Overview
overview
8Static
static
3Onn Setup2...08.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...zU.dll
windows10-2004-x64
3CommFunc.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1Driver/CommFunc.dll
windows10-2004-x64
1Driver/DIFxAPI.dll
windows10-2004-x64
1Driver/DIFxCmd.exe
windows10-2004-x64
1Driver/HHT...tr.sys
windows10-2004-x64
1Driver/Mou...vi.sys
windows10-2004-x64
1Driver/devcon.exe
windows10-2004-x64
1Driver/x64...PI.dll
windows10-2004-x64
1Driver/x64...md.exe
windows10-2004-x64
1Driver/x64...ve.bat
windows10-2004-x64
1Driver/x64...up.bat
windows10-2004-x64
5Driver/x64/HHTHid.sys
windows10-2004-x64
1Driver/x64...tr.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...id.exe
windows10-2004-x64
8Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64/devcon.exe
windows10-2004-x64
1DrvInDll.dll
windows10-2004-x64
1DuiLib.dll
windows10-2004-x64
3HidServ.dll
windows10-2004-x64
1HookDLL.dll
windows10-2004-x64
1KbDaemon.exe
windows10-2004-x64
1Analysis
-
max time kernel
84s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 22:17
Static task
static1
Behavioral task
behavioral1
Sample
Onn Setup20240320V1.0.0.8.08.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsNiuniuSkin.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsis7zU.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
CommFunc.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
DLL3S_UsbAudio16xx_Debug_x32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
DLL3S_UsbAudio16xx_Debug_x64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DLL3S_UsbAudio16xx_x32.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
DLL3S_UsbAudio16xx_x64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Driver/CommFunc.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Driver/DIFxAPI.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Driver/DIFxCmd.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Driver/HHTHidMouFiltr.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Driver/MouFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Driver/devcon.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Driver/x64/DIFxAPI.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Driver/x64/DIFxCmd.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Driver/x64/Driver_Remove.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Driver/x64/Driver_Setup.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Driver/x64/HHTHid.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Driver/x64/HHTHidMouFiltr.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Driver/x64/HidFiltr_Evi.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Driver/x64/InstallDriver_HHTHid.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Driver/x64/KbFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Driver/x64/MouFiltr_Evi.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Driver/x64/devcon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
DrvInDll.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
DuiLib.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
HidServ.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
HookDLL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
KbDaemon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
General
-
Target
Driver/x64/Driver_Setup.bat
-
Size
98B
-
MD5
4726fc771e4a61c8ce6faba6cdbc2f5c
-
SHA1
72bb59cdbbd161809292a72b32664562b71fd2eb
-
SHA256
0c14524dacbdb3818a3a4af3829a51d5d3472f2376e2be7d5532e858a727c5f2
-
SHA512
981ba283345b67ed6adb7d2b77ae0de9fb1d8855934c0dac0b680109b8dfb619622127276244356468c1539077be5abf872c7e28e52f38fce0c3afbc775e3bf5
Malware Config
Signatures
-
Drops file in System32 directory 51 IoCs
