Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-10-2024 04:23
Static task
static1
Behavioral task
behavioral1
Sample
bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe
Resource
win7-20240903-en
General
-
Target
bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe
-
Size
1.7MB
-
MD5
5faeb1a0f6fd09f07f30583ecd64e67f
-
SHA1
6b35cd5083208e4670a99ef2fe5123ce3a4ed776
-
SHA256
bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45
-
SHA512
0cb5dd49328bec481b828e12c337af20a71991823abf4d47f9a28f0ad96607e9da14cf0cc63f14561577a0fe344e35168bd51483cb2d84b7443b331e4708c5fd
-
SSDEEP
49152:iKxNupkTcKb4rSUfkVFjARzOA5BIz5c5I:rfupkT5NUQKMAE5c5
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
pid Process 3752 alg.exe 3348 DiagnosticsHub.StandardCollector.Service.exe 3564 fxssvc.exe 3504 elevation_service.exe 5108 elevation_service.exe 1780 maintenanceservice.exe 5092 msdtc.exe 512 OSE.EXE 3260 PerceptionSimulationService.exe 5024 perfhost.exe 3548 locator.exe 368 SensorDataService.exe 716 snmptrap.exe 4964 spectrum.exe 2384 ssh-agent.exe 2292 TieringEngineService.exe 2028 AgentService.exe 2120 vds.exe 4476 vssvc.exe 1992 wbengine.exe 64 WmiApSrv.exe 1704 SearchIndexer.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
description ioc Process File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\spectrum.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\System32\vds.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\wbengine.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\SearchIndexer.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\TieringEngineService.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\System32\msdtc.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\System32\alg.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\SysWow64\perfhost.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\SgrmBroker.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\locator.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\AgentService.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\SensorDataService.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\System32\snmptrap.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\vssvc.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\a32515b394857919.bin alg.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_80171\javaws.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE alg.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\Install\{86586A1C-7EEC-4BB2-AD86-7C1FB3D0D811}\chrome_installer.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe alg.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000627951e15e27db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000287427e05e27db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006eb44ce15e27db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" SearchIndexer.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000007f0a1df5e27db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002b673ee15e27db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fdfb4fe05e27db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000050f8e7de5e27db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" SearchProtocolHost.exe -
Suspicious behavior: EnumeratesProcesses 39 IoCs
