Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25/10/2024, 21:11
Static task
static1
Behavioral task
behavioral1
Sample
d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe
Resource
win7-20240708-en
General
-
Target
d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe
-
Size
1.5MB
-
MD5
97e2d785946783476c94c049d8f5a260
-
SHA1
ac5e67ede1f6794426c76392257ea18ec78b37c1
-
SHA256
d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24
-
SHA512
dc15a6e7e19d6bfb44b9f5a916cd6491011999e3389bb7cd48cb272c6c52d5ae2dd96fc1bf4e48a1f79a2bdfe611ad8fd54f7ac6beb0037e76ddd79c424f1d87
-
SSDEEP
24576:comUFhNwmLFj4svqaShRsUiTfjo5ya8j85t/sBlDqgZQd6XKtiMJYiPU:cCumxj4svqaShRibza8w/snji6attJM
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
pid Process 4200 alg.exe 3576 DiagnosticsHub.StandardCollector.Service.exe 2324 fxssvc.exe 4716 elevation_service.exe 2000 elevation_service.exe 3984 maintenanceservice.exe 3416 msdtc.exe 2572 OSE.EXE 3168 PerceptionSimulationService.exe 1492 perfhost.exe 2476 locator.exe 3648 SensorDataService.exe 888 snmptrap.exe 3592 spectrum.exe 4376 ssh-agent.exe 4212 TieringEngineService.exe 3264 AgentService.exe 1296 vds.exe 1356 vssvc.exe 3256 wbengine.exe 2364 WmiApSrv.exe 2832 SearchIndexer.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
description ioc Process File opened for modification C:\Windows\system32\wbengine.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\System32\snmptrap.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\TieringEngineService.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\System32\vds.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\vssvc.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\SgrmBroker.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\msiexec.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\638d7b1699262766.bin alg.exe File opened for modification C:\Windows\SysWow64\perfhost.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\System32\SensorDataService.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\spectrum.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\dllhost.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\AppVClient.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\System32\alg.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\System32\msdtc.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\locator.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\SearchIndexer.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\AgentService.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log maintenanceservice.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\dotnet\dotnet.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_87484\javaw.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zG.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Google\Update\Install\{1E8F5DDF-3FB3-4332-A4CC-B46FF6E6899A}\chrome_installer.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_87484\javaws.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Google\Update\Install\{1E8F5DDF-3FB3-4332-A4CC-B46FF6E6899A}\chrome_installer.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\schemagen.