description ioc Process File opened for modification C:\Windows\System32\DriverStore\FileRepository\hidfiltr_evi.inf_amd64_be74f3f2b163a621\HidFiltr_Evi.cat DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\SET7B8B.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\moufiltr_evi.inf_amd64_78a46f02950efae9\MouFiltr_Evi.cat DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DIFxCmd.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\SET7F34.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\SET77FF.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\SET7B5A.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\SET7B8B.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\SET782F.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\KbFiltr_Evi.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\kbfiltr_evi.inf_amd64_9643c83dda77358e\KbFiltr_Evi.sys DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DIFxCmd.exe File created C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\SET7B7A.tmp DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\SET782E.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\hidfiltr_evi.inf_amd64_be74f3f2b163a621\HidFiltr_Evi.PNF DIFxCmd.exe File created C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\SET7F34.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\SET77FF.tmp DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DIFxCmd.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\MouFiltr_Evi.inf DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\KbFiltr_Evi.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\kbfiltr_evi.inf_amd64_9643c83dda77358e\KbFiltr_Evi.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\kbfiltr_evi.inf_amd64_9643c83dda77358e\KbFiltr_Evi.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\HidFiltr_Evi.sys DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\SET7F23.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\MouFiltr_Evi.sys DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\SET782E.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\HidFiltr_Evi.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\SET782F.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\SET7F33.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2}\HidFiltr_Evi.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\SET7B7A.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\KbFiltr_Evi.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff} DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\moufiltr_evi.inf_amd64_78a46f02950efae9\MouFiltr_Evi.PNF DIFxCmd.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\MouFiltr_Evi.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hidfiltr_evi.inf_amd64_be74f3f2b163a621\HidFiltr_Evi.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hidfiltr_evi.inf_amd64_be74f3f2b163a621\HidFiltr_Evi.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8103e7e0-4d17-7e43-a5cd-546dbf9239f2} DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{2b127520-d21f-3f45-aac2-8e7794435352}\SET7B5A.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\moufiltr_evi.inf_amd64_78a46f02950efae9\MouFiltr_Evi.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\moufiltr_evi.inf_amd64_78a46f02950efae9\MouFiltr_Evi.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\SET7F23.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{323df97b-08e9-574d-9b5d-f105a40b86ff}\SET7F33.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\kbfiltr_evi.inf_amd64_9643c83dda77358e\KbFiltr_Evi.PNF DIFxCmd.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\inf\oem4.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DIFxCmd.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\inf\oem5.