Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/04/2024, 02:49
Static task
static1
Behavioral task
behavioral1
Sample
cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
Resource
win7-20240221-en
General
-
Target
cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
-
Size
625KB
-
MD5
a833081033be25dab5419209fd333d4e
-
SHA1
5f26f29c8ad182ed70fefe3144e0ab1a797f1a50
-
SHA256
cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82
-
SHA512
51b481c0b690b05b71465af526c702c394486e0bd538c06420ffbaf5180ef3ca870c407957c055b45bcd3fe864fae6a3171dbf9048ca73c286cea620ab11e1a4
-
SSDEEP
12288:z2SGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPhn:C1t/sBlDqgZQd6XKtiMJYiPUn
Malware Config
Signatures
-
Executes dropped EXE 19 IoCs
pid Process 4836 alg.exe 1392 DiagnosticsHub.StandardCollector.Service.exe 1532 fxssvc.exe 468 elevation_service.exe 2372 elevation_service.exe 1896 maintenanceservice.exe 3076 msdtc.exe 4804 OSE.EXE 2524 PerceptionSimulationService.exe 1636 perfhost.exe 3000 locator.exe 4588 SensorDataService.exe 1200 snmptrap.exe 2604 spectrum.exe 2856 ssh-agent.exe 2756 TieringEngineService.exe 4832 AgentService.exe 1604 vds.exe 380 vssvc.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 34 IoCs
description ioc Process File opened for modification C:\Windows\system32\dllhost.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\System32\SensorDataService.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\System32\snmptrap.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\System32\vds.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\System32\alg.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\fxssvc.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\TieringEngineService.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\locator.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\vssvc.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\System32\msdtc.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\SysWow64\perfhost.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\SgrmBroker.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\spectrum.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\AgentService.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\msiexec.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\d27bae1812d07ad8.bin alg.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7zG.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91140\javaw.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe alg.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1392 DiagnosticsHub.StandardCollector.Service.exe 1392 DiagnosticsHub.StandardCollector.Service.exe 1392 DiagnosticsHub.StandardCollector.Service.exe 1392 DiagnosticsHub.StandardCollector.Service.exe 1392 DiagnosticsHub.StandardCollector.Service.exe 1392 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 664 Process not Found 664 Process not Found -
