Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-10-2024 04:21
Static task
static1
Behavioral task
behavioral1
Sample
88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe
Resource
win7-20240903-en
General
-
Target
88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe
-
Size
1.7MB
-
MD5
d310e1e4742dc7ef980ff609c27f09d3
-
SHA1
f7412cbe40a30cdcca60c72cb1ec3dc335d252c2
-
SHA256
88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847
-
SHA512
caeb57d5d3e14c50843ed9252e30e828a4fc812328589a75a0f695e5a6a73a52d4511fb427a70077b62f2119a6ebe46cd1de4bfdb693d61d82cfa60d2c96a74e
-
SSDEEP
49152:NKxNupkTcKb4rSUfkVFjtgDUYmvFur31yAipQCtXxc0H:EfupkT5NUQOU7dG1yfpVBlH
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
pid Process 428 alg.exe 852 DiagnosticsHub.StandardCollector.Service.exe 1392 fxssvc.exe 1668 elevation_service.exe 1028 elevation_service.exe 1348 maintenanceservice.exe 740 msdtc.exe 1532 OSE.EXE 2012 PerceptionSimulationService.exe 1372 perfhost.exe 4168 locator.exe 4016 SensorDataService.exe 1136 snmptrap.exe 3860 spectrum.exe 2672 ssh-agent.exe 3008 TieringEngineService.exe 2164 AgentService.exe 5112 vds.exe 1892 vssvc.exe 4632 wbengine.exe 4404 WmiApSrv.exe 3868 SearchIndexer.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
description ioc Process File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\spectrum.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\locator.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\vssvc.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\msiexec.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\AgentService.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\4f9005627cad7dd2.bin alg.exe File opened for modification C:\Windows\System32\msdtc.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\System32\SensorDataService.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\SearchIndexer.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\System32\vds.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\wbengine.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\System32\alg.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\System32\snmptrap.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\dllhost.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_92812\javaw.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe alg.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language perfhost.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000050c7fc905e27db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d918cd905e27db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d43c12915e27db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000024a0f5905e27db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002d7d91905e27db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe -
Suspicious behavior: EnumeratesProcesses 39 IoCs
pid Process 1912 javaws.exe 1912 javaws.exe 2652 jp2launcher.exe 2652 jp2launcher.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 656 Process not Found 656 Process not Found -