pid Process 216 javaws.exe 216 javaws.exe 1332 jp2launcher.exe 1332 jp2launcher.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 652 Process not Found 652 Process not Found -
Suspicious use of AdjustPrivilegeToken 45 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe Token: SeAuditPrivilege 3564 fxssvc.exe Token: SeRestorePrivilege 2292 TieringEngineService.exe Token: SeManageVolumePrivilege 2292 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 2028 AgentService.exe Token: SeBackupPrivilege 4476 vssvc.exe Token: SeRestorePrivilege 4476 vssvc.exe Token: SeAuditPrivilege 4476 vssvc.exe Token: SeBackupPrivilege 1992 wbengine.exe Token: SeRestorePrivilege 1992 wbengine.exe Token: SeSecurityPrivilege 1992 wbengine.exe Token: 33 1704 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 1704 SearchIndexer.exe Token: SeDebugPrivilege 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe Token: SeDebugPrivilege 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe Token: SeDebugPrivilege 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe Token: SeDebugPrivilege 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe Token: SeDebugPrivilege 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe Token: SeDebugPrivilege 3752 alg.exe Token: SeDebugPrivilege 3752 alg.exe Token: SeDebugPrivilege 3752 alg.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1332 jp2launcher.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2356 wrote to memory of 216 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 87 PID 2356 wrote to memory of 216 2356 bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe 87 PID 216 wrote to memory of 1332 216 javaws.exe 88 PID 216 wrote to memory of 1332 216 javaws.exe 88 PID 1704 wrote to memory of 1020 1704 SearchIndexer.exe 115 PID 1704 wrote to memory of 1020 1704 SearchIndexer.exe 115 PID 1704 wrote to memory of 848 1704 SearchIndexer.exe 116 PID 1704 wrote to memory of 848 1704 SearchIndexer.exe 116 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe"C:\Users\Admin\AppData\Local\Temp\bef489e58cf0fac2ab2e81093285271ea1a988822bc2be15e1b33ec7a784fe45.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Program Files\Java\jre-1.8\bin\javaws.exe"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -J-Djdk.disableLastUsageTracking=true -SSVBaselineUpdate2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamRrLmRpc2FibGVMYXN0VXNhZ2VUcmFja2luZz10cnVlAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGJpblxqYXZhdy5leGUALURqbmxweC52bWFyZ3M9TFVScVpHc3VaR2x6WVdKc1pVeGhjM1JWYzJGblpWUnlZV05yYVc1blBYUnlkV1VB -ma LVNTVkJhc2VsaW5lVXBkYXRlAC1ub3RXZWJKYXZh3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1332
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3752
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:3348
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:1996
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3564
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3504
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:5108
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:1780
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:5092
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:512
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:3260
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:5024