Suspicious use of AdjustPrivilegeToken 12 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 3304 cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe Token: SeAuditPrivilege 1532 fxssvc.exe Token: SeRestorePrivilege 2756 TieringEngineService.exe Token: SeManageVolumePrivilege 2756 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 4832 AgentService.exe Token: SeBackupPrivilege 380 vssvc.exe Token: SeRestorePrivilege 380 vssvc.exe Token: SeAuditPrivilege 380 vssvc.exe Token: SeDebugPrivilege 4836 alg.exe Token: SeDebugPrivilege 4836 alg.exe Token: SeDebugPrivilege 4836 alg.exe Token: SeDebugPrivilege 1392 DiagnosticsHub.StandardCollector.Service.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe"C:\Users\Admin\AppData\Local\Temp\cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3304
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4836
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1392
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:4680
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1532
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
PID:468
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2372
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:1896
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3076
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:4804
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:2524
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:1636
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:3000
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4588
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:1200
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2604
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:2856
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:4768
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2756
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4832
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:1604
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD52d7f2180673a7d2af5aa9193ce35caed
SHA1c576b126ccb9c012c66bf1b8d2d00e0748a4d3b1
SHA256f084172e62b5c06f44bef65daced11584f99a39fa11e4da573aa4c22dc68cf73
SHA512d3f0934d6687f1f21b7551af0dd5feb7c8010f59f4030e9b4e6f18a5a5cb13bd5df7880584e82ae666ac8564868978af6acda8ecab38a480e6492c142cab907b
-
Filesize
781KB
MD5f2f96450225814ca78c14f7eaa682a79
SHA1d4816d638b9aea7356b33bd680740aa16687083a
SHA256682ed6c8d15a4f3d51df6daa8370db8d98217e26b2f3d6860d1649dd86893f9d
SHA51248dfb890d5c841a95a67c558894936b37ea37abe8a707598e24e28f33014afb6f77291f786727eef99fadbb8d6bb30a14d62587229b96f79a759c2adea31bf3b
-
Filesize
1.1MB
MD5437cd7d012485265bbec2cfb36bcb491
SHA17f7e766f4b161e33ee6549405a38e8a99cedc487
SHA2564d70a95249e37ada878c4abbef04fd0f49718d9f3aee60e473f1f2937b04fc37