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Program Files\7-Zip\7zG.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000077c060752227db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c18dab742227db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000866f71752227db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9911 = "Windows Media Audio shortcut" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c9a09f742227db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000eabbbd752227db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000220aad752227db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000067e05c742227db01 SearchProtocolHost.exe -
Modifies registry class 20 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Set value (data) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe -
Suspicious behavior: EnumeratesProcesses 35 IoCs
pid Process 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 668 Process not Found 668 Process not Found -
Suspicious use of AdjustPrivilegeToken 45 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Token: SeAuditPrivilege 2324 fxssvc.exe Token: SeRestorePrivilege 4212 TieringEngineService.exe Token: SeManageVolumePrivilege 4212 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 3264 AgentService.exe Token: SeBackupPrivilege 1356 vssvc.exe Token: SeRestorePrivilege 1356 vssvc.exe Token: SeAuditPrivilege 1356 vssvc.exe Token: SeBackupPrivilege 3256 wbengine.exe Token: SeRestorePrivilege 3256 wbengine.exe Token: SeSecurityPrivilege 3256 wbengine.exe Token: 33 2832 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2832 SearchIndexer.exe Token: SeDebugPrivilege 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Token: SeDebugPrivilege 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Token: SeDebugPrivilege 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Token: SeDebugPrivilege 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Token: SeDebugPrivilege 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe Token: SeDebugPrivilege 4200 alg.exe Token: SeDebugPrivilege 4200 alg.exe Token: SeDebugPrivilege 4200 alg.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4312 d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2832 wrote to memory of 5696 2832 SearchIndexer.exe 110 PID 2832 wrote to memory of 5696 2832 SearchIndexer.exe 110 PID 2832 wrote to memory of 5732 2832 SearchIndexer.exe 111 PID 2832 wrote to memory of 5732 2832 SearchIndexer.exe 111 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe"C:\Users\Admin\AppData\Local\Temp\d0fe6b6172846dffae4b0fd75b92a76d751915b40c942579fa2e86c454cc8a24N.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4312
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4200
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:3576
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:2212
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2324
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4716
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:2000
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3984
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3416