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:3548
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:368
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:716
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4964
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:2384
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:2392
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2292
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2028
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:2120
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4476
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1992
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:64
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:1020
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 9002⤵
- Modifies data under HKEY_USERS
PID:848
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5e16a6ab07226a6570a19c6f373cda8e3
SHA1e091f22112270fd890c579bdd47732246e258ac8
SHA256fdfc590b5a3b2f182edbb6645ba9eda1d91803876e30f97606db98effe1b2851
SHA5122d0c63a2948775e76729e6ca5d888f425946df6a970a76b66da39660053006521a6f24ca7321fc2908d6dfb2a35b1b5f72f00cd9ae4a503b25e429a4dbd44b2e
-
Filesize
1.4MB
MD52d48ae17a1aca4299efaca60d5f22568
SHA13c593a7eb140d123617dad90e7b811e1859001b5
SHA2565d11f1185fb8074a1ae6066a9f40ab1bd0488bf3deb0fe68241b697e664e4ed2
SHA512336e8c2fe23f15becadfe8b3d754c82522ad527ad40b3abab7793eecda1a0af80f18b5b504008eb9681d7c979b311a62466b392874e22d342554f9e061010df0
-
Filesize
1.7MB
MD51b1a8099cc2fed094592b777327ce1ed
SHA105406bc669f7cb623ccc5f12c49105a7d4634979
SHA2562b6f8c0d6fcf690ee97bde5439eac7cc30a384569cda8df4bcd82ee91448beff
SHA5122b6dd3a9c772cda884201293c1bcf54a5f4051f9faab93ef5145a513f772a0060dcb0b958c4d03cf17f8c7dcf806cb00c7b09dc0a31b7650a6687328be8db9d2
-
Filesize
1.5MB
MD5fafeb389eb0f340f67950ce46b6f29d0
SHA1ec91fe916edbc345443998428f34e3c6c9651244
SHA256fc7c9393efe8525b8939f16ad1ee1d2e8174e651d3d55c37f75182bdc0fa476f
SHA512eb915ebd40a342b9e485d582863df7bb67dd4fe9db6c9207685ca0d8d9ccb5a37d931f4d1a95018c4274390c5c242ff12f75380f1589545f4f173a7b90427bdc
-
Filesize
1.2MB
MD5a6bdd35a981b59d5351b37c9feb7cfb0
SHA1aa6336060051018613424271556aa72f9958ffaf
SHA2560e5cb3cd24ea2fe61f8e7d04ff465f6d89e303b507bd5e0a4e2dd998e41a9ea5
SHA512dc7b188289e24fbde75921a4161e1f097116b999e403061d3548bace0674175d62c698339e814127fa02f8b263b17bb87c794cbe58526c966801714d9379bf5c
-
Filesize
1.2MB
MD5dfd4dd57956b3dddbefc2fb2d0423dca
SHA10bd6d451c3199e33dd2f20766751d033c5a67e39
SHA256051d99bafa7af763c1c83cdc78bee3dbe0b4369cf37660e1c78643985a877d7f
SHA512ad807eeb340c20427d167c6b80ab14e6a374078980510f25b7274b2a242b389061e66aabf90221af0dd63bf294be709b150c6e096ead176201b2c75b4ca64615
-
Filesize
1.4MB
MD5266664a180aaa96629da194c83abacfb
SHA13071b22d76ef625a8adc41440b922af52e0d80fd
SHA25638766d5073bd5e0888cd80e25ea3e3bf71f3eb00d7c652e7745a6bd3147166c1
SHA512cbc6ef8b59ed3ab8b5746ce0e1479ce4e85037df6d6d7197905c09f840beba8942a3a73385f696e3c06415534d3ce3f34a1ff4218c3c0b9ddf28f6a1e5c8408f
-
Filesize
4.6MB
MD54d85d7446ff9248af5331158cb1fb146
SHA1046f4f69c939345206f6af5424a757871f32e9aa
SHA2565eaa53e3588b2bfcc1f50d300a6d1367ca00e181b559dab3c74b6f5a2d90b2be
SHA512888c49c137ee9000bd46513ff09cb6ea8c237ae943044459660e2cc06a1a00b68d7429563ca4399be1f2bcbed2035b6b4751778e6717ede4fe16f185c19e43ad