SHA5129581e353c5300d28920a5bf920a6a0302a9c2d98e8875085a9a33d07b57cb2827bf53ea3746f3cb75f8920abd02c8d5581b63f98c987df39e436c2650d7ef51b
-
Filesize
1.5MB
MD54f120eb329501fa51c8d7f825be64ceb
SHA1068b5407a7e8d5ca8bb0e30cbacf96e1c80bcea9
SHA2566f5cb1167fe388bebd52d9df3ac9146c70939944e22cf78a654d8513e5295836
SHA512fa194e7bdd390c0790a8e125737c49c4316f7214ae9378e19acae901573e3e29d1b7710da27d6f3cf7d23689859631fb6759b74cc681be2caabcc672524ed5cb
-
Filesize
1.2MB
MD5432ba35561da6996037d4c1e7eae5492
SHA129ce9e78139c5b136ad60e018a66b3b28cb4d694
SHA2563c91102e4476ae3321846b3f3762312baf3247b3b30b033ff0df4e33daed5a53
SHA512ea0073a70a2c17ebe353f2c048b6c4db8d245d0c59ca76ef3b512a34d5b555c47a1c45e0330a8b84d8f5864ee52f955c249d0651b94e6e51ff23bf392700639e
-
Filesize
582KB
MD595e22a0da13e3de7ede51daa73c6f805
SHA1b0faf5d1284ec1e2872434682f151ffc091dcafd
SHA256b276277afd71dfa31e6a22f3264286791154a498a1145dd17116464bb57c417b
SHA5126e29dba377f9113524a9a973994c72b581ca7ac229ec3725dc02fb1f45527690fb265d16f93fe05b560ff0a85244bbef8e7090598bba653491cac53641d45a97
-
Filesize
840KB
MD536266e9ed4ef6047cb7c4b8fb980eefc
SHA1e7028ec0e7e2b1df42b3b4d4c27144435fda1add
SHA256afa8afe7e26f692efedd832fd372ca3c91fcce3a7efecc30589e792f42cd4a13
SHA51263194e8c1c51eb7b7d9c7abc5cfc7b9ba7e714012e5743eef33439802f90dc40d564145d5a1a198fe173caccb659ef145e9c83ca3996c8f7d9dce398a5728b83
-
Filesize
4.6MB
MD551914be35322155c109647afc9d1f718
SHA1921a13ca750df0f9fd6114168c11f2e78fb1ef6c
SHA25669820b56148adf98fe1a06c61daf09d4912449d4d3ecfc6141806c949572e08a
SHA512c319fba75d1bf49ba7a28ef149599127495721fb72bbef55a94a1cc003f6da5291aefb0777891071644f75e6af917980f5998257c0347bc50b9a105631408296
-
Filesize
910KB
MD5339864ae08642601c5e79c497ca2eefb
SHA103b9860e4c3b6814ca75113d5fa8619bc7f46469
SHA25644721d7a40527d1695b7dd3c089bdce342166f90140f2f98d59ce96220371ec3
SHA512b457d4bab7a68cc516676215075e053ea811b7f21fe6b92e809df68e61944fbc0a2fcb941d2173f1b35df1628ca079b7a11212dd392caae402ffde6029ec3a0b
-
Filesize
24.0MB
MD582bdd13934f805b71f2a391cb84b2ea2
SHA10e646155046181317343a41c46293a0d511ea503
SHA256773b5b61042f9b372aa100a40b081010829c0c41616de1af59001170a8e267d3
SHA5120a7d9e28de8a7777f5b4a1c929692c273f33727e616e5e05077b84ef600edffb85ae0854a4156b3ea40025573e902dbc019e4b1a69357cb0dcf4e90a6881a06f
-
Filesize
2.7MB
MD5276672e3ab467b041e16199f05496996
SHA1b875c13ca89183dbe36a9300e45036e23bd4a735
SHA2566b7dcb67c5abc3694552e20b258665e0196804ff6892e5254db6bc7313517381
SHA51280acd1ef9572137449be131ce9ff44d0a4c16fcedd8625197235cc88f8cb748c88b321d87f22c377ccb7d9b1b7192b42bf44cc6452a53ff60c1c28fe84447e0f
-
Filesize
1.1MB
MD5f3b0973e3c512836c3da260d93bbfffc
SHA1aeeb8d6371ccd906092c531d7482748dd7045979
SHA2569f51f46c20b30d8188b5926e555cadf4c01d10ca2323a0e13d019ccb3d5f5573
SHA512149bc359ddda299a08cff29ffc03c705d71db3824a3b6f64ad6ef49befa019ae15979f6bd50b68ef53d63e0464aa117576a213079d4cae3c9837422094d31651