Suspicious use of AdjustPrivilegeToken 45 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Token: SeAuditPrivilege 1392 fxssvc.exe Token: SeRestorePrivilege 3008 TieringEngineService.exe Token: SeManageVolumePrivilege 3008 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 2164 AgentService.exe Token: SeBackupPrivilege 1892 vssvc.exe Token: SeRestorePrivilege 1892 vssvc.exe Token: SeAuditPrivilege 1892 vssvc.exe Token: SeBackupPrivilege 4632 wbengine.exe Token: SeRestorePrivilege 4632 wbengine.exe Token: SeSecurityPrivilege 4632 wbengine.exe Token: 33 3868 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 3868 SearchIndexer.exe Token: SeDebugPrivilege 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Token: SeDebugPrivilege 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Token: SeDebugPrivilege 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Token: SeDebugPrivilege 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Token: SeDebugPrivilege 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe Token: SeDebugPrivilege 428 alg.exe Token: SeDebugPrivilege 428 alg.exe Token: SeDebugPrivilege 428 alg.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2652 jp2launcher.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2144 wrote to memory of 1912 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 86 PID 2144 wrote to memory of 1912 2144 88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe 86 PID 1912 wrote to memory of 2652 1912 javaws.exe 87 PID 1912 wrote to memory of 2652 1912 javaws.exe 87 PID 3868 wrote to memory of 3608 3868 SearchIndexer.exe 115 PID 3868 wrote to memory of 3608 3868 SearchIndexer.exe 115 PID 3868 wrote to memory of 1196 3868 SearchIndexer.exe 116 PID 3868 wrote to memory of 1196 3868 SearchIndexer.exe 116 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe"C:\Users\Admin\AppData\Local\Temp\88d3a4462e3e8ad13664dc935a956deea58a97d8b0858eeb94ce48caa26b9847.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Program Files\Java\jre-1.8\bin\javaws.exe"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -J-Djdk.disableLastUsageTracking=true -SSVBaselineUpdate2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1912 -
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamRrLmRpc2FibGVMYXN0VXNhZ2VUcmFja2luZz10cnVlAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGJpblxqYXZhdy5leGUALURqbmxweC52bWFyZ3M9TFVScVpHc3VaR2x6WVdKc1pVeGhjM1JWYzJGblpWUnlZV05yYVc1blBYUnlkV1VB -ma LVNTVkJhc2VsaW5lVXBkYXRlAC1ub3RXZWJKYXZh3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2652
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:428
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:852
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:4876
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1392
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1668
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:1028
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:1348
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:740
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:1532
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:2012
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1372
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:4168
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4016
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:1136
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3860
