Overview
overview
8Static
static
3Onn Setup2...08.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...zU.dll
windows10-2004-x64
3CommFunc.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1DLL3S_UsbA...32.dll
windows10-2004-x64
3DLL3S_UsbA...64.dll
windows10-2004-x64
1Driver/CommFunc.dll
windows10-2004-x64
1Driver/DIFxAPI.dll
windows10-2004-x64
1Driver/DIFxCmd.exe
windows10-2004-x64
1Driver/HHT...tr.sys
windows10-2004-x64
1Driver/Mou...vi.sys
windows10-2004-x64
1Driver/devcon.exe
windows10-2004-x64
1Driver/x64...PI.dll
windows10-2004-x64
1Driver/x64...md.exe
windows10-2004-x64
1Driver/x64...ve.bat
windows10-2004-x64
1Driver/x64...up.bat
windows10-2004-x64
5Driver/x64/HHTHid.sys
windows10-2004-x64
1Driver/x64...tr.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...id.exe
windows10-2004-x64
8Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64...vi.sys
windows10-2004-x64
1Driver/x64/devcon.exe
windows10-2004-x64
1DrvInDll.dll
windows10-2004-x64
1DuiLib.dll
windows10-2004-x64
3HidServ.dll
windows10-2004-x64
1HookDLL.dll
windows10-2004-x64
1KbDaemon.exe
windows10-2004-x64
1Analysis
-
max time kernel
92s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 22:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Onn Setup20240320V1.0.0.8.08.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
16 signatures
120 seconds
Behavioral task
behavioral2
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsNiuniuSkin.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsis7zU.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral6
Sample
CommFunc.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral7
Sample
DLL3S_UsbAudio16xx_Debug_x32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral8
Sample
DLL3S_UsbAudio16xx_Debug_x64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral9
Sample
DLL3S_UsbAudio16xx_x32.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral10
Sample
DLL3S_UsbAudio16xx_x64.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral11
Sample
Driver/CommFunc.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral12
Sample
Driver/DIFxAPI.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral13
Sample
Driver/DIFxCmd.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral14
Sample
Driver/HHTHidMouFiltr.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral15
Sample
Driver/MouFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral16
Sample
Driver/devcon.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral17
Sample
Driver/x64/DIFxAPI.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral18
Sample
Driver/x64/DIFxCmd.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral19
Sample
Driver/x64/Driver_Remove.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral20
Sample
Driver/x64/Driver_Setup.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
6 signatures
120 seconds
Behavioral task
behavioral21
Sample
Driver/x64/HHTHid.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral22
Sample
Driver/x64/HHTHidMouFiltr.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral23
Sample
Driver/x64/HidFiltr_Evi.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral24
Sample
Driver/x64/InstallDriver_HHTHid.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
9 signatures
120 seconds
Behavioral task
behavioral25
Sample
Driver/x64/KbFiltr_Evi.sys
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral26
Sample
Driver/x64/MouFiltr_Evi.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral27
Sample
Driver/x64/devcon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral28
Sample
DrvInDll.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral29
Sample
DuiLib.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral30
Sample
HidServ.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral31
Sample
HookDLL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral32
Sample
KbDaemon.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
120 seconds
General
-
Target
Driver/x64/InstallDriver_HHTHid.exe
-
Size
172KB
-
MD5
915c8e1c85b53df5983374f36a727d75
-
SHA1
0bb6e31952300557e785b0cbc559a5f38605e2dd
-
SHA256
fbf9fa038763bb13852247581d4c66660fab4a9557a1bb157d4643c052032db7
-
SHA512
68189135cf15eb5b37571e8aa9ee85278646aef4acc2fe9be17ea647f96ede556a1608294285322911059cc90cdab74c963cd1db0f2cd9fffe450e63bbe05fab
-
SSDEEP
3072:d/qyGcm48j1/j7jAcfhtolbWmJBW/EqVccMraZ+5X4EFEOZbKYC:d/qfJ9bHAcf8lF/W8qCaZv5Qby