-
Filesize
1.5MB
MD5f2fbcd3f5c2539584e54c1327286025e
SHA12f8aea3a76ad94e7be5c0aae5b97e188c5ef9cc1
SHA256bd4898c6bf24c831c7c0e6069bb95f9dcc92bbcf33b6468c7c740c3686bc4f63
SHA512cde3eb983330c0812f79619d89fdc909bb08d9d143173af90f48a42a91afe2f29d766b857466f3a8010bf89b2a0a6a61545980d62a88a8041f98c71841be8b7d
-
Filesize
24.0MB
MD5748631945b46aafb75a509bd449bf0af
SHA15fafe9afd1fb19eca713a737913d8a7847bdb4ed
SHA256432ac3286952dcf89bf243f5f4ece77bc613cd4089ddfd3b5e42bc1d58174b55
SHA5127ce310201cb9d62c46a8820bb7ff49dc23ec0a43a6637a6191d548823c6a3443264bd3ab0cfd046ad77688a0d621161acb7be9101e5c1a7f19044878b9b984b7
-
Filesize
2.7MB
MD50eb75a34755cdac99b781bddac6f3800
SHA15b19a128b57505a0cbef083f70e9b0f7b9143b53
SHA256c9a2d2c1adbef675d07cad4a84ed9e13a0b9ae410c7e936dd9190c39703743bd
SHA51237cfba8ee6c22702d59bff98be4f85cb813fe41ed668de79c3897e29df6d56d77115c18b41d4b4e5439fa4ddc82729b4ed3bd8cd1f140cd554628ffed5877128
-
Filesize
1.1MB
MD514a22cd292bf829b6c66017c87a1faa2
SHA199770b11d2e78a0294b61029fe783bd88a430ca3
SHA256258729cb1acf09ebad6d93bc9d831e789642c1fb70cf7f151bd4a3da6d8c4569
SHA512ff23e928745ed58a0047ed0d00663575eef04541cac42a17a30fab684ebd81b06bb657d1b3c88653cb75cb07cdab67ae7006ae00ddcf028f87c6a61b14a85a4d
-
Filesize
1.4MB
MD51d472b43b9730940a5436427555ed578
SHA1331ab7bfa9430519995ef76dd1f3a93e365d3507
SHA2562b601d2cf967b5f431114a713cf9f8992ba13fcd27009fcc5ba7720ae724be31
SHA512d2b28d7c3980c62a645e26084df5ffda435f3e736aa4152bd2d3de6501fad2d4a737e34c23e70155dd3482ccb9dd4ca4a3a0315d2be1116cb5c4679147ce43aa
-
Filesize
1.3MB
MD53dca715a4c16d35a04dd791157edefcd
SHA1f9056e4a32c013bc9d966bb3c582665b3c672ca2
SHA256efb745dfbb23eca010b6cac5edd158db3d9cefb6c22905f320a21209dd53642e
SHA512f84dad7cf1d6b11a74da2efd355afccca8bd1a55f6a424cf1be457817bb509e5f817fefcd6c6cef033a76e88c3844011b0ba2990505c41da5aa9adb85dd4c05b
-
Filesize
4.6MB
MD52af98de08d2cee28329914130bae809b
SHA13b97a11c5583bbeddbc34685503b440539851b6c
SHA2565c6623a6393cc4b12ac1a6ab24850f4783bdf017c03f743c7c93dab848a06f99
SHA512027e03dde605de2db10c15ef12c7b56949cf20438b8a0e8ece4c6f75dded077edc1396a97ea0fc8a52526e61e6e8da03cf6e8767340eb3da4bbf5d21ce25fd17
-
Filesize
4.6MB
MD505a1486b2860e928048f9a2811fbcf7c
SHA12347e6dfd6370e5794047ba180002dab6d5b9606
SHA2563aea959d75a24280bccdc1acc39c090994aeb1190e705572a0ae189f0ece8b47
SHA5121c0da3139610c0dbfb2a099cc7410f9e8c806cef8043dadc27218eb49fcac918739f26740791fe86055cad183cd0ea1362c6f6b1f6edd30c5f0b3aa1272f1e93
-
Filesize
1.9MB
MD51ddf10d1282e66b4237ea8464266c461
SHA1947c00d12b3d3bc5de8ea1e1e7a147bb336180da
SHA256757a688f2f362a49ea6dc0cd51f33f866ce15d1621bdc2b18d33711ea89ebb86
SHA512e396d1321eb95251a7dabdb6737e3c618b54052fe4e064df5334103ef028a8b64de5c73684f24f00c531f63034a6ecbd090f5e33577c54a05b83b912cf2f111a
-
Filesize
2.1MB
MD5cdf4bdad44e8b1658e3659ea9f017d65
SHA1fd4b3ac9c06020823350b06d3fb5f214164e82dc
SHA256d8fb2389a7d788aa6ccc451578d63d6780e1570f5f2976c00691e45cb411126e
SHA512dfd0d6fb513efc1eb7e03c13bd36dc45fd81a051be4cc7c22fe6909606e8b04de15a3695a0e8130c498a7c5142de8a3070f6c1075c6a37ded2078e2d4a4502a4
-
Filesize
1.8MB
MD58f68150230b4488bcdf554c559bf7dec
SHA10be8c1e95a6e59afa170373653feab573d2fd99a
SHA2565c7869ccb569848b9f40667cfc9851457ad0fd30015f68866b18a50ce95d13d5