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:2672
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:4084
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3008
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2164
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:5112
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1892
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4632
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:4404
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3868 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:3608
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
PID:1196
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5a4d05661df146fadc0b6a3b32a847d58
SHA1f5471d659f04d2fcd93b4fd2316990d3d75f2f77
SHA2560b7fab989a19d30c5082f1b65c78be79d2e4ad610c96a44763d2e493056d84de
SHA5127b5536335bf7eac6eb324efa6b12d3b594cdad4ffef9fa75041bf3f07458c8c32cdcdf0290ddaba75de601e6587c5abe6fbcb0bc9208d7f7b944e7a2f384a204
-
Filesize
789KB
MD5894386b902f401137429ced11f47faa0
SHA1126aaa7f6132a1ee4cafa1f1c715c63ba64a5171
SHA256df43139cc0a3756290d4182a622f4358d1144565c8cd8eb47f9428142d8e7c9f
SHA512da942ea4d15d4cd01217919f03cd22d65f4cd41ae4cf720a76bbcca1ef5e1cd6362327de4f6907608ca2bad02b7b9300b2a05087824260b9a9d0c5eade86bf49
-
Filesize
1.1MB
MD585c4b80ba5ff67e42ef2790aaacbe939
SHA1ce225d5973b40d45a1fafe9ac11fddcdd8fe1b01
SHA256f3ecacfa04fcb71123d6aaa1507d7ea8eed919710640b09d66c027187dd4df32
SHA512a55750adb0d0d3885643b289b41aa5ec4ec7b717ceb4e1528ee244dea820e3e3c470ce4015ff9c162b94ec1a1b822238a34c0613504fddc071703875807098f1
-
Filesize
1.5MB
MD52a4a9f15e2d7e6eecbeaab50217e691c
SHA126cbbc7cb35f1dc58946e5c6c736a7b0dbd6d548
SHA256fe7fb550d565f815a0bbf5877e9bfe28c1df8a6c84b51efe52ca449020422300
SHA512bc98d9f7c9bdf64a8018f30d66d2087982822212a19f80a3225e65a1f0cdecfa9f09a824f98199714a7125b86eee07e25e3b02cd07543210ae805633a0c26232
-
Filesize
1.2MB
MD542bcca50f673c828a0a7553e34e96659
SHA18e8abd8d8a40dbb2fb84ed9de597be987710a80e
SHA2568ad1612fbb82a55aa036788c3be0fd8f50d95e9b6594833cdb05edcefc90154b
SHA512711af507cbbef356d53631a78e9edfa4630a254614515bf2b7e0f42c3f523a44935d64dcb0d54357b9b1c15639b354eb084a5326300dad290085d3da338701a8
-
Filesize
582KB
MD5d9ac48d7503802d9df3fc37a35cd624c
SHA135c7d6b6fe4096248f9ace7939fb457b25b62452
SHA25697a9f4bee534a2bca565dc524af84fd41726e83693e1045819de03304401013d
SHA5129bd7d2a798aeb0d7004ae3a27c3a4f3c1adf1e6b23006cd18c2ff0b34345dc9f1ce8fb5b929973389a5e8a46beb18499f0775164d81222dd39c004f3e2b631f9
-
Filesize
840KB
MD5a82fa7f7f5e33966c354c634799b3ece
SHA14c87a64209a623c6e2fe4609b2b811fe09960e3c
SHA25690921c239c751c8c1459742a6efdfbf2f1e80e07e4115680013d8c69490f3660
SHA51249895722d1c0b063d3553dad92bc44d38be9cdafbe2c37ef98a983ae525c05e2bd6d3e6b3e245cb97ccb8265d52a77e26fc754d71a42d1b38df78c4e8ce9744d
-
Filesize
4.6MB
MD54fb1c394e3748536fd1e667e41175136
SHA136f9f8a91576ab10404869f2e54ade54c75b2fe2
SHA2564f0f95d70b8b7e4515b25e4e15050482f8242318e614a2d14b4568c7d91ba13b
SHA51298e87c7a7f7ab998af7eb9df42c1523832ca98b8d1ab0857a961c74d2fa15dba05e69351b0983380f4c6c870eac844db3e2aebff02195a57dfd6782eb2ad2dd1
-
Filesize
910KB
MD5baa248ac74f544cec6234b4ee3f037c9
SHA112b32787d733c2993b58a06e2e7e96f15b7a3ea1
SHA256bc89f065a905963d6735de3cf4a709589175ff649f841ef998d371e140a2719a
