f03e2b0e3163b3245c17d2dc901da8403b63f210e9
-
Filesize
1.2MB
MD5856e84c5be21b5502ff71033413c16f2
SHA1fcca9cddbf52d76c582aa2aabc36d35651208db4
SHA256883e7c6802b72165d2f400d43d9b63ecc8e6102ab031f4f1768d77eeb6cefba0
SHA51266ea86df029d20d84f91f6db5f6adff2532e14dca0edf601e0962b0119a93a58dc90bc43ccab6588e3c1e4afafd9dfd94b78b0fcd73b4b1404784ec092bad116
-
Filesize
1.2MB
MD5dd482da844ccb7a2c3dab391cc06b772
SHA106f25024304dcefdc476eaf83a74af7db10ed803
SHA256bf4c5e9d3cdff141ed39ec13a2af2411e6cef18dfc90399f7bd9f0da22a965c7
SHA5121e7f82b3ada41ff1b31b9168ea8bb6a4feef6ddd773ec497acc5d6e8615664e29a3f3133af4823d757ca5afaf5df4ba732861e81f8195930a39871d08431d9b8
-
Filesize
1.3MB
MD5201ab8b04d8df27392c5981fc75e28de
SHA18c8e9b6d75f8da55424f230e2ca3bbec67a18e17
SHA256ca2a53017cffb943641326740ed5b2dd6eface389c4ba30bcee80ab07543ccca
SHA51234d9394b919180878ce5b59483a46be98573b951eb104016b4f77a4345822220e5669b234eaeccc4612e3f238438b1ea7d4f7d45df912e1519627f178d139ac6
-
Filesize
1.2MB
MD5b5e84362c62ba44eacfc7bbc2c937edc
SHA17cd965f8d2325995164fa1567b96d3ec028ae5db
SHA2566681a1c19c2db61b2b30613954f5e8ea688c3473d7706e5f0dbe9023113cc539
SHA512bcbe5a6e5663674ed6b1a0a8cc7da88a885645a8669777c1845a172e52857755f1caa0e84a5b519217aad349f6b1f9a332ec440fc3fcf6d390369bfa041d010f
-
Filesize
1.2MB
MD5a1061f65e6abd7fa861539ceb5a848df
SHA1a8300053d9f01e07e8078cdc9e2c02e74ab59e44
SHA2563946763e0f6cee483528763f17bafd42ace81254cb9a424dae5cebf26e292446
SHA51221f1dce1df71cd404750abd7a033ee20af04f9d23cbb4f7fafbd65098c947df5494673c795873110ffcf956fcf6a508e49b5e579a97cd7adbd9fc8616913c051
-
Filesize
1.3MB
MD5d32df1e7c79ec46dd0e8772c0c57c5e6
SHA14e0009b69ff5349242846c39971e27fbd456213c
SHA2561befd8f23f27903204bbe7824b2bb66fcfad8932ae7d8a39d7eebd6ab3a8fa46
SHA5121994d8bd0bd3a4fb3a9d6f55e76dd5922e1fdf51210f49c9afc0ab01bc141ab9ec716d70d4e5d77b185a6b0f950d01fa3cf61720c4fe0c36882c9d6c18b4dd0b
-
Filesize
1.4MB
MD52f5d08beb16978f342b76012d0ce5f6e
SHA184389afe885a663ada6c106f69b4e8a11898ce96
SHA2563b8bd4261cf47245a59f240b1940eeaa9034c8b5e2eb3ec1b4b01d4fc057815a
SHA51230637b66808102ca8560a867862936d9b97721b82777a63841a2ffcda96087c9354d04d130789f28d2180c76cc21e1d5e2eac846f4d39d6b2e77c8fc43e5ff70
-
Filesize
1.5MB
MD5967a3f4688003f68103c5e074e900367
SHA14921ea8cee40a17e76b9055cf7be313928c6cac0
SHA2564bc1890b91eb0e135b0409f34af3b3bfa5edd161237a6d5ae8ad103cc30dfe4f
SHA5127ea702cc7a994ec252a9e4756939e8d644c98428d7c722adb33ec5ab3b95b9aff4761449cdabb284b54478dacb4b932f80a04713b5ec872f7b09cc02f157a4be
-
Filesize
1.3MB
MD5718766f979d322d61dd33aa486178d0d