-
Filesize
805KB
MD560c406ab043151d31266a58714117026
SHA19eb6e499180ceb421be90aca04aa37ddc9412824
SHA256371a3af1d40d92235bdbfd6e9aa1c7a1c4bf4521cd79a95e38aba4289dd37c87
SHA5122ef7a1bd741f1c7c587075aabd006ff1ec5938d44be4ef9983fbf350f80846181abeea7e9ac0ae14bb633b29f8f6e0db054961dc1061ed0f0ee048909d610814
-
Filesize
656KB
MD551ef49b6ec8f48cde4b0d4f1d61fda77
SHA1f74f060cb3fdaf7deca3472c629f82c881bd2951
SHA25623d798a09fdc098c4969a06c9b29d2b1769ea5e307176357af2438758c81da51
SHA512a4c9ae422d969db9749ea0b9927d2b4879e2d5d1e45fb9d8d78dc4412b16298d96b2283d85d0c5332e527c05b3f4aea05f06fdbc81e20cb587e603d2f8755a09
-
Filesize
4.8MB
MD5c96f7d059e420940a9a9f40e318eb041
SHA12abd8f1ecf39a946d09d0bd67970f3170267f20d
SHA2567024fd378a8abe903e314dc10ddd31166e22c5cf06c4f9053e42086bb1539319
SHA5126e9759312d74a18468d76b616fb35e4a7a09a485c5ab5713d09848143b2790380b5e89ea47b4f3dd4dafb92377f74e72b343b8404b5153f6126c161537d9a2a3
-
Filesize
4.8MB
MD5d30bdb6d5c38106dd427122395ed7463
SHA15dab6b0503314c72b2e32775c7ff4b6312237992
SHA2568813d46074c323ce4b213e2f2a345baf69a617d85871e6d6510cbba3f6e3a159
SHA512b9165cca656dbfe303bc9bebb8b72e26566e93439d303c0e63968f0744da41a9d5b1291abae1a95b705df8dcf6e51c921ef767b9a3fa49d07c0219d18341b294
-
Filesize
2.2MB
MD5942f884e026b1755b04228df25ee2196
SHA110edab6a203ff632168d56f9dbcc64e22d1ceaef
SHA25680e193ea73cde68da2e13d3867f36d91dd7b8fd749f38daec5ea8dfed3a34f80
SHA5123a283fc3f79155e2aded6462415efc8e5bf13fc8a87ddbed3adb4dd189f5849160b7bc6b51f4947fdd2ac1cf788d5e9014ac134ebbf4fada12f0510894c1befa
-
Filesize
2.1MB
MD5d65fe700fab01d0cd0116722a4090dda
SHA1ca19c802d95031d5abe9f9d7f8cb3c98808c29c7
SHA256191d72105ef0ddfb83ee0e467413abfdc81597e2785e9949e522c577643a1a45
SHA51216f70c511c69cce01c84d4d8a6cb627b95d92e473b70af4231d5854f6aeed697311b0a5928a962fb2c08de766c395a5d4c251d4750a44661b6b9972687a05c02
-
Filesize
1.8MB
MD57cd6704bdb8e12bf853e2e474fc037ab
SHA1cabcd849909e93bb48614562a028fb5030316e09
SHA25609abf709ed0a79246b50a310ad761372f3f382ad62e54d8d4edae6dc948b65a7
SHA51261abc5d53945ad5c706ea99f21e7a3b690a0c7c8cc0dbb7dc2a23ca5c801d607f4ea100cef7eceac7a2bc658ca66fa2398b2fa2c29cbe66cd1ec49e0a83f4b65
-
Filesize
1.5MB
MD5e19742e0af0d99cff12e0597034ab2dd
SHA1765e2e8b3954290612b0ccec451af57e05bcda95
SHA256936cf4cb58f91e710776f4cb3a2921a39a2738ecfd985796fcbedd69fe5331da
SHA5120a08efa331fa8be27767a7190f1b614b071bd57178673f914b3b8c6c187cb4d878b1419284c20fe3cb9719be7d587d156bc67ee58cde9969372de76263ee28b5
-
Filesize
581KB
MD5bab3cb663653c4d8d2238a7a1374f072
SHA1b23eaab73fdbd7b59a097cb32c18964bd84f1f99
SHA256e5ed9829d3f0d038faa2db940e11eb70fc89f23bc0075113e90c3c6804af5015
SHA5122babb8be4b37bb0dffd46bcfe112748c84405beb43012d59065a2cdb5dd11054323a929590241f82308e8cc1825390052a5f826a8239d4499c66b97d6b3d3dd3
-
Filesize
581KB
MD5fad322ce3ffa04b8d700f1892168e267
SHA1841593759704244d4a1ad8aae51bbde6adc2646e