SHA512601df534c86a560b1dcdda8988c54fff22631af6dbc80e25f6f975e9f04db69d9e7c2fd1645892c0c6bcd824e3469e45d03eaf9615dfc7ca1772821f4527bdcb
-
Filesize
24.0MB
MD513dffea89c7c44c3dae47beb45f660c7
SHA17e68dfd58b45c6f6b6eba00de239e72b1f45bd27
SHA2569a728659501f686905a6fe8bfa68e34d5ea91022cf0b734695bf29fc8d76ed49
SHA5126453cb28429f190ca281e5e495237a89dbd0a44782151352aa8d5fd6714ca644c66cfd27c1093d33c64cc9601ab9f3e2146a6f9c714743f33328087586e78d48
-
Filesize
2.7MB
MD55d593e46c706895a5ff6437bf40410ed
SHA1fd0da32a57aa02e36dee251246f9602a0fddac51
SHA256b02225051abe943a95c6dcd17e3902b6d1964f96d4ad3f3747bf5180cf148e89
SHA51216e797dc9b5eea38ad5f7c871aa2313125ad2ee90b4bd1426ec3f3432f0a8105a7ce648c80ac1ab46dfb69eea32043504245cd247a5d51777c8bc368b190eeba
-
Filesize
1.1MB
MD50c52a8c3133b9a289b77da0d08142bd5
SHA108ae9b3b9f3201dcc091d130576b30984661b6df
SHA256cd1971b974c16b0e9d36b3239634ed985efe0c9ce32d4b77cb58fe31f59ca14c
SHA512b9899d03a61a196865fad502da4e16711529d1b8a2cfb0dc5e2d960e5ef6e35e6170d001a8729e7dd1a8cd38dcf184da243e05c883e9feb31b82e37dad872a94
-
Filesize
805KB
MD5659c0e5befe38960bcde36c4c1b94aff
SHA1459668dd67cfb7a18effa485f9902bfa041828a6
SHA256f3b49c5d28d0ba54c6f53ba7e2421c9ad88b8743dfcea32f1e06fbdde30b7235
SHA51285fc26f7818b70e2051d1cf5c314f008eb11f4acc989cce5a3dbb32da9f6e8551b25d2a5d84e0a50b200cfbbaba17ee3d88f7390154f81e9c7ba468f30e5b37f
-
Filesize
656KB
MD5e3aeea9aabe6f0f2beed714f69fb1600
SHA1c3c1a508774bf97567fc457e2e276534d6733b4e
SHA256fe2e2d65320d035e4bbf9d6321e273fca3eca300833ffe92a7f20025f86e7911
SHA51273f77aa968f2ae5c734cdd0892466f4d603abec803cb9fbc9d4bd6b421fddfb2b39c7be0286427b5067fc34b37ce143806bb2fd5f31ac5ff6e6c4b1f2869b4fb
-
Filesize
4.6MB
MD5a1f6f6550b925491e7ccdfd6638864b5
SHA1b194f801c1526414489d80270b9cc5e814659c2c
SHA25666bd8ff5f24c031d6a7c70f92d82ae74a8e67e9de322fd8a73398ee4ba448759
SHA512f2a0f4ba9cb2bf7ce04f14d1bea99d3a6cdf8dcb77819ed2aec94d16635a43fcf739754255bea138130538aa402f7a7021fc1fc087d16d22d4c62181fdecbc33
-
Filesize
4.6MB
MD5215eb4c458d3aed95155935ac60ce4da
SHA10d86f8408128a03046479bdda62fa3e74648a8c7
SHA25690683df8700c6b8fe5373bca926338a8436ff1b9a96d9aa82b5fe71232a0df9e
SHA512ded2436ba6f68a837150d3e5c2d7fbd8c391293d911936db96d42e45d95677edb658af3eefd86dad561a7bc62131bed80d49a28dc6faedb3d52c70c89068d156
-
Filesize
1.9MB
MD598c19a424f5bc9e89607c9384be687c7
SHA11b5d25ea48be8fb0f3c327fd783e0532563766b4
SHA256fc361d9c57910067720a34decf4f9bdf952f9667dda823e789ec06467e69444f
SHA512e882bc11d42eaeeeec658c1cf6f2dae21d76d76efa36b9ad01a7f498e8dc8c5825bf4d72ee9f1e994b56e7da32b08b76206eb9b1c6de95b950dbba340f0f4c3e
-
Filesize
2.1MB
MD545a64a16425ce68458792c554280d570
SHA15d73c608edb61d5282b35b9b204c0c9dad0ea1f2
SHA256b8e941fb2dbcb284dd53c37916da0ede4a3b2fd2e3d0c0315d50153b327f4a85
SHA512f7833b2cacbec45036ca0432ce7a79caed596d5d030085802c8257e6e6bf9ed4dcd8dc30ca1c562562a544ba918e536b36acf4e5ac27833d8133252287dca62b
-
Filesize
1.8MB
MD5d0160f1ab8f135fe28bf69e114319757
SHA1f54505359da3ba804614b8419f59c3adf200e8c6
SHA2564b5ce8dfc21cca63b446acd2590c9592115b6b5c711616903bfa686f2e493f46
SHA5129c2c027ce3782af995efc745e8a316d931bb4d1bee181af4a40c024d2ae08d7956eeb7561a361aedb7f2fd999053a386d7c7bc1e71ef769d97a955a6a09f2b03
-
Filesize
1.6MB
MD5929ef0ee1232e18cab324dc1a63e4c26