SHA1ba55038f69e820fcb4833b89c0f4d1f0c8bcfe04
SHA2568f36e7a3e3692927fb2dc2916e756cb1157374813a1f09eae077694202e5e2e6
SHA512e6fa46bba3cdc553fc61ed55824a275d0788109d6b1d3ecaee95ff73e4aaef48a20d70e628e8b23cc4b45094fd62cb54f7ce21b178ce901ba2cee1a789ed3078
-
Filesize
216B
MD51d76aacf785a659652d0516daadd3a89
SHA18f1d8728fe05d7cfd0899af8575ee999e5cf0ce0
SHA2562a1516143067ca0109b3aec30f08ebcaf6cdbd60a2155652e62e098f51a32e9f
SHA512e76f4378ddcfd95bae7a768ff54fcbffbd38060276d0b0a852d7ee652f2f993cd498f3f8da0347be92f16088e6f713249205797336579d7de315e28122184ff0
-
Filesize
48B
MD546fa9c67b956b9d7c5638b790b8b86e1
SHA10d8e7939162d9dcf811916710d488e9338fe7adc
SHA256975e1b17c5ab55240443938e6e6badde873b5e8a26e0504527410e2fa150b97b
SHA5125c068781e42694560fd18d715c936b49f2c55d2357acc24486490c98ddf4751519439fc031eb9daf73eade97a578d3e312d604648b18c34b69aec5ebc5d074e9
-
Filesize
693B
MD543a444d4b3d7d2a985569262dce58d5e
SHA1035ccd42305f7e2c105de72d99b15b93952ac7f6
SHA2565a5f647b1ad61c9ba0b89e8bc05901d5cf15969932006d9ae43ef1a3374570d2
SHA512df330d34b8bd6dc3529511659ba25f7f3e42e5d59aff2d1a035765cfd3401d7d48b280d5bcabb2a34d08ff682f04d7fe6da691f1cff3f02e65deb63a3d19ddc4
-
Filesize
484B
MD5e8d2d9f7aa383b08c812d00fde1291b5
SHA16bf7915fca67f7890c8e1cb528f9d1a829860da1
SHA256896813932711a860c5017d40f81df0937031fcdc5253eb5e7138bc3b957bdc7f
SHA512dc19f029ab99f005643e1a2fc23c64d4f1639cd01c2bfc02314339c8fbb627b4ec12fe2f31a9c7f8c2d6149bbeab0589b6f98230eff29c4049aa7d36fa453774
-
Filesize
300B
MD55b3755a335f86568e4349aaa10497e26
SHA15285a094cc2b06301e2b2f808e9be4693e2343a4
SHA256d49096a8ba68810a8e8c3171aa39a445c1e37735154bcfbd220415e1091f9363
SHA512f3834425981a2cfa9fae4c33bd08d11627dfb10ef281740e82ff27f4835191340cb15e074ed3a16c80facd745de3c4a88ed6616ea67d24420728c974a06f8ae7
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
9KB
MD5efb6e815a83a9222a7263e78209285f1
SHA1e178c8468d4e2ac9e66e7cd597813e6d85b30044
SHA2569d0a3df457493d2ac1dba90a89ad6b35d309951142c793bef247ce462a631a2a
SHA51236b1ec5f4b045b026f80983f769fa20d9e301c6ed92a036629f768c13515393522123d6436f438fe4f24f9116c0c7908c4d8093fcca36972e12ec763a06e3c72
-
Filesize
444B
MD589cb2bc5ccdab01b0653d4dbb3d6a062
SHA1afb947fffd5f5f3723e0c8c3b52cb8cbff406ee9
SHA256ecd13153d9d438809a38de30f3abbb0f6f92837a7e3cacb442a9a9309bcd78d9
SHA512e5bef83bfad930e2b68720e00d450aa879619dcabcf8d96f9f8c47636a95a9662bc91b04cfa9160081d8af79a1257b75647d89677123f28b8c609808d5b86653
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize6KB
MD55a5715177822e69c98aab578421ae78f