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\System32\drivers\SET5573.tmp DrvInst.exe File opened for modification C:\Windows\System32\drivers\HHTHid.sys DrvInst.exe File opened for modification C:\Windows\system32\drivers\SET5B10.tmp DrvInst.exe File created C:\Windows\system32\drivers\SET5B10.tmp DrvInst.exe File opened for modification C:\Windows\system32\drivers\HHTHidMouFiltr.sys DrvInst.exe File opened for modification C:\Windows\system32\drivers\mouhid.sys DrvInst.exe File opened for modification C:\Windows\system32\drivers\mouclass.sys DrvInst.exe File opened for modification C:\Windows\System32\drivers\SET5573.tmp DrvInst.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation InstallDriver_HHTHid.exe -
Drops file in System32 directory 32 IoCs
description ioc Process File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\SET5380.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\SET5871.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hhthidmoufiltr.inf_amd64_31090d26a1cc32e2\HHTHidMouFiltr.sys DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\hhthidmoufiltr.inf_amd64_31090d26a1cc32e2\hhthidmoufiltr.PNF devcon.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\HHTHid.sys DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\SET5381.tmp DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\SET5872.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hhthidmoufiltr.inf_amd64_31090d26a1cc32e2\HHTHid.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\SET5381.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hhthid.inf_amd64_2795531488bccc1c\HHTHid.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\hhthidmoufiltr.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\SET5871.tmp DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\SET536F.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\SET5380.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\HHTHid.cat DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\hhthid.inf_amd64_2795531488bccc1c\hhthid.PNF devcon.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hhthid.inf_amd64_2795531488bccc1c\HHTHid.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\HHTHidMouFiltr.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\HHTHid.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\SET5872.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\SET536F.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\SET5832.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71}\SET5832.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{353aac9f-f4d8-484f-bc1a-ff14c9cb547f}\hhthid.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hhthid.inf_amd64_2795531488bccc1c\hhthid.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\hhthidmoufiltr.inf_amd64_31090d26a1cc32e2\hhthidmoufiltr.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{c55f6da1-0aea-b448-ba13-55258b27ba71} DrvInst.exe -
Drops file in Windows directory 11 IoCs
description ioc Process File opened for modification C:\Windows\INF\setupapi.dev.log devcon.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\inf\oem3.inf DrvInst.exe File created C:\Windows\inf\oem3.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\inf\oem4.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log devcon.exe File created C:\Windows\inf\oem4.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters DrvInst.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe -
Suspicious use of AdjustPrivilegeToken 23 IoCs
description pid Process Token: SeAuditPrivilege 32 svchost.exe Token: SeSecurityPrivilege 32 svchost.exe Token: SeLoadDriverPrivilege 4348 devcon.exe Token: SeRestorePrivilege 3124 DrvInst.exe Token: SeBackupPrivilege 3124 DrvInst.exe Token: SeLoadDriverPrivilege 3124 DrvInst.exe Token: SeLoadDriverPrivilege 3124 DrvInst.exe Token: SeLoadDriverPrivilege 3124 DrvInst.exe Token: SeLoadDriverPrivilege 4620 devcon.exe Token: SeRestorePrivilege 2920 DrvInst.exe Token: SeBackupPrivilege 2920 DrvInst.exe Token: SeRestorePrivilege 2920 DrvInst.exe Token: SeBackupPrivilege 2920 DrvInst.exe Token: SeRestorePrivilege 2920 DrvInst.exe Token: SeBackupPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe Token: SeLoadDriverPrivilege 2920 DrvInst.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 3900 wrote to memory of 4996 3900 InstallDriver_HHTHid.exe 87 PID 3900 wrote to memory of 4996 3900 InstallDriver_HHTHid.exe 87 PID 3900 wrote to memory of 4996 3900 InstallDriver_HHTHid.exe 87 PID 4996 wrote to memory of 4348 4996 cmd.exe 89 PID 4996 wrote to memory of 4348 4996 cmd.exe 89 PID 32 wrote to memory of 4828 32 svchost.exe 91 PID 32 wrote to memory of 4828 32 svchost.exe 91 PID 32 wrote to memory of 3124 32 svchost.exe 93 PID 32 wrote to memory of 3124 32 svchost.exe 93 PID 3900 wrote to memory of 3528 3900 InstallDriver_HHTHid.exe 96 PID 3900 wrote to memory of 3528 3900 InstallDriver_HHTHid.exe 96 PID 3900 wrote to memory of 3528 3900 InstallDriver_HHTHid.exe 96 PID 3528 wrote to memory of 4620 3528 cmd.exe 98 PID 3528 wrote to memory of 4620 3528 cmd.exe 98 PID 32 wrote to memory of 2808 32 svchost.exe 99 PID 32 wrote to memory of 2808 32 svchost.exe 99 PID 32 wrote to memory of 2920 32 svchost.exe 100 PID 32 wrote to memory of 2920 32 svchost.