SHA25653eb3db9837c7c948ad03ceb56684cd08458f1f3fc6a72d325c1b52cb4cf78e6
SHA512961c79b93584f518f0d017483b95e814e7d3be51a51d8dbb6e5fc4140fa75994d8eec0b66531957b23bf40d054f7664eb37f37bd90cac66c4d9df8e01731efc3
-
Filesize
581KB
MD57095e13b080768953c3f38437ddd4b2c
SHA1062516d16cd0ec808687ed1ebad59b4a8ff0511c
SHA25656046174b35f6208d482f587548b2d05be9132425010fa2144d7fbc1028c3a4b
SHA5123288bd2379cb86cfb0c695272f7586762ef519cb575b70ded22241db53af3c62e295f5aa23c374a8439b29a811772a4d107bbfda87259a05e88df9299e1d25c2
-
Filesize
601KB
MD59b7fde41e8dd2e8c7d1cea1bd328cf0c
SHA1212c18d1d543d0c5a9b3a015f432976ffe333993
SHA256f9d7dbf1d7805b7aa34b3d09bbe66d8a434846e3cc4066cdb2d1ff0fa0529d1b
SHA5124f5bb71a8cb267d6e61b76fc0157794649b95bccc13037d40eadf414e13ae148362c2ecd3fe53a6bc944c43ea06640b13c145083f0a4a6cd112e0a3e826ad597
-
Filesize
581KB
MD5ae0c64a239822cddb4ec2e2aecaecf2f
SHA1c002eeab81cddda50be42869f5344fd37fb82f1f
SHA2565d01f5258d09cd7e71249e069e71a5572aea468478698f6bfa6558e1277d187a
SHA512b180d866ab214e7d261c6f1dfb1d2e7d077f17b20b233d86373d49d99dd2a4d1b6fd638a09137e2543df682c805b25c57c54b32820abdf97e93269918e6265ad
-
Filesize
581KB
MD555b06f15ccc0875ad0573c91e1148d3c
SHA1bf45e989c345859dd0d4222a1744e53a2533baee
SHA2566ab3920ed75becae9ec4c2690ddeed195a8f3ddf006dd8bfaaf6139564d02b04
SHA51214b16af47f1f1cf2d8d05fdfe09f52ac4f7efb33ab7d24e79c61f65a4de2ba32f3c1106e25208169d617eafa528460860b6f8c90de19f9d959343669a7139e65
-
Filesize
581KB
MD508572d0dc286966bd0a2889369183bdf
SHA14e9327b534b5f97ef0209a48e6bf7f014b5fa752
SHA2562ef8e18b35d203f9325b4b2b277fa36a2620d2781c2f6d5c4b8eaa90e5e0ac44
SHA512c3932d97956ab72931483d3d059ceb4eb20c2198ab7ca5580d0da5c88f7ffb97a72db6a36d5e9f549e70f388a9e2f76ef965868424313b6e1b8383e9f2287e7b
-
Filesize
841KB
MD533f02cb1b2df699c50b9d0cc930e861a
SHA167d2801b57a1fa1c0da78f026c31204ff6ba70c5
SHA256e572ba8152bf8fbfa6bfcae3eac6ca737ab2cfe037258f3224820c05ff3e3f3b
SHA5122b9a0e3a4e372724aa090a781bf9e87bc22a78d39c2b2403bef37930f7f4da606968e586ed75d8d3343b4d0556610071ada6c640c452829bb9b8a762f297e1ad
-
Filesize
581KB
MD590ec3ec586692772c37f8677c8bc2408
SHA1732bf9242f139dbeee16c81b4b46334fcaa33a93
SHA256eeaf92f94c3ce1e2fb037628fc5e9f0f60aeca15e18193de61c96632f1f367e1
SHA5120a3706f4b84920145861e668bf515912735865c1a72a3bc039e35b0020266f2b7b335283a8a88a4c2bbeeae502e61d1aa981239002c26059b724b7f225c9abbc
-
Filesize
581KB
MD5c4d2daaf3b780814478959625f7fc20d
SHA1e60da6d6938cbd560fbe314f67f43ce6c483992f
SHA256376dd9d5db90c16ae4c424b33a1130e522787835eeffed6ea98aefd7b6b6ebf4
SHA512191a1fe6979f40d3b4d29c307257fece195dbb6113fe4175f89b0c6efb8f682a92a73907135027b26e9c2cfc1d04b6a6f7736e31bd7c7a2fe187d290c131777a
-
Filesize
717KB
MD50fa109dba0bf42128237a182fc6e0231
SHA1c24627b9a791754d98fffa1a23e438b77a900d4a
SHA256c80826992c406864d998c8025cb2a732c33764997aef8a4e3485fbb4c1d3ad47