SHA1175ea27d6ef6df27fae93a724c94b2c770f78205
SHA2565afc5816946e0d7b6d57a99a60be71d9e88670d9a63c18e249c9266d8e95cd2f
SHA512b11d05dff7f9ce55c2b30de82709f5aa9b410734e1b88a6879e3489394a5b36a27389022de0a741a16f70d0639439d4f75942c3fd604567d63b9ec229d86b331
-
Filesize
14KB
MD5c4e538289a4c12da96cec77e7a3e36d8
SHA112d57144c0e79edbabc8033a9bf22b1720299f2f
SHA256c7a1b0021d1f943e497c592d83050ac85a3b93aff732f9b94cd26d9c41b37ca3
SHA512db3eac8c05b7277a6ab9974c682b20350705fcf616040204bab053d98cf193c2d6fc416eb571ca67f7e53bda59ccaddc0351bf60310a64dba2d83fd9aa539ab1
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize15KB
MD5577b7286c7b05cecde9bea0a0d39740e
SHA1144d97afe83738177a2dbe43994f14ec11e44b53
SHA256983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA5128cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize92KB
MD5323181f4e9013b8b341897abd322e56c
SHA185e2e4a5d38c515185415bd4aa8d24f32d428fa2
SHA256e0ce36b93ae67846424364085ad79ee24fe5c036e5f6a78a4acbe1583f22daab
SHA51224fc5c82e25f2ee689b0888c6905f13ae74037e8db06a39b247d525071c858e8a284600dc5e33f006a2657d04c0b045c146c2af0951c7ecdceec34082a95d004
-
Filesize
20KB
MD500bf35778a90f9dfa68ce0d1a032d9b5
SHA1de6a3d102de9a186e1585be14b49390dcb9605d6
SHA256cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2
SHA512342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041
-
Filesize
48B
MD5bd64c051ae2410eef96839a3cb7297f7
SHA195a5b0455d69127fe50e396153c795d9914ce0d4
SHA2565caa5fa3e79dcd8ec5ec20256ed7c77efaae77e0ae8d89e4a974c484cb177d84
SHA512ea2f76c8cf5dc2fd15017ad9b942d020c3ad5ce1cedc2a1604137ea02f8411cfff4166ffe93c101756b404344488b304cf2b4a71c25b2929654dda9a88a88793
-
Filesize
47KB
MD5da277b7a17374bde018ffab02015238b
SHA1ceaafa1a1ed7d2101ad3c2884159364aacbf9dcd
SHA2565aaca90948de8f7d11264ed608a2f96acba061e6463d337d658b00ed1c552449
SHA5125a6e542ae9938f560d40348ceac663feaf889a6c990efdcfbea919531dbc34771fe2f0f366ab7adc15e998e5ed392d80dad78a8392f11b9c8fdf2c67f0431a53
-
Filesize
64KB
MD5be3a210738638c4f33aa7e01cb475e26
SHA102276a10cd77cfd57e4c796c45d69d526f8420bd
SHA256fd2abb8945c06a6b9c5444baf6ea523b52bf7a03a58b34ebe0a6a110630ed5f8
SHA5126a11640800df51a8d88ef4224acd39cbb051dcdd6239bee82575ca11772a6a52e40c6614af3ea61320d29b4f75fc9611f6182ad2a55d7284863fd38d89631feb
-
Filesize
1KB
MD57ecf5b072a3c49209af4710481dff5c9
SHA16b49560eb27b2d7cd169c066208d4fd3a4863f3b
SHA256f747d5fd27e74412be05bb376c0ff12fcebb7f39c158eaa89ab6a0a9d92ef3b6
SHA512ec9ed9d824471655a48b48324a023a7231560810f6403f0ded04af35b51dde4dcd244bd4147570ac9c5cf0c841af33caaf8de7d60cf20f6fcbedbd1717d6d262