SHA51263206b470d28453a36e83af9fafe3f842d5407f939e51347cb9b79cd293c555fdc48c26d1b4baf1517e473cb47c556bd00c5162cd8dc34074f5644ada66aaf8b
-
Filesize
1.6MB
MD59076b5effea892ef05c7ade6de920b4b
SHA1759b69cb7b805536fd5788a4fc2d4d50c5a38721
SHA25628a7ff7cc5859b75e7815f948493ca5f3b18ee2cf20e1d7887e5caae3063e194
SHA5122f1e51b121c1670e179d00cae45e9f90ef840729af607a3034406e5ad98106f05c07d10baef4346c8362c3cfe9453f1fc20a6fc405e6dae0bec8305697faed22
-
Filesize
1.2MB
MD5afaa0771a4c9c6f7b8ea38674d9fbb78
SHA1e2149ea535d59f94250e5a3ce67521ee499a743f
SHA256de86bc2df28aa785ab045394c53ce1865dee183ee9532e9fbd2abe249d9dbddc
SHA512b8eee29f48d14da9f6af7749f605e5e5a0099444d12642962ff90490aff1d409b09047366abe8ab6551ab5787395f2d94e6e09d90404028cdeffd9ad92a5f28a
-
Filesize
1.2MB
MD5ff991c084f3c0c7f2f4f88c690055ee1
SHA1147a88f12066b61ff11025d91c25aa7e8eabcaed
SHA256e9727a5346d22bc16505d2a4d1bd7a21f169396f275e12db46b0acdf78c16c7b
SHA512b48761a458e20ba19b12e92f42e4449282a3570b3cfab5879ae4096e403b021b6243e6b7cf2299b92da9015516fc3d9895108215a9ee73dd46c7b8d5416cbb3c
-
Filesize
1.2MB
MD57e9e84cc32c089b221f3899f5615e9a1
SHA1af8a81076da38fd1680110ae6b5a56178991e63a
SHA256ea6e926ab155865358f2f636ffe085423561a83b1bb6d3c09b1047fb04418160
SHA512ac4327dcadc80d36c9a0a71db2bbdc12695708ec9849a3ffc5d23317667d8a23daba47024748fd8deae636369d4ece66eae09bb83669d6fc23308b88a697aa13
-
Filesize
1.2MB
MD532e8e8ec2d92e1855da7aacfbb30ecb0
SHA158e00fbe1a5b84aa11cc8b9cd7c7ecb57045013c
SHA25670ae0a5b28dd8ba4b3dfb54e1a1f62f27626179eb83c50bffb0ab220cd286fb0
SHA512ce06bed851de7ac4a2f70476256335845be268bd5fd4907e38294a9990b2b425cffca1bf0d33929a7120cb3a863cd8b3f6a2027a6b94a668b8549b8f13b5cf94
-
Filesize
1.2MB
MD5020ebd144970e0363dbcf330733c0092
SHA1716d6ddbca4c5eec06955477193883cb8fd8ffc5
SHA2564741cc04a2f095f501d233e25676fbba8140ae7ba64096e5fc860618aaf39c01
SHA5125948225413616c9041a76bb4cb356cafb5017eebaf00d8462fda008711b5c6ed15a676195e3783cf815d884befe8ce9b023de1a2d387da632a20d6cdbd2d5e99
-
Filesize
1.2MB
MD577af7cb084d318d34256f7beb0811ff1
SHA1eed16ade057cc9e3b0550b1b1bba7c3a8914a2d1
SHA2565df5efeae9203bce71cbaef76d99caa699ffb682ae6c48611026d2a1a29b3813
SHA512c08828234e69fc6538d1c7e115487e579edbbb9a869f514598c6697cf34c9029f34a3b532bbcb06be399c3dd8793aca4fbc97ea550a7e6833d8c5c60dce80e0a
-
Filesize
1.2MB
MD5eeb58658345d973eefa546f12949d8d5
SHA1eb0af9545478d73d90ebad47503c791e59ae8dd4
SHA256aa997582424b3a3edb4c37d8779535085933a4df1a0b3e18768dca6aaab58711
SHA512b4367d30a10a321cbb0d86f2af9155c6e5de6e5b23b24a6d450e183b9243477508872e2a7807cb7b8b5924885a2f0fac2f6ed5ab186b67cb36dd84c56e4ccf82
-
Filesize
1.4MB
MD5411a8b393d8f6f4ec13ae5c1c8d2c6b5
SHA16a55404bfa82df786f0d40c8858fa018af97fc77
SHA2569c0c8527bd305aef2a57b77128f83debd4891a05067dfffa0ebb24b7e089f8ea
SHA512fef21cb50b8954610f4a5158b609bd0ce2406770115e1b0729595ff470737dfa8994f998014f2e43de89a57843e8fcb83b2986d008141570234df06d89e031b8
-
Filesize
1.2MB
MD577f20b7381bb6ec727169302df16abe6
SHA1f0715e328fb25216d9c4431d380b389cf0a1ec0a
SHA2561e10f6924c1d56344181d5207002c7c699abdab592f8087ad431b1f700bdefa7
SHA512f66c9401c6882d215e77a99fcde57fa15c2901bf6688113ef8d93faf4761ea707e202095dffc35046eef6cc4d3f0e78e3bbabd669a52364cdd3ac7053862de9f
-
Filesize
1.2MB
MD5a49282a013c45655549ef13424a02b5c
SHA17373322d6a8cabfe4aa7766603f52646b71d9499
SHA2561d34a01e2065a56d3f1aacaed04db8494c36ef7eb050030214e3a086da1eb1ba