SHA5126d0bda439a9cde3a022f2663f97c34a7414581bf80f18c77d683f1873fdd9a5938115788a50f8d4c30b5d075fafd0a1c9144916d6cd98463968be6eafecb1d7a
-
Filesize
581KB
MD5f8c4ac2f506c1d6cadf6c211cc438785
SHA1fbd0121fe689ecf63ae4ee910c6efb368dd2b92f
SHA2567483ff010ff46a34d383b011e57c6329b2ecc60ee11cc06c71cd604ae65df7c0
SHA5127cf80edf46e30f9c983832f0380386944a8aea6f949a0b578d3b96362374a9126cd62e1cea25da22bec837309b0f263ed6aaebc80b3e3f14840fd7526ef94bbd
-
Filesize
581KB
MD50f92d5b2a075d84fa6e9cb0faa243bf0
SHA16c7429365a3e19696e1b4c9ac5cb9cbe378c0a8d
SHA2567f71dd9e953557d4c4810bf14891d8e076ccd8c86d10e61d92005599317bc5d9
SHA512c624bc844adbebb46159f927731d0a586224d3c47dc1d7076ac3789d43b8cf2af5fb3c7060254988f955b365f7b9470aa732fd69424cd8c3f204afe56998de7a
-
Filesize
717KB
MD50dfaee27c0b05e997839e50cb18b4115
SHA1437962ae9e34e8ad3771169dd084c767c2ab0bd9
SHA256ad471512be8af12ff23bd3ed9173267b6d57ac2c81a32abf93a30f61ad1afd06
SHA512234e1cfd420c05613c977cd22942814be0a3038ac3d1e57908d208e7eef870dbe16746a77f42c12a8718fbca09a1cf74c9f30a93696833cc75bdcf4324b59d92
-
Filesize
841KB
MD5e230508793e921b7301c7ed6cebb9c9e
SHA1f834d89a8ab95d2b548e10d5a2d042728b0af2c3
SHA2568c64041b99c631a97ea065916a59bd9bf684c071b39d11b8906f505a33c2dba0
SHA51290d693cb9c2b9a47caf1a27fff77784a8800ee202d157422cc7fe0f166b25596179c3b465ff887c0270e8ff67d47f90ab74dbb5576e33fc3167f0b321592920a
-
Filesize
1020KB
MD5c8af33e27785260f9805f494c1b0936e
SHA176221b550cb055f43c37a6f459f7609a8929b08f
SHA25626599c251a96e00ad36633b8bef88252f5a93abf7afb225c1c993b0de1ab274b
SHA51247bd36245c7145bbb9fcaa497827b16f98870fd5f3550c775d9a65d4aa0d1bf0cfb06849a6efb1e242b87686dd7b591e8e24aaa15feb55afa6f45a21e562927d
-
Filesize
581KB
MD558761d8eb2fede8b3bfadaadbbc16490
SHA1fc0cf9f7a77dc94a840834840fe5c9a7a8de0f92
SHA25633299f2bdc52a9e36e4eba4ec89643dd11aa4e8ec2b2a31616be3a42426df5f9
SHA512a894c2453a3bcf1921096c613b5c41d37055eef482e41ef4668219cb20a62750ed1d7f3c42fa2ab3d2d20c6a8ff4d3680832eea6a8dd222d6778f61761574ddd
-
Filesize
581KB
MD5b31de9e12840b83223b5f3d0d2a2e156
SHA150ff2d1ff697fbfd0a15c72a794a253eaf03b301
SHA256be971ed6c025a304e12d489b3c96c7bb5d0774f8a473efbb369f4a4994fc95bc
SHA5121568133a807d2dde6d725bfbb5d075baa90b381c78c0d0b3ce42155e5c69e8a4f91c8b8e0887faf787366b26bf61e4adc593f22e49ef45ba5ef2497ea3a2f8d8
-
Filesize
581KB
MD50b501dd7dc55ef14eca2b41ae2389ffd
SHA1af3085a615a424ff66ddfa4021924612e0be6a63
SHA256aa5ee1521f7d174fdc6d48aeb20c9c600fee12f21eb1975a7a30b239598c749b
SHA5123ce4fdbc59a62b5dac4cfdc2cffcfe3fc61e2d5898f9bd665424b3462ff7c7926167b254f8c3425cbe1c412d67b90bf3207c9b335010b21e3dda0d4e5729d7a4
-
Filesize
696KB
MD534d6dc6e33b30d4b885c59945eb5b9c3
SHA19eebc7ff5efdae06cf6ab6111ab6b4ab80a695b2
SHA256f69a2a09e03ab079c2b142efd320516ed5566927864e325de8934e93bc0c9d59
SHA512a0da0e619f5b136ca645152fb799359652366377a46d9b79ce6c139b9d8ebaa5ebf9f2e0ed4175920bfe7cb8ca4ed7b747dd07836a0a5d0f8f8222dd609506e8
-
Filesize
588KB
MD52288133c9a6d6e8f9be77bb8f79f96b2