-
Filesize
23B
MD5836dd6b25a8902af48cd52738b675e4b
SHA1449347c06a872bedf311046bca8d316bfba3830b
SHA2566feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64
SHA5126ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80
-
Filesize
33B
MD5dd542d7ca2128ef0e7c3411b5ab9e8d3
SHA10a98ce0efdb5fd75d3c697f06f3c084d5882dc49
SHA25677f0055faba992867817c485930c5f60cf64e65c65b410128426dc35fd8d862b
SHA5120d0c1801d0bdf69d2010b0e26ce0a156fa50baaa0370330bdcdb879cbd09a6146d7bc89de2d5ea6f3615123a60e1be87def44c07f92de24615974e3cae2cab85
-
Filesize
2.1MB
MD51ed17a7d11da47608f99d98a8d249e6f
SHA1ea3d9e0de541be2a346e93e63286f0265ac302fc
SHA256a24832de8b80e206143170a899ab91e76e85685aed74963fe2f490344bbf6427
SHA512e423be766c3d615dee6f3ed8b0b7bb5735ec13617a93f6f5403a3e7c4c379b9ab87e9fd5f0c9fa9338f656e321488d0aba895ac9f77da413e27473b2218b9ac7
-
Filesize
1.2MB
MD5296fed4abf7e2ff53957bd51caea3538
SHA11d339286b388d159a31ada5c861ca9ff96d1ae3e
SHA2565635c3a392f2df9891dcadf3aef3b56d2ba22a3898d6f6c8907c7c5df62359b7
SHA512f7c47f6e1be561b5e21d63a74b50bc053b7175fe7189b45c4d6727cc9dcece9a14a1654aa66123878f1f0b4df4593288905dd10057d16d48613ab40762ba9568
-
Filesize
1.7MB
MD5d82209c7613bf0008922ca5ba19f8283
SHA1ea7af98172ae1597375a246137c393ecc6a902a5
SHA256240dd08673b48e13eceaf5e916b99dd7bf7bec1ed8bda77b27051737dd590693
SHA5124f04275e616ab1572bb89df1bca0d60ced3767ffff4daae8c8e3d88f5d43a1ff72be1a2605d1e8f19fce588d10a922fdda5c8ace8c9bcef3b21d3ccfe935572c
-
Filesize
1.3MB
MD5d96d02502ec703793bf78cc1db4d3b98
SHA1aa5fb28bdd5fe9d87be728ad622280854ab02885
SHA25643d9bb3553b4eb4bb1dc4797677851059c9fd62544121de49593c17731f16657
SHA512b739da7dfc3704f3ce97b9174ed9bb51052e1b11d463d7a3c8f2e12f0376ccd0cc9aa67c883c7a7b54976e911ad0d80c318d538e37c3d185cdf9a9e4ea85c536
-
Filesize
1.2MB
MD56c4e1e7aecc0e3f72ca4b118cce362c8
SHA1741b88e092f046bb1630e5ca95904e3c5a890bf9
SHA256c3caedaa1047c3e6799b6debc2be5aecb2e93936ab40109335c28a7ae9f64173
SHA5121b4cb9a0e9e18923c49527b2a7e7ab9e038defac0a5bb76831af10b771e8f871281a2d8ca307d226e241475f7ef76247bc24811c2fab74b700089691a65caf44
-
Filesize
1.2MB
MD54c61d4270c1a85ec9a73a342e2f3b19f
SHA1a61609f7c558b1ff528d4855bcd68c0ca4831174
SHA2567c674517a8d16e2f1d828d4d4dff750859e5c34175de8f0b5e17c3b2e384e57c
SHA51287f32d2f4e24f2c0d4accc83b837ede9375fdb8962d3dc75f18589ce451222eac22ef93308e6a5e0d6798fb0a46850d50fd7ab27d1dc5d6c024c5b51eedf7dd1
-
Filesize
1.5MB
MD57768b0796e3a7044a7f9291b35478a43
SHA10b2ee50ff0a5dfd5337ef59751adec10a231ff8d