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:2572
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:3168
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:1492
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:2476
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3648
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:888
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3592
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:4376
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4212
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:1732
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3264
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:1296
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1356
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3256
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:2364
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:5696
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
PID:5732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5ca1723b583510b1f24158689da2f282c
SHA1b3783b82cba5c62d18d71333817bb94611fd881e
SHA2567d1d3ef092eb76f85db24eae780af6689298a2195656b65b2c1c2f78b2c05bc2
SHA5127369dc5cc3468f65d2adf9d328fc1b3c67b876a769729459bf8f92838cf89230e95635812cf16d43838928e0841903208d07fcd2b93fd3c6bd4aec60a4cf56b9
-
Filesize
1.6MB
MD5d3c21a6ad18b20c4275b80d8c1d391f5
SHA10ed76615a180429f6a4b0a6e2aaeea4f7253bc51
SHA256fa87490831250f1f9e5384cd0da8a9e4eb434a4ef38ec48cf0b89913289a366e
SHA5123c39662db41f2651a03222df386ad9db4bc1e5d193ae1e1dc88947d3bab84f287bccace87d17a49d850195eff165de23ec3fb60dffb7c627297b4d5469b7bcc1
-
Filesize
2.0MB
MD52792f2c52feec845a554adc960795c06
SHA1e4d47ce6993e117bb9db4fb886ba2b92897148a6
SHA2563b3678c87d4cf6b6c4cc83319d11fe4e73c9a60fe0b47768e90e27177e7cc4ac
SHA512996f5a7e5fb18a46851fdf309e7db84c965dc3718d97cb5520ff3092b849eb3cb7f1c9b1387fe7352e2e88f661f3ad6e22b91d0e4953f25eb0fb64c4f3121d00
-
Filesize
1.5MB
MD5c8b8da95dd811fa57f565bb4df4be321
SHA1f81d6111fa1714ab733957db5ad9ab871a2d83a4
SHA2565d4868e483923f18d0b5ec5191aad22cb75a2978c31768e8264e4b6a8a09e25a
SHA5126b0d221b7f3bf5312cad5f172d3e67dfd0385655c6750fb6811e9c48833e88a90f8bd7e2cceba0f0547890f2aedd30cfe836e5de5ce40fb74356060a717d6a4a
-
Filesize
1.2MB
MD5215d9fb6524e258b9dddcf9762434d9f
SHA1f866707b6c9915dc5b8e58a22e746e52fac13ed5
SHA25654bd210793fc805f9c508f36beda524aa2ec7b86d10fd849f65d7ac890b4c95c
SHA51282d4ed45c3c472b29cec64538dc56986d016eab73d22c3cc5b3aaf6a4fb0175f7c625b71be34a460d59641f8ad09ae5002e204a36a9c503c1ae7445d9b419306
-
Filesize
1.4MB
MD5ce6e310f05f51a560b646ff78750cb2c
SHA1b839b2f1d95600a9f6f6e6b58156c393475a0db8
SHA2565fc3337d0908079641f10f5278843a26e00488ebafd2283b6f1b65fa1dedcaf1
SHA51207c0fd4929008aa6a63ebd1f1866223d7c7cbf2ed7efd89fff680dac9bc82863a7b7f590d894b0e1ee43abdcf62c3d7e2e2cbdd6f5c5b22abddb9f274fa70be5
-
Filesize
1.7MB
MD58424b2a620c5993484dd5101addb2a95
SHA15d0d08ea79f32c76335d0920f5df714574c2cdfe
SHA256f1845d9014e85c5f848bc05e74ee1d60063b85e27fca471d1d30861f9d921c50
SHA5129a92d3703b70844e58203f8415d50f2a41a10e1148f03c7108f3912b57edd16ea2213b641a840a96425dad89a02c691a07e7d220ee922b3de9f20c322dbce0d2