SHA11abccbf6c1e35280d942ad897fc9aa688b2636ca
SHA2561ad461ea7009f662125438f2efa69c6b9ccf297eebda4354bd9275da730cfb3f
SHA5129f8ddf62d2050e9dfa962d0cede295ffd74506e6ab7e978f62c9da0dd77363553f7a1f8251df3130f6d3aa6449ef3e2afd4911a21cfe7e44d15bf46c03496a5f
-
Filesize
581KB
MD52838941a3019ca2cf49ea81aa8d0db8a
SHA1ff620476e8c68fa2907ffcd18b3b0fbb13e32f6c
SHA256d2f02ae69542ff59d6c3a7eba66909b0d524ab326864abb4f560b8741692f86a
SHA5124ada5270d8f938713d53ae51120379d3a96101ad575e4d5734dc1d402e06475a110ed30481beee5ad719266a2e83e584d620c4d44c4ee4ceba43437b1cced7eb
-
Filesize
581KB
MD52fb4ca008210889907114cbe3f796a88
SHA1d4395c61b1cecedb1b9f26ed02733446c96685a3
SHA256b27789739f82c37b70765886611998355e8bb603924949f0b820e240aa83ec3b
SHA512c6957ed481d612689544465ddeea6fbca30b71b13879ffe70bada27c2e8652d1b6f47f362f887fdaa80149280b7a6b4e94042a156ce43cb117cba5fc0c543d9f
-
Filesize
581KB
MD5e39bb66642641e7e7e6030ffcc46e6fa
SHA1d174d5857871fcb98de2e915651de62bc79fe9db
SHA25671f155fff7d0d53c57625652b67b301a1d0f44f2d00bd26d2d8983f8414b3cce
SHA512be26d62d47cfb38cd5d9295b9a81d7601a01fbb191583b5dffc40d199124fb590f83b6b55b9ba33b1b807998b746842f8fe15304fcfbdf3b61580d4c0b26bc60
-
Filesize
601KB
MD59ced8449299ef833a806c2d74be11ba9
SHA180e99f0d4b288c563c5c8e1b5c37968b73dfedb1
SHA256a7f4923cf0169597dc358a9fdacddbc92404419da1631ee54c10cc2c01b17e60
SHA5122ca6dd45e457012200b58b4809c0e60990762012da5990d0d9c77d4d92d067b8af2ca2d193b346380ac278d198d029803ee7b33d6e91769720459fcfba816faa
-
Filesize
581KB
MD55118ffa08c0f5b6af59e4adc4598533a
SHA15b9f3855c33b78bd50946048c1d00a64ec6409b9
SHA256c74a1b8766a72c889500a27cba2ca3ae197dabd5d6ecb2edf4c1ca916350c800
SHA5121ee6b04d1a519235cc964deb4204bb4b541a89c88e2e1ff99ce7ad77e7c369528b05c32e8e7f7d76b3ccc2c1148d3c046e4afed1b07fad07936abecfabce5a5c
-
Filesize
581KB
MD56e0b6a2da5dd41f5c3280da47db3fa62
SHA1e904391c57d9ccecf86c29c49144ae2ce731ad9c
SHA2564901bdea5d41f962285f64b5a106d28e683285f9515598b5efe1565d8e128fb3
SHA5126e388869614fc159293383711cf509d69ed51313183fcb654b91f744e0a4c2d9c033fb0bb1cf49a431309c2ab336948569abd8b2e991dedbdf6a55a933e142c8
-
Filesize
581KB
MD5a1f0e6dfe61ca6e866ba70d6ebaf7cb9
SHA1574f7d4367b26752c2ac8528a595dbbc414c853d
SHA256b316f881a6b4ff3ec8836e02561e16641665401cdac8bae1459cb6c531c2a5c2
SHA512db925a3c8d928d0ea72fa656370b951ececa7d6e1d3a9e0a99a1ac11276a199e257894a78911ccb0e3d01b0e0fe39031608e8f1ea3674fb4208ef5eecd42d0bb
-
Filesize
841KB
MD5abc0490670f724b0a48c308fe0f8196c
SHA13f32f73cf82ebecc05916bdef81953b0c02b3684
SHA2565b3fee1a6609568cc2b7bd58d6025fc5d9baa2578d644b827504b841041da48d
SHA512b78995bbef38d7125f3492e038943693a565a98d6d0c244f1e9987648bd60cf07ddb6cc054a782728f1aadcefbfb3fcb1c21a7c576df85325df6b9dbcf66f2f8
-
Filesize
581KB
MD553aa6659f702dae9617e08beb11d1a8b
SHA1910840a19626b270cb9e9e2c269547e3ecc89709
SHA25604692e1e51a984cce7d39666f1e7981cc7fdb77f3207704375b149d663cf0bff
SHA512213392cf7fc95f07620bf749f4fd2fc1639589f9bd457d28c31faf7151a78ab6dcbd8cbfc8d3d9051ca65be6dc3521b250848089c9e9cad3480ad9436425e5b5
-
Filesize
581KB
MD53ce75c377520763569ec47f6444177c2
SHA1881c9bee78dcd24b7fae7885ce96aae58e075297
SHA256fa0e7f44a4f501237a697f43521c8b605aad3530c1acdedf45fb20662a150bab
SHA5126622498bbaa05a5ecdf2e5da04007d41737c25ceee7d854b3842c11d61d18635132b05564067f15ecc70284b9b7a854c8932a5db49d93a0d8b3e6d6dc1828654