SHA256a2b9a541fcaa084fc8a9c85de1dacfefa03342a538a8d41850bc631ff4bc8ef1
SHA5125ce6240a9ced59da1255049b19f061672dcd796513828b18a0d055a1a3b62d2b25a03fd3eb282a62ff0e6322d70f434b5856b7a166a3b9e505f16a769c2b850b
-
Filesize
1.3MB
MD58d8157a9ddfc00e5e4ceae8a3a45fdea
SHA1d87e3bd405fb3c025aeb2e14114755c23bc4184a
SHA256c02c29b92cae1d04e4178e8c2ecb295ec6a8ebcb53a26a0bdb897f5c1dd7ed6b
SHA5129c20d84a123ca5ecec3f4c364abf937e7079546e32a4932a1e10bf848c9b929e3c11b1ce07177dd4a49ad2fd760947d0dad8d2d5b674da00c2a834ce97b4d434
-
Filesize
1.4MB
MD536b42d0e87691bc13eb09254bc5b2d66
SHA17fda94772855bc6e52787dd33116179b9351053d
SHA2566e6dcfcf8e4104300f38a83752b6bc8968b098d47fab7a0c30e4eb3099aeba70
SHA5124957328f8b390cfa4d79396aeae007f254ee59699761374e7200c740330053ee347837f4b30be79b9e11afa290e1f0742614f39d9cb9dd168c2d69cb03fe6b94
-
Filesize
1.8MB
MD5ed819c28aff4148967e54164fabcb4da
SHA17bca47f016f05b74a2befd1811b0c8f283738f64
SHA2563a8e394315f618b31e5b69335b12823b59895fef2c75655def4f82f4ef1118a0
SHA512de1bd24d43eef60f650d2e32b97c9ad4c3f88dbc69e638318785100cfc44edc3da530719b9c0112c9cb7b938f7973ee22df7166de747ed77735a9c0584070286
-
Filesize
1.4MB
MD5abba1888ce77f4b856b9bd7a8ad275e7
SHA12ddf0da40c9bffead0615b6492a5219809ff550d
SHA2569ca40baa2ad1ecd0e41f6c9f0fc7d2859957b12b1e5c6de2e23e4a81a0870cbf
SHA512a2bf9e5f9a348e15fc17f2948085a16eb50a7d40589ab34d110b782145307559d999d97e07294fdba4d74ef4dd8db828af3e9395796a3f7f52c21d2ec274efa3
-
Filesize
1.5MB
MD5b473a0217fa73372af75cca31ab348a3
SHA1ddce904e064c4cf52cc9beafe2c79df00cebf40f
SHA256454c7ffbd8733633b8686cbcfd4cc0252bf121d7368149d359172e5d63a33bf7
SHA5123a464bc3eac2534c11b1470827317e15cc2043973fb5aa3c4ecc0a4476d97a793d385ae3453d790200e51aa537dafe4c2d5a1a1067d6fbcaf0de91052610e2a4
-
Filesize
2.0MB
MD5ea9729c2b61bf118cabcf479e95da9fa
SHA18561fae50aa8677862053537326b064c74fabd9a
SHA256ee28850d8e2fbaf458b4fce673d175d4adf4691012b0a9f5ea9c25013c35bb04
SHA5126872861a778e59be3dbfbf103f43061d40aaecc69978a1c2507311de2aa2ee07bd23b13e850da41ff2a8b6a2a8c2f4cf3b2075daf76d429111405bf7932c8f71
-
Filesize
1.3MB
MD5e3ab510f0348695da1ea3874cb7b4fb0
SHA12e2da78eb25dcc9ae360de2ad11d32d5051588b2
SHA256edacd01dff488d98c307100c7a593b615e14d016fedba92c408cfcca249c8239
SHA51267f3bc1447c6dd005c56424f61359c9db297990dba0980cab0c8e9c2f0e6c5eb299d62c546761b979ed43888f8a5b4d0b1c74354d2278b93be04b369b2a90b24
-
Filesize
1.3MB
MD59e520e9ba0b7c77ce330d3fb5b8726b9
SHA116e875414f2b264dfbffba9279734a3d5a56b0a4
SHA256a1c727b556a2aa226bdb8a765d73f0413993608485be345a94ac7cb94ad698c2