SHA512375d871d371edbb5e34d39030e86fd6496811aabe50e507bda151ec07d754517ee65df777f514eaebf62905e59ffd1f963036b506b628aa9cb41db906b0c743d
-
Filesize
1.3MB
MD5775a2cd89264264ccabb81d94dbd7e12
SHA14eb5efdd5bfc7671168ccb750955d6d84fa69ffc
SHA25620962d1ab96a403abfe05960df2d7b8e8d9a9eb3587a918e2ffbbe4ae932d6d2
SHA51277ac18800bdf165546cf9eabe85977b4986d39f67743b25b5309206e74b3567d66f172515c07cad3ce26406c979d73ae4d172f499ba09934e2b76fee8995f03f
-
Filesize
1.2MB
MD5e4716f42c7fbc2809ed53d64b4b1fc19
SHA14aee79d55849c650d896965e38066a60362ca40b
SHA25695680a8092ed5eee621f3fd8eade9d620b155f218e8935dd684210fedeb24848
SHA5122d3497fd7bcb152b6883dce84242a739e634f4c746c7b2c30c340e18ac9a5a1203b45cc9ca7805a30afea04b78247f11681d29e55a73670529ae8761775cd179
-
Filesize
1.2MB
MD5bfcb6eb48ab6644cdb61629e925479b0
SHA167afad43545db7613724c6279eb7a3d5b01e5719
SHA2567be1c866539f436b742bebdaf0099485bf00d30b8c14b43c6959715682678153
SHA512b894ba8f5ed0b5017798b3c8efc7f948e14947f0fe7159fdb82ab2fce488d559b460c919ded4c90a8e50027c178d957d93e7e4d074bd5a07fe82626ea525a9e8
-
Filesize
1.3MB
MD5ac854baee663241aeaa5cd3bf9e6e449
SHA150f0ff0366e1728b887eeccf02842c9aa6571c3a
SHA256bd5042d652e34ec53c3cc672f5c80f7c2a4d21e2217f4427b18f771fa94168f5
SHA512325cd5ab53d8a0a15eaae29016baad598d5fa41147a2fceeaa96461c5f2285be9c39b9b0d6567a51ea5cb8bc6c74d8bb61935f1f64c76ef49e798eb42deb43ec
-
Filesize
1.4MB
MD502bc41f457e7605856e6dada12b9ec9b
SHA1034cd34cdb44e74ee503169e60a9a0b335f94c2c
SHA2568bb0aebbc26ef32a63fd304dcfd9ae7f7fce403ab86d9dea541a3942cb931845
SHA51266c013d506af3a036a6be5f6977687c7322614a56a958be2986524edae6595aae503ad1bca3e2d50409a9a8d7cf24a62cf7fcc7dbe9704408725f4207cab1518
-
Filesize
1.6MB
MD52d564540f60a0c3537ac00034a06e161
SHA1fe35cb1b7c753800dd832270b66acc175f3de9d0
SHA256e145ffd263626700424a3a04f4439b3f6c5b14dc7da096e6a35f5468bb280789
SHA5121c3a8bf2b517d9acec9c716e042d41facb2b84a72ba60d05ec23e3116646b64ea30d61b6a2c1e1775cc858efbbad5068eaf3472e5f1dcd24096f2c45d2dc3dc8
-
Filesize
1.5MB
MD5403c3ea68cb435fdf5665ecf9859845d
SHA1bb4d74e1b8bfd3c70aad4d8ad1dadf5c39aaf2e9
SHA25615d226158a12e5dc9cfc409db4d490dd869965717283fa9268f1d4d54395febc
SHA5123baf7c90ea86e34fe6ddb14ff276e788ddc4687cd61eb322ddd0c0f47d63fb344b24bbfc0c64d8447fcc9b0a44e020bb6d68768bfb8526c3c602fe01a6a488bd
-
Filesize
1.3MB
MD5046844e785af199ec003e45e99ed7f2c
SHA1ddbde0d704ef88052d462bdeb7859d6e58b9c9e8
SHA256371ff892d0aabc2ca018cf1d04741bb301e88e2c1cf455de152d1534298f92e9
SHA5127be120ab30af523ef12a27a0d760533bf96012c9bc0a99d00dfc224b171a685253d3a74309fae893708942b6cf7fc7623383d3b148c55370615f32d0ae27bd88
-
Filesize
896B
MD59c14922b9cd28788cae8245fbbaea472
SHA1cd4e43cc08c2874e2fd8745aecee11d727b64c97
SHA2566274e4818cb74f86e69bdf2c9ea5de006efee681960c1b42ef8b2eb722710da7
SHA512c5cc8db4356949ceea6d2f119b959d99d4604714d4b87fbaf6e883967bfec1f200ff8b1658e20fbc0a36f1a039ffe0ef0ffe6aaa1eb6541f98793b64e5793f72
-
Filesize
12KB
MD5a66e19c05f3e0b24ac077a37c2b7589e
SHA18b9ad1517985c48c0bd11670fabd3648bac9d1ff
SHA2569771364d53fa9b1bd14cef7e48be1f5df23b11aac9f5cb6763a4934b3190e126
SHA5120876a0072ac19f03818a2e5d77cec638470a09e40cd3794d901f1625c3f701f7b37a5cc6e23057a53e62d6e936f5c90bdd4a2c811c64dcfaa20dca5fdf63565f
-
Filesize
164KB
MD56f4f42061aab694db55f0b0b385fea40
SHA174b3d8b494f671ce3d5e84552a312ab41a7746e3