-
Filesize
717KB
MD501269855ca0acc5584838f3c57981046
SHA124863faea621f34d7bae8bfd2ad528b1370e43ae
SHA256936ef6c8deb40b10249afba54f30b1e253929b61e70ce80fe77a84b3076682a1
SHA512fbb66a072a4a175208d7ea3eba5590012d759ffd93b4a70edab10d6d010ffc82ee50358f29ac3fbb8b5513cbc907599c4a5b5f31e8afdd7e7425dc0f26ace73b
-
Filesize
581KB
MD5d1446681a22a703306495461ce848abd
SHA1db59822add695d02cac402925590f55029ef4429
SHA256cd694f368f8a1075490f368f1c0152640c410dc6b4a68412c59502128e01ab66
SHA51200290078748216c5cc197d9706df77f997546ee139ca8dbd0bfb1992cdb387811c03e897ff02cfe90b14be8f68024dfb9834482b5ba28533554f09a4a95756fc
-
Filesize
581KB
MD50e48c7fba91e2d238f9ca17d88b0d453
SHA189b88c0368546b27ea02fbf8547fff960e41784c
SHA256f7e44a6c5e4f183a4b475daf932f75fe424cf0be214966ae5efdd69b4a3ef346
SHA512a32137132a60ecc1755a81864b33d6be4336a915e892ddb4427bb5e49f82915ba68e987a0a09ba01d7da783fef18921cd43abd3d54562cda5f7d901adac02a40
-
Filesize
717KB
MD52edfa0b0089b99eb828981ed7b9929fd
SHA1e52a4df6dfe8a0357cf2b9f0442b6dbb1b48b233
SHA256d56a29f543d93dd3a3a68cfa4c84c8e9ec5e6da3c972d7918a0a810e16d7469e
SHA5120e259dbdbdf0846b2000c66cff18f3143716c9edd4ee00ef0665ef693a970dcf35d0c6a46197e0dafddc65d276470d9c3a6781307a66f28c05f87a04c3767e7c
-
Filesize
841KB
MD512ff133224fe5f1450ed1b5246189488
SHA1cc043ee9ad998f518a8bca1076b428eb4b01d4ac
SHA256f50afecab6c11161a1be992e631b5e0a920422f9244d29487f42ef4587d55c85
SHA512a43e9a8e52f6315f6dc68bac883ed11017284ccc77ac2d4a7c551b963e3792c66aa0be0a1067035b1398e0f2151543591759102134daacc7ca33703f9ebad409
-
Filesize
1020KB
MD5be9a7a06fb917d969c428ebc3d7d850b
SHA18d972800fa56421b68aa68c2ce8b3c6e61bb4390
SHA256a9c647c4ec876819c14faef6d066ddb9539f33f0402e0056e3dcedca678c0f9c
SHA51241b5c909b8dd8c93801110413b57f65986a4938d3e0847cf73735a232aca15aad803950ee36d0a4d827d14bea9238f2803ccc128785a32bf8b767d55a1a386bd
-
Filesize
1.5MB
MD5d358caa5a4b985f28444652e22ced5c0
SHA1d99b0cbcc1bf7b363827ccc397f9225ee4ce5d60
SHA256b2e64461146cd9bca943cafaf72fc01ef52c01d8a1a8abbf2d6d7996cf05f8cc
SHA5123f088507dbdbb458a3f61d34b157b2869df9b22d22e92f061f52f51cfb5104f36be5c3135ea1e9891a43237043f7382a29a2f8dcff7217c4073035c0db7c1e4f
-
Filesize
701KB
MD5684fcd68f53c0db75317d05d5aa228aa
SHA138825c0a29b193532778466fdd7903a5fe8683bc
SHA2568610d88c46ea722c3ba310cc8a8645245f38ae20c73568753f3269262460dfba
SHA51280bdf442ad36dc0b022e717d4b260e4ec5bc6e2eaeb3fb8f964240e21d11dcd5658827faca0c433df30c1459abf8a73a292d845cec2bb521e77c0d267fafa1dd
-
Filesize
896B
MD53264dab8c6b89cdfe079c5d5a40ddcf2
SHA1625667d97e3be18d5a90aa094ce7ddbf12c293b7
SHA2564c2a0edd0f26437aa4759a8ed3b552681cc565ed2b91359b094ec5bd4e1dc898
SHA512434afc03f5e649977d638ae2a726798fb4096bac1bc4ad5d8929de82d81c4c47db3c4c022895a93b587507c69596175ed0cfdbba31737cd98fa846b4bbf6ac40
-
Filesize
12KB
MD5a66e19c05f3e0b24ac077a37c2b7589e
SHA18b9ad1517985c48c0bd11670fabd3648bac9d1ff
SHA2569771364d53fa9b1bd14cef7e48be1f5df23b11aac9f5cb6763a4934b3190e126
SHA5120876a0072ac19f03818a2e5d77cec638470a09e40cd3794d901f1625c3f701f7b37a5cc6e23057a53e62d6e936f5c90bdd4a2c811c64dcfaa20dca5fdf63565f
-
Filesize
164KB
MD554a3d8d5de0e1300a59d290303ff4e19
SHA15a7d2eac250aa74f5c6cfdb2969a3c420b2bab42
SHA2568036cf7184dbdb1d62cb6c0d12badc9de2c7abf5b78e47f3a21d8e9cdade7049