SHA1816b2b0dfd9d9e9322b93d0c878d8fb9b05b4076
SHA2568c457e7471cc7aa7cdbdecaa214ce3f99698e28a870bc35f2a9c9576ee765295
SHA512fe3e273d525320c8a24081003691b1a3d0a334d51d632dd6f184c20bbaf2c9a70962c6e9680a4e4001a673fa3cbb093d2cdc3e4754b3c16bd43a07c6d6380d70
-
Filesize
1.7MB
MD5fb3db9f4d8fa21da1c955d98ab8c77ef
SHA16fb2d3fc84ec4a855e33fdd47011e65d0348c52d
SHA2561d599eab0aabf44145b626cb5ea2e404e9d268ca3ce5cfc77616f054d3a1f161
SHA51205bd599ca99c6dd813e84308a936f728f16566d9930ff189fb8c8e50fb6c9c1bb0fbc62128e8f58b874cad5256aa07a1ac32953b23833459c1e1c68a04cdc7ba
-
Filesize
659KB
MD54c0b8e1f5989fc4b8649347cc7e8939a
SHA176bbabf9f724dcbc2ba0a77ead77fd71997d6077
SHA256e79a59f7dd1cc3702ea2954707add5facfb6e9ebacea27cce327ab82e6748687
SHA51204652c9f814ceb2b1f5c0339775ec3014fef6e109793eb1c13f737b00bc50aba7ede9c28afb5762831af99fcf54a6149b38627028c678261a65504ed863305c9
-
Filesize
1.2MB
MD526ef50a8b6bce6efd089a6cd0513485e
SHA1a1bdf982ea25eb12c7a4c9d3dc3e9e315d869b6c
SHA25698776d2d9f5e8fdfa71b4ccea4034163ee9178d792db68dd669694f92cef17c2
SHA512ea1cf9387306c3b71d0336744ee4138ab6a45532006a7a37441911e4d7312c8d5bd07e06ab7edd50a36ab1088ddb6f378f57c260bd800e84d9bf6ee6113663f1
-
Filesize
578KB
MD54e5098b6ee40fc238b5905da3f4e136e
SHA13b8438ff43393e85764f1be7527efe37c6e70b48
SHA256af2b589f1d7f2c8958768de7c2b216e7d1fc2235fdc051a7453b1f59ad18b9a0
SHA512a0ece279120f9fd231961fc6638a93639d352012c203b2ec44612af3db0be4dab57e73daa58e1b2e84a7a2e929f0dc89d460ab4183ac23073d425eb2e7b45fa7
-
Filesize
940KB
MD5600a2ab1455a20b561a7410c1a0a545f
SHA159a838179545defbc5acd73db91e51980d5d468f
SHA256decc71950c37f4d84cd69db34b40204a9053357fd8021d4a41dcf0b50c4e436c
SHA512067505a1f921db905610131a50a3addf097bd47149e75e0d97aa8c979d8da6d98136906619174da8f93d9a290b59ab839f856cea705e7ab629c0188cfb5367b2
-
Filesize
671KB
MD57eae3eff8030084b1b4766ef20f6c374
SHA1f2635cfd5fb6ef44f554f6e31ba97e6df1fd89e1
SHA256cae775ad45d3d2e6707080165ca3617434f9089f62f71eb839629978279f0f2b
SHA512d33b2c461a43923a3fe623c6d3c24fa3ff4e89ddd5a4cdd540735c2273530f358eaeb0f4787c7ee4159ac8ab6286aa6d18c4abaa31b0d14553eeccdeba71e543
-
Filesize
1.8MB
MD58016ab31396bdbbb817579552f30003a
SHA1093883df1d3dfce3694768e7d730c8611e23b997
SHA2569f199f12ac851f836e3cc1543c87c840bd77197eace2bc51a2f0dabb84263709
SHA51215c7d44b8f6e65051ba6695a6a852750d19265b40f8fb4adc813a8c03e0ee87e5fc74c38226434d578eb04af0e83fff5ba50d1bbdd6628c4151fd520e749ade6
-
Filesize
1.4MB
MD54fb750b693898b5bcae9f3a14aacdf33
SHA149d7d1c918685f11adf5618079ef7ae0dd5cf833
SHA256c5107454ee59d7addd1f5f4060fee0e26f4731fb082d463db7620bd1278992f2
SHA5124ed34ed4ff338e94daf4ae75d271e953f8eb9f129deb284de5eeb2d958f0a2215925ce2be4c5327ac732b5389a0d8d981aeb0814e3d8d9ba72177571dd02c9df
-
Filesize
885KB
MD5c48b87b9010121ea459231c88dcd80c1
SHA1b6796dbba70e68e01627442e3201a41d1681b863
SHA256755874a29077b59e72823b346e1cd4ae0ec760186cef47402f6339e7685cd0e7