SHA2567d685e0b2122fb788287a4cdcbe57113c5f41277524582997eebaaeeb0ee87d7
SHA512a7a8ac0c6896c47fceeee1d0a121a81831866c74a0014a3a80dce9f2ce276875aaa9c24ff004c2b5b842e13dd646c46692010e73959884333ada4c1b13db7832
-
Filesize
1.2MB
MD5f0240cb096b873b8b3e1604174c18d4f
SHA1a74f75ac813861ec9bd0cfd2b6b186aa712c5a95
SHA25628b2c4b393414bfb206354079f608cbeb705de408b30b7cfccf19b2052dff578
SHA512a6cc6d1dc31a170cae9cae56a5e1efa0f0dc3bb93896edd994e55ac95df4dba4a92aba21f2643dab4e5e0e45b043f80c37018aeeb99622a396a6f7009bd4d67b
-
Filesize
1.7MB
MD585159ac903980a2a4e3ce82dcfeb029f
SHA11d8bb3da32cfc0b380270a455eade14005d3bf66
SHA2567e7c3fa555c9b38909894f512a111c952c6971d0b6be55813e9d4ce1ab58ee88
SHA5128f34218158eccaee969d9ae409466fa25be182bd73f89d42294c23b83908ed2c8aa933acf5b41138adeb90bfe6545bb7788642e557d4d4347b9e270bd5739aa0
-
Filesize
1.3MB
MD5127c69a2f8b206f1175a6927f721e69f
SHA137884a24a045a8e50dec4973c7144f1246c6e541
SHA256b5b5199b919c498b5d2b90371e0d28af49c04d5323fefb4ab9906e1abaf93c39
SHA512d3ced2bcb7fc980a33b60cc42760ee070dbd824c1866e37fda95a688264ff0d9476172a68191ee2ee07ae7273f31756a74631e767274dc28e0275a12c320e31b
-
Filesize
1.2MB
MD5f78d9ee28d332884370d538d24182629
SHA1ad5d2ed88e5afe2eed11b3543e0279026d48bbde
SHA256e288ac83b4bc4055c4ecd7bc803a2fd99bf1ef1cb2288e0ef8f7e6a8e0c6136b
SHA512e5d6f1efeb9a1e652026c5df57c92b8b7868ca112074adc0bd8bb5af1371f3c8bf6db06b267210b049c34a8788589d2a6fc207138ba08f1fa1032d206bea8a04
-
Filesize
1.2MB
MD5bb34b39a0ba8fb76f795fcc35f0830e8
SHA1f4a469d3668646fdb3b3d488eb89624ba188ee16
SHA2563a21b8139f327237116ae0c35053203f0a33e587c3de311c2f075463d080232d
SHA5126f6b10c3c6050968658239d8899ae53a43c6840dee277fcb48daf6dfe68852cd55d35b1d044a91a9824ba6a4ea30f31ff4b5e17f075a251a3a86e12081a8186e
-
Filesize
1.5MB
MD586686d684e71377bb2d78a1420364c4c
SHA1734c4647f8eea82829dcfc77675b46877dd20824
SHA256e6c7f6f94664077b918d4bbd1be9cc0e84c4c13d3a7c10f097c21805fc7ea3a5
SHA5120ec447154709257dc65ae0cf747b0a54bf6228b7ef188d1cd42fcba6993eecfa68102f042f2dc344076f32e3e75e0ad125fba522fbbcfc73509fdf377b6127cf
-
Filesize
1.3MB
MD572d22b766ee1f0e59f6647fc018d80e7
SHA1d4d7fd71bef0d1a7560bf7e1fd77b2d311a5687d
SHA256057f74dec925f9132b61a37087fc4ba745c0b13c36b64c32575a01673c92dd4a
SHA512df42b7c240a338614d2949aafe2aea740d59eae05111b0ba3c77ee1f65de85bf1e59a5dd663ed3ab692cd506edb1b0e34ec6311559bec46612cf908cdce06247
-
Filesize
1.4MB
MD5e7118aa2aada5cffbe0b0e21e092e88d
SHA156f21c10e81183e05224bc5b1f559e80c37195ca
SHA256a94b69d59f2022f7443ff74afa8be0e0ca045fc19fd4f07d88d92ac1428d6cba
SHA512fc434e20f9b650aee0794a26e54685268cff28ac9a9b76481de05cd704143ae3d21edc5370f6b4533aeb89590c2edd85149cb4a0090a1916866a82595c986b8a
-
Filesize
1.8MB
MD5c3c5c6d8fdebe9cbdb9feedee322bb26
SHA18470e5f4b06cafde1e4cb3c4612deb88f6610a99
SHA25615000e751f0b3d042a529dc110550f926829f9753e4e3dc8ebf9215ef525b34b
SHA51280ca1efca71397f2c7d0fc7189aa548797b149ffa4b7408773702e94c7cdf8bc58bd97b2efb94cbf2f600362676f491dc723296996b162a085268283dafec868
-
Filesize
1.4MB
MD510fc47f61df8759da34b57ec9439fc7b
SHA16d7ad984e456ec86e097a402878ed89fdc377d5e
SHA256a5088b3d417312bda95130879429203353b33ca3c93ae7b03800782ee5a22810
SHA512c06690e97c364ee228e63a835663b05969d362e47a9c21c89d59e96ad6ec69327f27ba58c5b6f488d2f9c1ad9fce69c62a04155f973ebc4b0abac0bd6d491cd8
-
Filesize
1.5MB
MD594e999e00620286eecaeecf43e7dfc13