SHA5128591fd08feaa4636c3acd2d5f3e571d3771bf542fa90a7d910c7f43cdd545a39d585ec33f11dd5e8bd8275a4426368abee9ec9766ca7877e7f25ad2cb64d3987
-
Filesize
588KB
MD513fd826a3d5e935af71c622231555abe
SHA1fe5e58da076d7b0037c2a016977bb17f4c879aee
SHA256923068a79ff609f90a4ca7128aa72c0dd195e7701ba7f2793315f574c672f3d1
SHA512024928110a6310fb981dcfcc9991450dcd4fe3c66c1ce013a89c10c28a183ba1952725952716e724c6fa7ec64b1e2257d128b1b9fd3e3e1e4dde69f44377e51f
-
Filesize
1.7MB
MD5b3247770822c2cf1b9a602e146d5fae5
SHA14c917e55c2c603fb441a7f1cd5b51290c8a4ac85
SHA2560bac3f899b54fe19e6c6bc765eb0e2734ec4506fc397f933768f8d39a4c9d4c4
SHA5127003f5fad6a47a13857bf3da95ae58c2a260492744bcb0265631f62df7c55362fdeadd293b7c1ef61b7ef74beb44082683b28d04b5c6ddda145864471eb98c3c
-
Filesize
659KB
MD53f9a33681922aab1afdcec3ed37cfc15
SHA196ab36c0c93dab4fc243693fc861f3f58067378a
SHA256501bb3d0271a95c7a4b3119c33e1dd47abd35bba5df5b5effaee01881959c2cc
SHA512f044a8428026ce13e8a5b572546f75ec543a0c7f6ebdfb3a79aa99eeddff7d7c64351ba9bd51d5fa162e15b32e489cc5db5b4bf190aba06bd32f209aeb30e852
-
Filesize
1.2MB
MD5680d22ab8816f0d6176a6d99e24ec2e3
SHA1b5d002bd01a06061e0c1f15e026fe82bc5d2ba34
SHA25621029039de02f2fc8698553d0a8bddb1fd71f44d5e68c42b7b3f883f5d6575a2
SHA512e14c75639c7a574b297fff52685ee66cad92666b803d91271b4708f3d619016d489e2e2c69c4948217e47274e26f395864b1bfd0e39b135434c500ca6d56f67e
-
Filesize
578KB
MD5e788836e683e96accd2a64c3d01e63e6
SHA179a512522926223d3624817ee4ec1b04813d2a6c
SHA2560518121b46473752c8b5cb5911ede4a0c19322b6cd88dd49401caf8a59085307
SHA5121ac123dcc145c6db74dde2a094354b311bebe8f941b7301b6e1c6985a943e170404a301023a433798469c3e79eb593000bdb9e49944e65577be6c2f9c67b24a1
-
Filesize
940KB
MD5fa8dbe030c417344b461217aa8419a4c
SHA1b8a29cb849916eea2ca32f02e492a823309ea87e
SHA256df01bb0f2c74603ddd8cfc43d74dfa1d43432a0ea5a1d9f04e37c30ef7232830
SHA5128118a327d946535f7378dd24eec1b05bc5c01c03d035635a8bb252376a3093e1dc96c25bcfa9e06140ae7a67d1ad67fe9e480e56e39c6e48adacde7a455a4c81
-
Filesize
671KB
MD55328fed3e0275222db122913b0941715
SHA140ead1ce4b1822e0d4d401409d22a20687afd089
SHA25620ccc07ed149b5899c283c389b85d81efae006f6400be82906b39927b38f64e5
SHA512b3ba711edccbd48eabbab59d8f854571e5e0c88e29a79c0480e7dd56fd02a4960a30fa5c55d8356f64e78c686f262d4a93bc5f746acf7bb2fe39a84b92c297ee
-
Filesize
1.4MB
MD52eeec521f777abc2253ef743660283bb
SHA124681ef838ae482e9a990acd26072c2fc42abd41
SHA256ab535c8e776b889c31894006ab460a40bc53adb468922e080b1bc53e584feb1c
SHA5123e508585b1a0de34c543f7497f157fe41b7d810bb0d31d33f13d33170ddbc19c156d17221c9c7368e59a54a3adc21e2b96c2a5bf5f69bbc73617cb7531f79431
-
Filesize
1.8MB
MD5201253d111fd934a5713ba85137c694a
SHA12baa3ce0246e15d6cc1ef605251fd651f37f4d2c
SHA25663be52fdac8c2c27981983449ae418d04ddef2d40b456484b8546ab0976c2646
SHA512ec22f43ee8eb6cb7ada3f969692312d54adfc7a808240408aa00dd88f4a0464d451136f794908dcc7aa3da6cfa5da54d97807de84efb08939f8d37dd7c35df32
-
Filesize
1.4MB
MD5ec3de54888e53e350c450df1bb998ec8
SHA191c609ac41da4defdb9485e7aacf57fc257b2d02
SHA2564e29e3f2890c52a999d6038050f7a39b60ea92ec45812407c27d3ab83ec99949
SHA5122ad8da6a0c7f3920fd2fd4af9bab336568301c657dae7cbcea39c2e59b3f6b54d1bc56ce608183e547f273298044ae8f70b2234494a77212571356d46c4f34cc
-
Filesize
885KB
MD59fc3ff4d8606b77a23a6a1d6229b3b17
SHA1db0320e8941ed0f84c673995e11b4f9189a34cdf