-
Filesize
4.6MB
MD517f1202db257d2f374aca43b65ec993c
SHA13d9e518e8de5437c63cb10c043763a8dc1e60e01
SHA25687ae16799eec1be183ffe7fc25db76708b824d464a7a5e16896257c8e687c511
SHA5129693c86cf004a8231e956e21b7e5c7c92fc10ab0ff1262ed327af7451ffdcffd9e5e82ab2055e3bc5eca66303975113a38d112207ba967807e83b0f598b2a994
-
Filesize
1.8MB
MD5e5fdc77ff59e809698a491ae28e3063d
SHA1cb3b3da1d516e67474aa0b0bd6a1ef24309f0fd0
SHA256410e6eeb764721dd163526596896d5518e3cb1261c5ce50fd2af187bc86b75ef
SHA512654fcedfdb2aa971c63e6a7b6f41c74764585ab02aff9356a8446b7c598b90af11f41b37b1077f95ca23dc6d3ce21853681b1968504b7fd317332d8b13b87d67
-
Filesize
24.0MB
MD54ba51f2086904cecd4682a50951008fe
SHA14639cbde9531dbbbd33dcfe24046990ba487e4cf
SHA256eb1e8d4f42d32df1a38059c1aaefddbfcc71c5bffdcfcd6f00b34159316aa06d
SHA5128104ae74347f6bb4be469c76128ddcefd8119ccda7c64dd22837443a387f08b41ef7bce7e9b0c50fc3282b4b8fdee5344d3190b55aaa33fc921fee3a92255f3f
-
Filesize
2.7MB
MD5dab6b4e344f3223ecb9a983fb2f5dfdb
SHA1565678d1f99e3a24d3cfa42e45407d4467e59fcc
SHA256a7941b031bc417d5e251e2e18b2af052f7f176ef691e255276da854697ee305d
SHA512886bf44a97fec091ac8451091d30f339800b94c9cc59238d786bc8a256b41a299128b7127f6ade65b2d0d065a43d19124f7a99c1fdd1392069f082077b169838
-
Filesize
1.1MB
MD538d19e0269808c3ce62c56e9ac4511c3
SHA1dbb0464419ed5821042f329c1dcc121a0fc84543
SHA25652083c91ad10a8cfbed1658a11fe54f7dc3b63501b142b18b5d7a154415bb038
SHA51273c8e50a11b0bfd2ed40f08f2a257c2b1809be7e941c36b1069f74e3bd913db6ca052cc46c1d3aaf3e3ecfc00e936ffd61278cd1ae4d1e50db69a9446b2f6699
-
Filesize
1.7MB
MD517f7c994006fb6be3dfcc4bedd9374ad
SHA10ecc872b97233c84d164d8581de60414d2e88657
SHA256422d424012626c6fa0753892aafea291b324b65cc67ca7f5589ce9b94fb2939b
SHA51205c6a56158e1fd73592560fc524721c0e85b24d1964077ff76f6611f38f24b38fe61de654d6120285fd4c387550c05014a2af0bd0fa5dfd3f3ccb633153b48f8
-
Filesize
1.5MB
MD5d1d574f8a34b97a0dc0ea2dbc99c1467
SHA1a405478ce2c7d27e079a7f23dd97be5464646e22
SHA2569ad92958be067fbb1ba660ec6709d2be4428f79fd92cfa35f61dfe87b4d6462e
SHA51276257ac0e7cac7dad499b861f2e50ab44566e0ac20d6eac85f2ed56a992e3239b8539efde6b80f27b90663bd579b0ac61486ca0d909288afb2ca96b790b591c1
-
Filesize
4.6MB
MD58be8924c6e79003d132e4f4d1eff4370
SHA19700414d79bc982038729e86e65e76af16837f5d
SHA2564eaef1362b0972eac786e733ad50e70f47df4a5824e04c26470922784c8203b4
SHA512f2cee15d32803577fecf7364bbb634e5cb31e9e74df63c7f2b2d65109c07d8a9f642ff24636db4a5b1c2d65ead99762da370d58cf5166e6c397424d92be68291
-
Filesize
4.6MB
MD58d23bb6011ee8564653109c7479f07dc
SHA1f5659c1feaabe21b36f033314db8e29645510526
SHA2565af4bc0e07d566d4a5b056d77d38cad98a8f39a409b47e17413b322e9b5a0bac
SHA512c7d7ad419ba1ce6fa61f073c1fa1042063080f9df15b2ff9450b7e133e0d7625f4ab67d0f1a5186df31816f6f46648092f483715ed31d156eef4c2fda0f01562
-
Filesize
1.9MB
MD5afcb07fc9fdcde462d7cdf824b1309ed
SHA107f2cf268b86f7246bc34b9bf5f334b4275b0e83
SHA2561bef6e3f3ecbdfe260f97a06956dc7c6e362d62efb377f96f67359e68eb80f4c
SHA512f9c5deec642dee032eeb4144f14987bf08797353ae4df838283e77173017e55107d71edaa0e1ea0a2b8cd1e11a2b90dc8935654ceab700a0f3a827af3c6b6fa3
-
Filesize
2.1MB
MD5d1b896b0754d1388a98af90e0a0cf99a
SHA1c6dfa6e76b49af014b91e82de7ce5a786a666ce3