SHA51242e787845a1f478859e52ce8b21ef55b1bcf35c44679c11da0be8add807877e52fc63228f18777c56753ec9d518d02ee703bf7409a641d5c169407f48d43203a
-
Filesize
2.0MB
MD5dec8d8ef2f3eae9226b6ca6065b901b2
SHA1ace204dd5b001fbb053a436ea33fc227ac0cb435
SHA256cc8f28ffd41ce1a7e761891d55cd6e8e97de5e25dbb035a9d79ca03df566d470
SHA512c30d7eb2e2cbf6f2a049124db7ea78ce918983a9389000eee6935cd3da3154d6ba33ad7450745114e2af273e5215cccc4e3932db0b2875e4dc340ca09c07ff85
-
Filesize
661KB
MD5863ca14cd0527e080c0c8481c1fbba86
SHA16d3b2063cc9adcc47cc9f81b4413b6ac29b152dc
SHA2560a99fc3c2f0aa92368707932f7be57ca772a95f7b2a61cbf3c3484b59afc258e
SHA512687f0088c7f0a0f69479d593f7fbfd4c79f2e8486449191294801c5946b50dd99aea1707d3f39e120229b9cd79e17847cb6afd0e2cd85afed80013c7a92c0bd0
-
Filesize
712KB
MD5ad8e29534069c55e5a4df8a139b25396
SHA1679ef3f2fcb685baa1e165cb6065daff2b3f1820
SHA256e0844cffa7b6f11e56251655c72d565f104b1b7e515ccc3a013628df2982db70
SHA5125db6737040a6b5960c28734f8b3c8c32a0d12616751be6357ce6b43f34e492d35379e2cc440cb063a4a43cfbc2cbc54d2a48163dc64f1991d385753f6bf9dfa5
-
Filesize
584KB
MD5f817268bc07568c8641d3ea505a0d7f7
SHA1585d04c260a35995d0c78ea10104ec43244c7f70
SHA256738221bfa02d4bca97d6b7cddee4852c47bc7da4547979c3df379ed950d76224
SHA512c94d641dcd449390549e742f07632cc2228be1c855c93075dc9f5aa7a3444ec7fdc3997bb82dda092d1d2736e715253ba9821e102aeb46ba63998a83e3691633
-
Filesize
1.3MB
MD5438b76bee4d12967d652f2fcba263b03
SHA1acbbd6a078a7fc641e61db53c6e93576659d7626
SHA256c9882b57b526bede8a633459e18d480d51515b00d5dc78fa9076be752d6fe65c
SHA5121235af4b5f5913c6dd4a47d651ea956c09207d0b43444aacc08ca6ee7b078ce3666c767fc63cb4289609ab3e121c0a0ce6fbed50809e785d2ac85a09390194ca
-
Filesize
1.3MB
MD58199cad3ee45efc1ce335abc9b7d4012
SHA1d428870155bbd4278f1a99b6b27c9ada781f11f8
SHA25640e0535d238ba0dc8b2b7aea2ca5ffa6737dd0e1548041ca82f9cada70998faf
SHA512fded657c0023cfaeddef4f38cb77771f6fa0ddfd314d78ce890b0d3959cf2e1f1c3b6b2ffbdaa70f63adb3564601887709be6f80b6a96e5d292b885872a81143
-
Filesize
877KB
MD5f5ad64ba074dcf85782b84eac0616045
SHA146973c906b2db09f98dcb15c3f4ebaadad021342
SHA2564a42d41a6b3e1064eaf2bbfa96639313f77a506e3b52009fd042a2e1654254df
SHA512720ee4f181e7c6cdabd406b23065aecd28d64c6e2b9c0ae97a9639f670dfced24e10260a2b0d474ddaccdbaa940dd6b8407937b711f0600c1d1be94b64040ee2
-
Filesize
635KB
MD5064a364fdbe90ccb42cb1680d14d42c5
SHA16918a7f9e16c8520e212edb92011b39d86b1ab73
SHA256ded6a69212e4834cb4701b8e184cc04d516218f5f5e471009830601aef40091f
SHA51249d0b73fa0a5d7775fccdd532ffe5591cbfedbd74f83fa8f8c4873c86f5bbb73b45dfa35e18020f868c07bd09bd17a089e33a396e2491bc1e4ebc62f2611e452
-
Filesize
5.6MB
MD5bf02ba2355fc61020be9f6fbd0da88c4
SHA113dc9ac0b3874f6435a7608e2ca67983d2fbead2
SHA2563f3327781f18fa8540089555c873025d9556073c96afcb89a42661c62dd6fe1c
SHA512460ae4c52c5110f86984e631a397a1d355df322fc87bf0de5988eadcdc319324acf6621e0463a3c7df0a19d889531d98dd494c447d1bb373cb11edba58eccdb9