SHA25609e12a69817346f8ac12fa5a976a379d2d1fcf58a4a3faf1992ba9a66575b4e1
SHA5125b88c1c158097374a8ddabe984b10aea85c27f62115025fd0514acae0b3d4bacc38615d7db8b8447bff1cac338960f2d40ec2a143078c48abe508cea2857760f
-
Filesize
2.0MB
MD5d0ab97b6755b0d2d30b7988bcfa38466
SHA1c79c9c86a85e9f172390819f3be27c409673adea
SHA256aa90ffdfa0e609d8f144451192476eab9dda1659d1774e86c9b8be23bef6475d
SHA512d0dbebcdaae19b48631242af19ac0bd9229b7e3aaf0eb668d30bdb070e3703f74d256d338593c7fcd9246ac02390115af083cf69c337b7fa0bac7e3125493cf7
-
Filesize
661KB
MD58819bf499ac894d54625090dfa71709a
SHA18e3f51071f38dce961ca63edbebb3246b17fca8f
SHA2561a3c3b597f54e23935986b3e5ea395ea334037a639007be54dcd551563f8f56d
SHA51290b20bbe91f684906ec44a39460f78e4c6596a74474e6d61262798da7e18a3962ec5b4f707d682ee653180638b28cc4fa8bc886b7624748c98d84dc557768412
-
Filesize
712KB
MD587f7a941a3564207f0f37b2c246b286d
SHA135ab8672797bd026c4cec3e14e46981c90274e90
SHA2565edb129a36db9c4c397509870538059f60eafc76cfd6df2eca79defdcc131d4e
SHA51255ce7d8122d11489fb88ae90e6e4ac2056022f87939473018e2658a346491a0e79ce093a5bc3febb79e33867dccea511d09bf1e26b16e2b1c014fadc6b370083
-
Filesize
584KB
MD55640147fff48ee4ccf2daadce5b6d28a
SHA1eae99ba07ea144c118fa56e63c4804de80e0d091
SHA2561e53e9db27b79495e0e7ec66467b70a356b6dc0307df9fc0bfe1cad9f8074129
SHA512cf515dd153a261af13b921f69366ed061dfb297820bdd55abdb620d1812217dcfb181f660aab3edc433c396a0132c6aa3c151a3293c1ece2187e96c0373619d4
-
Filesize
1.3MB
MD5af5fa99b1bbde121f6110d5726327b4e
SHA1a6c3850019aef47bd9237eb2514e3d6ee631152e
SHA25625f08b4385bcebe308d6271f45c83cc26fd2ceb31d67ccf498d664535d05f2ca
SHA5126dde323515b1adac574e6f517c2366b4c99a665c044711e81223db53fdbf42e8cd956b94899351942ad903febf9e9339111ba34ab2a7b1af0eda5b6bdc845ac6
-
Filesize
772KB
MD531c760bc335625b371bf0c99375aae1f
SHA196baf8fde86c31038a97dfaac6931405925b20e2
SHA256ec0c7b30d76a6134d0a17e39e05ddf515573e2ef3719c4da8f94e82da6da84dd
SHA5122cc45ed612575c657ded0b37ca62fa22abdb9b73e478b90ea30e72c1a882435d107deeb6c3a44b53876324d5859a11432e525fc32ca7a112312592f8dab3b07d
-
Filesize
2.1MB
MD5807b7cef417243da587ab9ddc3bb3ff9
SHA1d0254f7b01575e0197fd5d136fef553ad0eb492b
SHA2562d09e9f2bf55b26a9c194f7ad9f6d67bcd7a70056fae86216d512938c881a2cd
SHA512c5b3ded4228953bef8ef83b7c905e1cc5bb1b69fefce3ef93cc9236f2a6bb620cd2dfa2d41d9c5a7b22d1d4981bd75769a6dfd1eaca4def88d1af4921089d74c
-
Filesize
1.3MB
MD55cdfa860eff13f768a752f1c97df0e08
SHA18f78dff3b20e31a0b4b00b7a63509d0fac4b85e6
SHA256cd71011458dd09faecce4be7a0d6a216529d63a47e6f2dd05ed09af56f020c6b
SHA512a7366e8b683a79fba983ab194769c5c92a1e4db66c373153beb831f1079440ad517d64d4b2a8b5322ccc131abc31f13e8daacf85a036aeed28c78fc4811f9e0e
-
Filesize
877KB
MD5a239d2d5d8dd626ca4a23b4b7ca523f0
SHA17708da46af9822b5682dc76c070d91e030be919e
SHA25609e63c9b5c9592c553db0a1e52a13670bb28dbedb4944633724f37601edcaeb5
SHA512361adbbfee13faf4e4af42f8c4009a71f372234ba03790644cd629fb5ed99c93f2d98a3cd0fb84fcb75583c4ee5aacdcd9bcff279b39832acda56bbb008a5557
-
Filesize
635KB
MD57d48a74754bdbaaa670a0e4810335c44
SHA154c3734c8fd257d822320673f4c52924435b5c88
SHA256a4071e63e6ef0359e46044ee923a1a2ac54b3295d3ae74d5e71ada5f7000f038
SHA51237198fd506f34c5bc8601fb2076a1087f23f02c75903bf9bb2769bc7d6084cb394b7de2d70418add75d372e3ea844766f55200c87880d68ee2ad0f8aee34eeb6