SHA25667b32509396db262c00d292fcea5af376f43353b6465c0ebd5a21f1d6cd0902c
SHA512f3143f85f4987d147d100381ac574ac14666bf8a82046feedfd1d1aa6928cf7cf41ba191a4e57df83a1a8c424a0f6e6f1c0a5b0c0901e5fe9cb389089cde2463
-
Filesize
1.8MB
MD5e62f04c5d7a81ea590f7d052af1d90f2
SHA14e34a58cc72b5cecee60929f5fb72197bf11463c
SHA256f2a727df7d817a5ebd87448d5d61a351839d5ff3a0461f67d205f78296f24458
SHA512cac00d2fc3759c395e5881f4ee539bb8c3a4fd9218c496d6331a413ce6ab221f0d11e9ac265e7237cd803b0c19bc61abfa36de608f4f0b8abffa155e222169fa
-
Filesize
1.6MB
MD5756bb6585050830ce1d4716fa569453a
SHA1dc2e3ec4520c0a819f11a184f1467de2730a1379
SHA25614b5f169f3380bc699c4d9ced022d7e06d864c8b7c8af5a8435aad08c72f45b7
SHA5128e20bbb091929a4260b0e4e020ff685a228558c6dd09ed537426fb594c1d9e0bda9255fa94620b42bb5747edfeb5f0e036edb2f3515b547639d23795592e1d63
-
Filesize
1.4MB
MD5f58b430ee301223c311e9a8a9e6dc830
SHA1f64cb34121cf0e03fb5f11fec816d1957dd8f5ea
SHA25659317c99ac126c6e37dae097de077cdd5992a91515296f3d4ca3ec9d31b1b732
SHA512ac133e1022d03b2e4797c7dc4d7e768b8352c79c45cd5d24e538e46973b58dea79dfc463e186f8432480cf6bf6771449bb58dd341e0a794455707b07c42f6bd0
-
Filesize
1.4MB
MD5936aaefbd0b1bc261f1d87cf6e63d731
SHA1f5123a10cd53a6844b2740b7d1c30b9be384127a
SHA2566db1416be02cec8bd671da438867f7e53ad7d68b9e6ede065fa05dc31b382d18
SHA512e78e3d2eb329a36d1dabe5a80604024ba663e1429ee873d1e6c4b53ce08c1b9e6dd057891eae33e8a57478bfc395b897f204f3814dd72918776ea61373db5f01
-
Filesize
1.4MB
MD53221934fd1785af1e58ca068f72456ce
SHA1385998017bb1fdc0ce07f88ef6c8b889d7113754
SHA256f7bd321560fdd5bd49b01acfe02a9f63a66796412af9580d3a8a977285ae2757
SHA51233865d79ac6bef0bc8a51da7c391aaa0b02a86cd6246103c9fe7b68a740e48a448b3db24ef4856c92788f1236fc322c19dbd3a2b50a5d475500d583e06a846b3
-
Filesize
1.5MB
MD506ee880ff95b1dca638cbefca09216f8
SHA1820bc86c490ca8329e80620b8cd1a39d1ef5921a
SHA256f9d0516746c51124eb170a4e5abdf29bd905b7d5dfef9ecdb249e06bf603f870
SHA512dc6d257b6ff2836fa761d84d8c63e32f6a1bf172db7600f3073bd501401f0a97cb5e632e99c32a282aa206439686c5b7fe4b9167e22d3f4e591d6649b9befbb1
-
Filesize
1.4MB
MD57aec05456f97749b12a638a6f678e051
SHA16072c96ff39d60090370c6fa5c0b8371404977ce
SHA256a5f924832363b433ad0a7741d14d35ce09107fb3bba3f9b8f70863a37c687a28
SHA5128cb081ebe28b07875ed298538a3375c26c7eaaeeda30d345bbe24707b6add6cb8de43047263e8914a30d494fa8d751d2a109a2f77ed15808df2f90ad0b8a77d4
-
Filesize
1.4MB
MD558591c2c0d5a95082a442acaa9ed7131
SHA1916e5052b41bf61a06be000e4f887bf4bec73566
SHA2567df74e30815e71922799acbd88ef7e6ced7a1d655a454619cc6bccb5151f13cc
SHA512011a555704c42bd82874ad25d5df50a92aa741e18069f1b2d2b83f225574974ae9ab4feddefd6c7e50eea4ec7a541a122769c8bf8f520c5bd87a0ae480073e1c
-
Filesize
1.4MB
MD5aa0602350664d95c64c0c9a378a89acd
SHA1e07d2eee7a329d3099e66a4df45dd184b14ba522
SHA2568a9ee1bf89582550669d1a6c3bf99e2bff7a3192c8479bdbe9baa033133624eb
SHA51262e3008e891fe310e7448db02af54c3974b8ef8eaf8ba4f062b7106d5ca97b0826012f94f887f31907389c7c50da5e5ebc41798b2ce1cdee50f862c639371500
-
Filesize
1.7MB
MD5008489d1473508448b83e09ae0df9cd5
SHA1315c1eb66db9eff2c86049ddc593a14ebc21918b
SHA25675bf3a28b282a5241e2fe9b6006e04704792815ac4a934c257f3afdf1be84904
SHA512d5fec81797a9cac13c3e8c4485379cb46756bf23244c98c2e0547b6a9e5f5d9613a72106908384da0131d3478b79a67dc190aef305a66637909738b88908737f