SHA512d5a451523d23f233299d4abd424427d00d9dee0884e4d12970b8c760579738a04d315dcfb5dcbbc3796a0a3e15fe34359411cc6b1203cf329d75fd69c32af4be
-
Filesize
1.2MB
MD532e814623d3f0f935b9989b941a409fc
SHA1367c1c2fa81940e1624dcceb9e5f3e0af30b3b4f
SHA2566be8ec886a7b8b20906d05be12eaa345f238016d8c54d1fe2d6145591b352f3b
SHA512e8690dd6b79548b3fe63a8231963913070e8f79bdf0405b398c2ed9f8e228557e87c53e124642ecf2323fc1d28c18ff285806aaeac279957778013262d6f599f
-
Filesize
1.3MB
MD5f498700f521aa0a70795a00e14ef501b
SHA1ad7ea6ef1c17edad0b1adbd21a868930cb203bf7
SHA2568b7f3979d660a9f553c76e8ba0b4956605eac55adf918e3b8fdb23fff7aef582
SHA512a9310dc77d9bb51fdb445b50a2a9fa685e18a0f91119e000495071991dedff79844c99ddfd9875fbe3ea7600f14acb09f6cd7ffaf4dca61156f483ec69e2a8e1
-
Filesize
1.4MB
MD5766c07bf072151498ab0685bb6eb42b9
SHA1e672bddcf659374ddc218dae27c7ec2dc73d9080
SHA2564fd28e8dfa55e1fc96bd6ea30640e80109447d7f7179bc23f6cf4d4ae2b4d579
SHA512a958b5ea91c701dcc672f777c3de92ced0c90f4fe214675075149591d443be4b0a2b7d439e37264379e0aa27fdbe403c0796475e36837fbd33829bd9b3fcc869
-
Filesize
2.1MB
MD58d4aaddd0e535c793f6dcc7e439a73e2
SHA14848b7d85f4cdf0151da41ef886844c47462b309
SHA2567babfcd5e2a694940660cb1c8d3d84a5ea4d1da646d102b9628d17a9496adfd6
SHA51238b6ca7041d3b93191bc2a5c12d46084153e7beddaae46d8865e6ffa20fe1393e5eff368d15bcce5c2a8f40161ed151d0af3f9033f2f772a18b7011caed84f80
-
Filesize
1.3MB
MD590f2a45434aa5d7b60e8403bc247016d
SHA14407b3cf1179b13741f8baa164f51e75cd043b58
SHA256df959f8ec569d6075b7a1b4cbaa8ab0c21a2dbd3b69262abfac7927c4fb8ad2c
SHA512f5e3c764ee974e9cba21669e616467a1238a5370b88fae72b0deb1d3168f55dc6f603500fb18a8b9104c52d72112518c69f4701671ace2c157ad25ed63eca867
-
Filesize
1.5MB
MD56885622127e1d4a748c3e865ace86f9b
SHA1d12b2900ee34744da44021b5dc910f3b419d8ab5
SHA2568699503b88270ee1d28c7709907bfac5dddd9c2f0322550a5e888f9869c2a8b2
SHA5121e31dbce9bd668fd8b252b7a7a124b38a962bd3f37757adbd61daed52387dbb7e7f60c5a7174bbe530e3605142be7b70b3f3cc975453d6d453f30c9371776542
-
Filesize
1.2MB
MD59a0a5075551f967405e4b0508053326d
SHA11cf1318bcfbf6721841e0b5ad68f0ff85bb444c5
SHA2566b7f13f9b68c3dec264e3496cd51292ef4b42b8a9cdde71fa9dc82d4a29b1c72
SHA51276986f97ed494b61b0e39a8ab9224bcdedb2165ca2bb8b38d38f732914be058d6fdec908ee4feb1687e3c591f1fa0abff927d2a57569b67df880b040890c0081
-
Filesize
5.6MB
MD5e21c872c2fa0c1fd569429014a566505
SHA1c778ba03cdccef7857821f0cb970f4882a188231
SHA25617348a2c01c67d336bbd9d4b694a6a89caf4d53c9ad3a143c262b404ee39562a
SHA5125cec05473141668fedccba738ca2c7f21498c1f1aecedbb4735b4e24114d90b847a80d92bdb648645833f9ecdbb3cbb4c90d73d22b6c35f6ccb988da60307fc0