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DIFxCmd.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\inf\oem3.inf DrvInst.exe File created C:\Windows\inf\oem3.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File opened for modification C:\Windows\INF\setupapi.dev.log DIFxCmd.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\inf\oem4.inf DrvInst.exe File opened for modification C:\Windows\inf\oem5.inf DrvInst.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags DIFxCmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DIFxCmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DIFxCmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 DIFxCmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags DIFxCmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID DIFxCmd.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DIFxCmd.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeAuditPrivilege 3208 svchost.exe Token: SeSecurityPrivilege 3208 svchost.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4012 wrote to memory of 432 4012 cmd.exe 88 PID 4012 wrote to memory of 432 4012 cmd.exe 88 PID 3208 wrote to memory of 3492 3208 svchost.exe 90 PID 3208 wrote to memory of 3492 3208 svchost.exe 90 PID 4012 wrote to memory of 2636 4012 cmd.exe 92 PID 4012 wrote to memory of 2636 4012 cmd.exe 92 PID 3208 wrote to memory of 2628 3208 svchost.exe 93 PID 3208 wrote to memory of 2628 3208 svchost.exe 93 PID 4012 wrote to memory of 4292 4012 cmd.exe 94 PID 4012 wrote to memory of 4292 4012 cmd.exe 94 PID 3208 wrote to memory of 4604 3208 svchost.exe 95 PID 3208 wrote to memory of 4604 3208 svchost.exe 95
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Driver\x64\Driver_Setup.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4012 -
C:\Users\Admin\AppData\Local\Temp\Driver\x64\DIFxCmd.exeDIFxCmd.exe /i HidFiltr_Evi.inf2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:432
-
-
C:\Users\Admin\AppData\Local\Temp\Driver\x64\DIFxCmd.exeDIFxCmd.exe /i MouFiltr_Evi.inf2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2636
-
-
C:\Users\Admin\AppData\Local\Temp\Driver\x64\DIFxCmd.exeDIFxCmd.exe /i KbFiltr_Evi.inf2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4292
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1310b129-cd83-3c49-9170-6afa091132dd}\HidFiltr_Evi.inf" "9" "4b4ded797" "0000000000000144" "WinSta0\Default" "0000000000000164" "208" "C:\Users\Admin\AppData\Local\Temp\Driver\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3492
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6488b1f5-c966-544b-b5f3-3494a468a0e6}\MouFiltr_Evi.inf" "9" "4d55dba47" "0000000000000168" "WinSta0\Default" "0000000000000140" "208" "C:\Users\Admin\AppData\Local\Temp\Driver\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2628
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{92f28fc6-b67f-8441-a264-98adcaee3407}\KbFiltr_Evi.inf" "9" "4a084871f" "0000000000000174" "WinSta0\Default" "0000000000000140" "208" "C:\Users\Admin\AppData\Local\Temp\Driver\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4604
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
133KB
MD53fd12f21641b350b5aedc7a1eec064a3
SHA15cd8d6bf85dfacbde058ebbd61b4268384143789
SHA256e8bce60aca743a6f9c2dbd68f81ccbc35ad42b4c9dcc4266d02cbad5fb95f5a7
SHA51215974fb126be3cbef72475204a51f1e8c3f24ca1f4aa96954717d002b4dfdce5062950bdb0037b9a1398b6db81c5dfe27312e870cc2f7a1a4561ad48d3181967
-
Filesize
29KB
MD5111d4505d71a92ddc2997ef6fbf6269f
SHA1bdf2f64d0e66c89913e986fbf978cf372b1104af
SHA2565d7627ffde70ba97437fd413b3c0be8fe5e46eab944c376245be0664ef4e83e8
SHA5125e3b9db65d12db1635edc9dbf019606379e3ca870b68a0155a0d3a0a80e56115079a3f1252aa2d53536071ec20e868d7cdb88d0033aa064b7b0ebf2f1f4887d2