-
Filesize
1.4MB
MD5a7465107aaf3aadd88615fe7f291e4ab
SHA12af25c5aafed56cfc3e2f5b2ad245c2e34dd983f
SHA256bf2c99bd80348c4e43f28977d71a07af2b461f3594ea372097dbdd2fd39b5813
SHA512c4e999482e507cc8207e065447c66e649d81e87e77087859601fe36632fcb9e679d5f9a1e08ecd49d19bb462f9f8f1842436f1df91ba1f1503c9d598f178cf76
-
Filesize
1.4MB
MD555181111a80f5d6fd943075015311cdd
SHA1429eba7b1022eb461682d849be6a56a2327d6a3e
SHA256bb0ebd256b583446d3c887848d0be23f665ac2e5a095108bc55e8b4d86ec2153
SHA512cee88a850ee59bfc918986257df7559816c0cc74de45c6c4a064e7c4fa6acbeb08a572fa917643d468b1a7249245524ad2622123ce47888df9126fc4c7b81c2b
-
Filesize
1.6MB
MD5d9c64db6f042405f2e462005043e8df1
SHA140a4338f32dc2ab511e3b53bae473b646f4ff17d
SHA256ee4adbf7837654d0991a9eb6601fda20c58cfd9934555549fee4acfff6c0856e
SHA5121959fedeb999689c73b27486e0f5219be774dfedb067198d51f2b781a03af817d802aade221984fef0c510f708f22729f68beaee2f3981fbde786d86725a4368
-
Filesize
1.4MB
MD5b2376eede5e93890998ca4f80675f295
SHA11c98df28f0ccc2c2751eab22493553aed00db202
SHA256092486f61a0a57b11eb81837d295a3cf6ba0aa8363d881df512c0aa2823b012a
SHA5122f1ff520785cde7434b58974cbf63717ed161ff0799ee9fd1222541b89ea94516fb8acc24d2e9b1ab2ab57fd68166029e26d5fcb135f14d2a4d55a3c2e139e3d
-
Filesize
1.4MB
MD59421865ea599697267d50b4faf8d16ba
SHA17de944fbea8c73ee766c8a3f6ae303ab8519bd85
SHA256b26b5a84b40f97465ca1cf01fb89b073c33f2650e34519437add61f51d7b25aa
SHA51284b06cffd50adad042344a9efed94b93de5af502e18782e7f321a61c79e7c49607ff3dbd66d1def7864154d8f0d7415bc86fec35ffc5ae333ab95a1a77c243a9
-
Filesize
1.6MB
MD5ec3789cb13dc29774d4d0f76d7300ccd
SHA1bd204bbc7e3c8270accb889bf74dfc3a83b23e52
SHA256eec6efcdd5c601d5af4d22a776ffce3c36774c1e3544eac88b6807e2e6335551
SHA5127d7be708d472e87a736a6a2fc3e6b88dbd34579b3e13129e52b369e67771c110d15242a72ec0f5afc0cf97b9029adbc16c5ee964af6b4d8cdd7009e964563b69
-
Filesize
1.7MB
MD55f0d7aacb9dfdba96289b9425f214d30
SHA1b51161643907227da5e192835a604b051911f4a8
SHA256056701e15832e67aa01e42e12f0c5c80fa0df96692d27750033b5e0d769f1442
SHA512479af8142b3de9145f02b9f33a66aa5e71c750fab26b35eca32d50c2eb0c299bd93a3375be142ff6a37efd0a320959c77fa6f659604039edb7183257a4f09a47
-
Filesize
1.9MB
MD5d608efb98b91eee9417c850b37d090b1
SHA1c99bb0c3098b4eb8906c159fc9f0da3c544ced4d
SHA2565b91129e22a1bbd8e809e6e43d2cf1eb1756b8c8fe9428ddd9b8fe2a99d0edbd
SHA512b56c08bd83425f72b7ee30973a6c7833db4bb3d285ecf3f1847f38eb4c3e7af11bc105bc3c2137963fefc4119bd6743ac29a1186b8f8ddfefbfbc80389a4a3b6
-
Filesize
1.5MB
MD54a79f14876bb8d211102805c8f2fd09e
SHA188da1321a04293d8a5db1c348ffde0bf3e1353be
SHA256a513f3dcfda0b6b108dc183888ac5d4a2c63efb4de500adfbc60a5fb6b42d8aa
SHA5127a0e6d5e784c524b8422f4ac0dc180d38a8572cb7094b5b39722cab21caf9772a4e95b30a620345b9b8cee700624765c95fcf1f835a34baad980b7d402fefa0f
-
Filesize
1.6MB
MD5105f1836314e2b9af7d881420cb70599
SHA15f1c6dbbd69e35143ffb5c322cc0a572573f3ec8
SHA256d9dc1b27f6d3a0dd081f163fcb37da6ce8b657b4970ce1b59aa45ecd2ac61c36
SHA512667a9bc40709665d225c489807902e3aec07eca9a489d04aa38d84be12ce41de92034cbafe51b44eca13ffce16d5f111ecd19ad123f59c775efe12f544e15a38
-
Filesize
1.4MB
MD547f6ce15ff0b156e934f03da71331351