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\Driver\x64\InstallDriver_HHTHid.exe"C:\Users\Admin\AppData\Local\Temp\Driver\x64\InstallDriver_HHTHid.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3900 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c devcon.exe install HHTHid.inf "{C3BF46B7-AECF-4628-B748-25B93E654F32}\HID_DEVICE"2⤵
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Users\Admin\AppData\Local\Temp\Driver\x64\devcon.exedevcon.exe install HHTHid.inf "{C3BF46B7-AECF-4628-B748-25B93E654F32}\HID_DEVICE"3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4348
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c devcon.exe update HHTHidMouFiltr.inf "HID\Vid_1CBE&Pid_0114&Col03"2⤵
- Suspicious use of WriteProcessMemory
PID:3528 -
C:\Users\Admin\AppData\Local\Temp\Driver\x64\devcon.exedevcon.exe update HHTHidMouFiltr.inf "HID\Vid_1CBE&Pid_0114&Col03"3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4620
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:32 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fc553b41-2d62-dc4c-86fc-75b548bf5898}\hhthid.inf" "9" "4b2e0c68f" "000000000000014C" "WinSta0\Default" "0000000000000158" "208" "c:\users\admin\appdata\local\temp\driver\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4828
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\HIDCLASS\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:b2fe4818386da1dc:VHidMini.Inst:1.0.0.0:{c3bf46b7-aecf-4628-b748-25b93e654f32}\hid_device," "4b2e0c68f" "000000000000014C"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3124
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f22cc6d0-1d9d-804a-b955-050540384f16}\hhthidmoufiltr.inf" "9" "48b01fd53" "0000000000000164" "WinSta0\Default" "0000000000000180" "208" "c:\users\admin\appdata\local\temp\driver\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2808
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "HID\VID_1CBE&PID_0114&COL03\1&2D595CA7&0&0002" "C:\Windows\INF\oem4.inf" "oem4.inf:bcec1b19d8f58feb:HIDUAS_Inst:1.0.0.0:hid\vid_1cbe&pid_0114&col03," "48b01fd53" "0000000000000164"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2920
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s hidserv1⤵PID:3156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD5fbcbbba0fbc8e1d9eb42f22a92e0c96b
SHA1f256cce7c0bc30963a2649f2f0ddd06d1c80a3bb
SHA25696a8a9229837a2a25d568d0493b4bf18949c1332113c9c8ffaaebaa849de201a
SHA512822c7fb3a5771fc0d30b652426345c15c668b3375b209e4fb73d78b6ec301bb413ad2921dc3284592176e9333886b081c86c2a4be51d354dbd7f65fe1f09d0b6
-
Filesize
134KB
MD5095dc7acc89c2c8e61840596553d8519
SHA14127b83f178a9118616ff465e9cddcd41990a08e
SHA256fbacc8f5d653c9b1b73801d9db792f9d46465620ff0336bf1bf24db0acc34aba
SHA51207d2b42f3e16ce1963d8322a2dc59579ca6ca3b7d1840aeb089cbdb953cd8ad1a70e3b530b2fe214749a0a1116641466649d60a365ec664be92128051f26a0b3
-
Filesize
24KB
MD5175f4a95e9472aa9853e3f4f15ebecd0
SHA169ae4a618d12c69a61fc815e2a916be88382ab6b
SHA2568d6691a44c33ab197794a179e9692be11b77927e6fad4b4fcd50379ee819d337
SHA512288213e726be769a6422443061052ea06fdfa75a5965e781f3d40f4002dd5edd8e99eeb82a4901a75074be5a8bf255b0e90d1fdd53b7294fbcf3c57cd569c2a6
-
Filesize
2KB
MD56fbda8a676e67d3eea78c6a9a6896873
SHA1fad34c293068bca26a9f507c3eae261d3928af7a
SHA256ae5afe303f7111027fdf70c2d5121bab709a7542483042350f7fdc952bc6e0bf
SHA5127e78c5bb317c72c3170ffd630861744bafc62b7b861946414695ea22b409d7e49a0b77df30ec2e2307896bed8cbf87c171ecdae531fc905bf1d9cfe3b9275513
-
Filesize
2KB
MD5dc2dd1a76541c8398a085c064a2333c9
SHA12dd1032f416d6c7ddd747114e439cbb6220ff8df
SHA2569d10225b2b672358e85a52f90fc2b1f4cfee11487eea1e00c7c6de8b7456b35c
SHA51279336504339ec1f6cd9a635611484e4131307cc8e308fae890b7064d61c8678c9bbe6b4fd3f481403af67035ece2c113fb98676c183e2dbfa7d74654dc453a38
-
Filesize
21KB
MD5eb5a227b792942152269d15d46f28526
SHA1c072fa3d391183b3e5c540bda32c0255130a6d60
SHA2565d64455aa9529968eec83b457eecea5f5937f193accfaf149cc5e137b994218b
SHA5125cef207c12f6670fa297d67717f4bc08f20aefdce847473ea1137f54a27769b3ae1ff77ddb8239175e6d2abd5d3dc63468e915ae80df350d99c7169d7dd06fe5