-
Filesize
68KB
MD53e5219476830f1bd4d5c0c948455a07c
SHA1f40f690fc27f8bfecbdac88c1aea0dce584aa9ab
SHA256d418e9b18967e453a80f6ce24fcf325e5293a115de1b858c321af6ce22ba992b
SHA512cba272dff50cfd61515ef149edeaf059128da402e5fb9a4226108c0f9fa6bcf95807fd8049d3fb76546bc3de1101873b5e408d1202a6ca163bfd7ff35c5ec464
-
Filesize
133KB
MD50410e772fddd48f59cced079f16fca1a
SHA117e68438a69b42335004cdc4b7471b88b0e6d543
SHA2568cee47ac39b3cef22f5c10cc72ff65b95a85ddd10a6fcbb1b4d16351533fe072
SHA5129295f834b302599a4e773f04eed7d7b60fa804b610d7cd4cf2922a95f17882d922bb91e76081c7a474b37571487a3629f521b0f29d71e03e866ec51140064dea
-
Filesize
29KB
MD5f9d3df95649ae65bda9b22fcc73cca5e
SHA1ea46d5e138568080fa7c80b7471a7984e7033096
SHA2569859bbe498b969a0602b64d2eeee300f645713fc3dc5c1ca75954ed6b315a61d
SHA5127a2b48ca7a51a34eee66f6c35dd2b80004c65ca92d80c4fb436ca330aa23a0e95f7fdd4b8b2b2f358326ed4c53b1d8c34ae19425b89b9599275f14e5226b2b91
-
Filesize
68KB
MD557d901a3384015d5982ef6eead53cf83
SHA17e74ff150a0d5b8f664592b016b9f9ef272ff46e
SHA2566e5820a365c85679ce4e88744730567227996668f72ddab2cf2ded14bccc0363
SHA512c5455e85da250d01a3179c044b8fbabda96f5c5d84ef274b073de16fdd9668f99ad3cef85ab32d1a3a8a072d08a27474ba2f42bdb4ada6a8b63519f1c9e8cd7b
-
Filesize
133KB
MD5d7b37f9f4301597ac6f9b3dde63a8f03
SHA1c8d023422d36f1bf34b24b4cf31199d950c16eb9
SHA256d07c9e54b6e28f6f2937a52810b852a13150a1ab1cc75c7ed14c43229377fd1a
SHA512f62db02d4b893caf6b0d03448416041534b661f9cb124d01a55aeb6742a9351048af8cd810600a3e7b16b021fa21fd0c84961d2a46c4a68a4c7bfe3627e8286f
-
Filesize
75KB
MD5caf1b865266d946acba513f84f375ff3
SHA1a4d59bb9f8983c722c98e80b66f8fed1eb38f4fe
SHA256689e0cc0da0584cfd2b3634fc94ad5bca2c1db8f5b951a497e9a26566528c274
SHA51229849776240421dc5895c044dcf1ff00dc6efaa5b8a7faef1ebf3cd963dbf9bd7037ba820cd639a86dffb3b56166f0e07362622b0e6d0b7a9615b6500a339db3
-
Filesize
19KB
MD501ef0c5864789adae3663ec5d72f7dc3
SHA1f8f9723d476e46148813c5ce649aa48a198ba95a
SHA25694929d9b53c21fb78b7603b1f80aa18b6356826f8440ef907fa2378c91d9688c
SHA512469ce581bd1d7ab38eef6fae689a4155d5f94b1251b4521ae0efad839c99d48a0105aaf1d20bee587e46817f48b9f9fc7555924e70b38dd9042699956dc59021
-
Filesize
19KB
MD5220cd067a2d83d641a12a7ca922016ef
SHA10be4780bf64fc37ab6b4e881f0422033b585906b
SHA256fbc39e05d4d1fab2d5c059a0d97f57d8bb9d7d6eda43512274c955360cabd7e2
SHA51267a410ebe53820ecb3abcdb5c42ad59e933a31973fb7e08d8cc1e3b3f118152f70702e33973aa264325b06aade46b6fcb7d001ba773aeed29045140b01b71fe1
-
Filesize
19KB
MD5be7cb990deb7f9958e26fa936df0dd2b
SHA1790d77738acfbc6dc914b5bca27ebcfcb217ed0f
SHA256c2acc9044867d9dc334847c8bb04b32998dfebc80461014ca96a212b6ed56d8f
SHA5123c4da553849da45d6e763753bbad8e8d34c9bd6b1a883c088b5256f5c173976eb1b608b80408bdb62659bc28fafb7f2ad5f6040e49b5d455b72fdfba12518e24
-
Filesize
19KB
MD57c76b94eaaf122e575f240df0e747259
SHA15cdd6cd38326a331418d114db7b5fd0a6f32ae3c
SHA256dc61b90cf68162e425610e5314408542ad2cda17f1a10373f19984b4adf9d7a1
SHA512b452a349e018488c1ef5d5158128bf6f956b033862a4ec1db2e7242832691b5fd22e4069b39635a7d0265f10f1f19bf01b3dccb18fdee8d25fba25560530f5fd
-
Filesize
29KB
MD56c1fdd35b9f18313b67bf192353d914f
SHA13fe8995fca334473c867bb597eac5d6151ef1bdd
SHA256f47d72ee968dae3ca2783fc2980f78bde3594cd4b95e1d6790668e40560d251c
SHA5125c27c597783d84faaf77c7e44e41891df8039fb27e0a42be36c62d5d8f5190d9e289151a8304b5d739e9c0dd7d66358495c38a4787249f8b385b791c822865ec
-
Filesize
19KB
MD51ce90b725c5812e182d3aa7618a138f2
SHA10e8c01d8c4e803c6fd7e579d299a54025ed333d7
SHA256e643543746402ec22bf3a3389ab61dd7e9f6caddb965a7674508fcddc5f8d111
SHA5121c224b0d366e988bcc6baa3dfecd2f611457819a20588b32b0a346275435aab2774fa330c21f6a5c8fee7b1c8fae2792db39d56c6ea5aed87dbffb9ec6f6ee55