SHA1fe133876973ea4699cd0603cf2db186a72488b66
SHA256a44e5d74230ec9c1746ebb69b1ef69db7550a68d65c2be012fa3eb4700293483
SHA5124c04099b611db49ff6135cf9d4a10a6f66dcfd4ba1d19e3b26c61d1df0544c247267b5b01a7be839977e12c1843f91dda6391f86ac1aba713cb8abb8bc210a7c
-
Filesize
1.7MB
MD5b89dcbd0508c9c2b81aa6404852445b6
SHA15227dfa2505d3301a02ddf3ba068e7725e44e8d6
SHA256bab7aecda5dcfdc83e2cef50c505d324cc40af46b18de3622e1599679f41adde
SHA512d3a1e24cc0a623a8927976e34f5eda6db2872aa0ed71e26f822c315bfad84210e49f523824b980341ff5c14c2a0617550d2d1696a2fbfd73c0ec0ceeb7526eff
-
Filesize
1.5MB
MD576e00c9dcad183230c3f85197e0d9e02
SHA1e5635a1f8f50b1d3a89f5c89d8a0d2b373789ac8
SHA2566b755a6485c6446a916773ffce5520f9dd7e38817de24c891c49683f7a20c34e
SHA512e589f3c379460cecefc7976e7509acb0e2433c15d833fc5c85d5f8d487a0a3f80c6d4b3925f7f1bba6e9a33d04023f01768b0b1e521f253d891dd45dd2c37803
-
Filesize
1.2MB
MD5e1e552b4efa1596269ab68ab1c2bca5e
SHA1dfe4c3577991c38a54e29edddbf7b652f9ee11b6
SHA256033eb510824984d08a39cd58e760da8eb4ce9a73344f1b6da535411a6259ba3a
SHA512db2d28fd95c1e45f08ffdad01d455afac35c66bceebdd91277f3a71dd9779135b617e2e28a32d1ace80802e992eee628d6308c32e1e055c19053610757a3ef45
-
Filesize
1.4MB
MD5322f2e00a31e01d200bca1cef70823ac
SHA173f2a72ff93cea87711cf55f0dac974a917a45cd
SHA2569dbd1637ba9f7695c1bd74339f160af5d4f8af9a2ade29389719e1ae40080e22
SHA512f008f7198af9dfa355ebd332ad465e40fa7a6fd8477a954fca0122b9f4d9a4b70676166c860ac3df675ca035719b4ad06ee2b8606080e491c1332e30300c8001
-
Filesize
1.8MB
MD5dfc0748650bb2fd35490fe1304aa941d
SHA13e11e5381899d9d4ee7cb5c8bfbbcb5db82da749
SHA2564a286fb3dd50116029e41c52a91a0e3ff1e73152a7e6972432832cf6bae1353d
SHA512be15e215ff291d133145a36da7ed056b710d5e6f6bb3b2438334b70f2702bda3dcf3be203f13ac61a3dcb31ff5d14cfdd56fcc23bdb4464fb5fc73d1d2d70e3a
-
Filesize
1.5MB
MD5e0697c3a4366e166ac7104410e9d98f5
SHA14e1bb2e27beee4bccd4095f4613f739eda9e9d73
SHA2569fe073614c2773e5aa10e80e8978758a2d3cdaf6460272abd99c8d621aabd963
SHA5124e958f9cd5fb4d98ebaf98caf0f09673a14e1ad5b28777fd4ee42d90fdb517e7a27b9735bc4630bb7d21d8159585537a6a841d9e2a739dc815ac1b800f7bd0dc
-
Filesize
1.4MB
MD589d0531ad5e1472199082b7580d736ee
SHA1b6df00515fc1aa07200a44c4430430e89102e3ab
SHA25621b07a1c6e2e50b0cebca368751b8f8395f300a41878b3966854bc9a3f08f22b
SHA512513436fb172213bf882050cf72c1fb08f07c19c328dc6e98a91bc5247bacd789c3143e3e0e9d803073e57bb026049166d4d46ac7301562ab3c920c9617c6b6b4
-
Filesize
1.8MB
MD5f985a1c60bba3c2b595f1c1c04816de5
SHA1b531aede988a47a5b92113cc9bc5937f83c9e969
SHA2565b12d5c122e03e7726e1d2ff2de438ebc6e02eb992e81210fedd44e84a02890b
SHA5122b275016babac7791469541690a6c9f47ccf7171bf2e5a1b4f5e677839eb2e85c9d3482aea6c8c69c22e6f5d59b06f2be5475472f5c016af1f470414de0b9fde
-
Filesize
1.4MB
MD5c90c17b2cca3785a95326027202ad58a
SHA117ff782f32ae957e07006fe2249e1a7acb91010d
SHA25612c27a2f7a2c3dfde3045e01827d1cf7adb25b8e3a90eeba1f5e6d3be9a8f2c4
SHA5120f8454113ec2587409318f22f87a5f9adf78a289b8cb1ee6e5b1c0ad5adc1175bc5ebd5748304a4dda23b16e646eb9c178ef5e770960873864d52b2519821b78
-
Filesize
1.7MB
MD508435408e9504b851e9dedec758b8d49
SHA117305a5d7ee4f6101a36c47f11ac7303dbfd3779
SHA256c218398612e70c975411f1b54f9405b96f71f4a51c9a9cbbc17e323aaf23e7ad