SHA1a7a84ace67bd9ecfe1d6c2fd5f8544f5c4aecf7e
SHA256beaed6818d7414ed74e3532b4a687bf1971e08baedb8bfc6109189274a54dd02
SHA512fece69177f46eaa179965dad86adc1a7ce210fe87365d90f08c9f1f84424cf51ff61078bcd432610fd38aeb2f622595b26c83faf1d280ea56ec4a4a2cc983c1c
-
Filesize
2.0MB
MD506b57f6b1f673081eb2ba5ceba8bbe9c
SHA1fef29312c97ea0bebd68fa8d3ad3dbddbdc29715
SHA256663748fee4c8760f7ad7ce751227a4bb8a9756b55342f4242a9950e8d648f834
SHA51268dd918be586743da0bc09e4a746faf898e158168e4c937075d870dd9cab775f31abd88263371fb6a9bfc1ca231d6fa7a7482eff4952ea19a1fd42102b92fd91
-
Filesize
1.3MB
MD519c328bcad1b2df6b34b7490f066da4e
SHA14a43e66ce7b6b17bb427cc0177f76b4b5adddfee
SHA25649a0b6f53099a215323bf1a11e42acc47e54e6330b496f67b85a80155c92ad59
SHA512e5e8005a634994d22baac69e5003e285496a678687b0011c90688f0666d46c409899d07d2d7ae902d1817718943517ab9778f7bcb67e3b32559dea6cbbb6f06e
-
Filesize
1.3MB
MD5399402bb131a3a8405046d7e205a8bc0
SHA13c4b32376f283635672a2932c0879b46e0b4efa9
SHA2567abfdafd12d66f96a46d126e8d35f5412ef8cfe05322fe36912caaf59694ecde
SHA512df44d63f15f5a2ba416cdbbc30aa73cc72e9ce2ce4b4307010849a132911d6d74178f5814b60345bd97e636c1543db2341afdccfd8490f985e457ca261a4341c
-
Filesize
1.2MB
MD56861807d2e22437c28412b8a9a6cf4d3
SHA1e1956e6627edc2caaa2ea3b4a9ce66b27c6969e9
SHA2566c52a54fdf5c4800b37640c94ecdab2b518ad216f961315924900bb6829d2f7f
SHA5127e475e0144cff0571415b826d127e2f864f86ee64e92a377bf040166f537212f5cbe8ea84bb9959846393def7c991a91673ef70bacd5d17c088634840ef820d8
-
Filesize
1.3MB
MD5f4aea92d4dd5eaf9c0e05d6d93034beb
SHA12343d1920e3df8792cf221654fd7615a63103529
SHA2562f15ba950cd7d08bca1ea1b8b499543db0c1cc50f6d1b9ed370f31f5c9721864
SHA512f3ac53b929caa40d7c7e203c65dc16f4980fdcd9468c6d8ded27669d478add41b29f59069edf67ae69b4c3c9c45cb42d2fb6cb1ae7c9193c1650333b3a64208b
-
Filesize
1.4MB
MD5c9ecb721438e2c29a6267db33e4f91b3
SHA1bb72d19b9b2f4c4f51c8de9cdd2fcfae8bc3a27c
SHA256b7e79780a4dd2ae9861959ab86a82cb97d8efe2fec73c2b9794e7c2869261efb
SHA512704eadd995f6557571c47df65faee9b90e5c41939984b9e6cb00352e6858b4f54a2debaa30df969f90be58206785fe369c981b9cb79ac12335fdf92aeab54815
-
Filesize
2.1MB
MD5029725a8be429e219412b2676eb778d5
SHA166da242d68e6b4db0a8016d2528dafe3f3c519ed
SHA2563a94f046d392fea2b870d16f4fe8f00e1efbb73218cf0c68b4740e2d0a77702d
SHA5129f3da653e9a206a711a5c74a58735b780f65c7f8e102f00ffa451ed19548827d5034daae4891a3f11fc08a5a9e423bdeab6642bccb83d22923e5ee83b55b93f4
-
Filesize
1.3MB
MD57b6b4a1acea21d31d4ebb1969c4f7874
SHA17a6fe5dbf8be11aa9683187bb7096ae1372cf98e
SHA256edd3c99c7e3ed3257b248ab78677472cd9755955ae4727eb5b3a6b99da1ae38e
SHA51230e2131be5f914d460e51ba2e51594e3eeda694f591ada52ca4a2eb1fd37d4e37e10b8bde97f057e1320a88e52ce6136ef3c28e357be82c0f75ca80987899403
-
Filesize
1.5MB
MD54983b260e984715168a3cfb73025c862
SHA121515c2284d5c213c742c60822d587a64f6f8fc8
SHA25690f3882b16e1312005c4e731eb6c864e41132cdfa835a81cc75104dd91745d4b
SHA512992faadce9de3ad5185e814065059f9dea57ba513b62a2db4fc3744d6dcb25eb559a9b7eb247e1416d53b16bdbb29d0614166fd8e6d3039991d1637c78c7601a
-
Filesize
1.2MB
MD565a9147390cadae82cbd3db699e1983e
SHA1e66c7385ed53e8d0738af432a73895e8a046d20d
SHA256a3af2f7d1d919386877ebb95d5bdb4c0fc367853ab1464a5bb5ff710a908e45d
SHA512a797fd9f447950f8753981f48868e9ab4e5cc38e1739ca2e391fff6da65faa29b2ca5549b3638753de6c077a6206f7b4c7d4f653f9c32b7f339a94050a70380e