SHA5127d0a5085cd162ca38033b30f55e552f6993975839c5490620d871f78999dff02bed7549d7de0e6de82548c4a8bcf684f142633bba17220d3d2ac43ea2c786407
-
Filesize
2.0MB
MD577512c4a482ec98ef940b823a7d1c266
SHA1448a61816584b1b593d5fcb18171e0c0101c8bef
SHA256ea01ba1e1cfd89ea48c659e4b80090f3d253537e6f1c58503a0ac80ba79ced43
SHA512bb7144961220796ea529b035958220bb8fe30b826c92db89bb4402b2b6a43f2f5e6bed4b1da2ab7206d9d22789124d3432519d587db364e8faf0b852226b33fd
-
Filesize
1.5MB
MD577bf6cef73d63a2f50af1e5503c4d44b
SHA11dab2a8859a3fe1747cee7118f53f9bf0a30bb0f
SHA256f6eeb379157133dfbe33718a01d4ec97246af8ba12c27b75c013b064921675b6
SHA512e47d080b1413839d13ae309b04c3f959f409ab9b1e4f2da30818efbebebd810b7b3b2d8290007b1b4245894972795e92fc13f5adcc2fd9391aa0dbcc29ae2ff1
-
Filesize
1.6MB
MD5382ff1eb2d647bbcd7a7685ccb442c49
SHA1b3ff80e4fcec3e5107f864ebd8ce6b60db97c1af
SHA2569d79d753390bf3f6096f1b28e865b79c35eb8f764a733e04d115367f3566c125
SHA512b491a5ffaeef640272c35a381816af6aaa7ced848672674acbc7a2c331bc8fcdffebf5f7344f233fadc1c84832860e53198842901af8c2164da96ad552a5120b
-
Filesize
1.4MB
MD5356e3bcc10c62ca15ba73e0c6a31f1f7
SHA10917c6cc38af825a4353a686996f20cbc9180e62
SHA256b63e9be06faf6258f7c3a91cdec87f566f200c25a4731eb12cf3b5fa919cd31e
SHA5122c7d5a420beb46f0b18f2d61ba5ffa325e010b0c922b74d3b95cf84bc978d225d4801318dbfcc9e43110b003b19f196b54662048bc88c3f9600249ea6a4a4e41
-
Filesize
1.3MB
MD5dfe2baaa231e0e49c7b256bf5c882b22
SHA12ca577bbbf1b094e3b0674a0eb1b0cc733a2d79d
SHA25605174da0c56a2ee7b3277163933a057ac9494a625528cdfe99c0de4226e7e105
SHA512d47251ae3a325d200d579d939c8a4b5e80e1c68cf8487a362a54ce7af4795335fb90cb9b3337765751d4f28fcb8592dbdcdc8bbc7904f40fc3e938a9086d81bf
-
Filesize
1.6MB
MD5ec1d1c544c99a1a7dcfdbde93142b79c
SHA1347165d3e82e0679b8310d01c6d46ac7139ad265
SHA2564cefd04742ed4e403b0e09eebe0e2672dd70faee06ff9db050419a729ab0ebc4
SHA5122bcc3416298604ae749564607adc42b672daf6990ef0e9d39edc7030b628bdffd2bc03463019714af274327d5cc8dc65b8892ef74d900648b80f13031cdba20a
-
Filesize
2.1MB
MD505b2cdfbd07a13f561aecaf4d55be2de
SHA15805f27402c9128956db27d3e45d24602e8c68c6
SHA2568e1930dd9d0bb0bad96021f4bed5965a4a258209ccd8ed877f0a5e897bbf6c6b
SHA5124145b505c3e39f81db0bcbd6fc4382268673153aba1221b57f5a2c5cef17b1192b503a7c6789eb98d5c7cb545c20f52a85f0b697203f9f076e6c8cbf3c96548d
-
Filesize
1.3MB
MD53407d0e980767aa9da28fe6ef5e88959
SHA11ac4e415af05a3af392f1c94a77df0fd759ca0a0
SHA2563a14c1f6d344c985f1e16f0fe2c753dcbf2f8de0513d2943cc9c34bb3d94c5c0
SHA512f2fda52b7f8108d4a482112b78669e2c705839d7abd935c599bfb0c69f8e1c480ea165178e10446b7cb479d529a85b3a118c6dc3f123da9445ebeaa76aa81428
-
Filesize
1.7MB
MD5bb20292dd7f5aed8f92e6d9f24261ad2
SHA182cd1791d100a57cf41ed0bc769900dc74493ab6
SHA25633b79fc00fd67e5f21a61170a59eafd9d2ffb459b2531ec89e17f8b34bc97830
SHA512633478130c19157c015ee57d992b0d3cafac2d10f2214ee55e91dfc2f26585eb8c64e4a2d99c88c72de1cbef5d1f339dac20cf13dac32f0e6f777dfa9ed3f65b
-
Filesize
1.5MB
MD5dc8b4509ef2ecb23edaf66133e591f53
SHA16977333df1a37e449e300b134de5782d860f40e5
SHA256823995959e6f005137aeb5c01efa6193e15a64aaa532f1982b9e25f7742cda94
SHA512391cc1f0efe7e5afe6ce744687d9ee050bed54582744da935a4fcf1168ee82b0a20984cdfc9211b7d5b4748b15eb67edee798fac134d2dd194b5dc9c9599bdf1