Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:33
Static task
static1
Behavioral task
behavioral1
Sample
6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe
Resource
win7-20241010-en
General
-
Target
6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe
-
Size
1.7MB
-
MD5
f6a53f45378885fe98c3d5b4d0ca947a
-
SHA1
764285755bd4ae6517cb1462e488252335997257
-
SHA256
6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5
-
SHA512
b8f321943bc5701a38b3cad49cca50dd002078792b042b1d01483e841460925ac1afbbe40675dd00b67b3552288a4186f1fd23081aecc01bdfb7c95df276f966
-
SSDEEP
49152:CKxNupkTcKb4rSUfkVFjugDUYmvFur31yAipQCtXxc0H:LfupkT5NUQtU7dG1yfpVBlH
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
pid Process 3924 alg.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 4992 fxssvc.exe 5012 elevation_service.exe 3232 elevation_service.exe 4872 maintenanceservice.exe 3472 msdtc.exe 2404 OSE.EXE 3180 PerceptionSimulationService.exe 5080 perfhost.exe 1072 locator.exe 1324 SensorDataService.exe 3688 snmptrap.exe 4284 spectrum.exe 4036 ssh-agent.exe 3308 TieringEngineService.exe 3300 AgentService.exe 2516 vds.exe 996 vssvc.exe 2064 wbengine.exe 3456 WmiApSrv.exe 4828 SearchIndexer.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 38 IoCs
description ioc Process File opened for modification C:\Windows\system32\TieringEngineService.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\wbengine.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\locator.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\vssvc.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\System32\msdtc.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\b7f8a51099262766.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\AgentService.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\System32\alg.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\msiexec.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\spectrum.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\SearchIndexer.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\System32\SensorDataService.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\System32\snmptrap.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Windows\System32\vds.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_87484\javaws.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\UnregisterRequest.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\7-Zip\7zG.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language perfhost.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d922661def32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000077c221eef32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000039b3d1def32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003a4ff11cef32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000036dd9d1cef32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000097ec0d1def32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000030fc5e1def32db01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b60f531def32db01 SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d5cfb41def32db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005db4b51cef32db01 SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000de3afd1cef32db01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search" SearchProtocolHost.exe -
Suspicious behavior: EnumeratesProcesses 46 IoCs
pid Process 4368 javaws.exe 4368 javaws.exe 3020 jp2launcher.exe 3020 jp2launcher.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 2524 DiagnosticsHub.StandardCollector.Service.exe 2524 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 652 Process not Found 652 Process not Found -
Suspicious use of AdjustPrivilegeToken 46 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Token: SeAuditPrivilege 4992 fxssvc.exe Token: SeRestorePrivilege 3308 TieringEngineService.exe Token: SeManageVolumePrivilege 3308 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 3300 AgentService.exe Token: SeBackupPrivilege 996 vssvc.exe Token: SeRestorePrivilege 996 vssvc.exe Token: SeAuditPrivilege 996 vssvc.exe Token: SeBackupPrivilege 2064 wbengine.exe Token: SeRestorePrivilege 2064 wbengine.exe Token: SeSecurityPrivilege 2064 wbengine.exe Token: 33 4828 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 4828 SearchIndexer.exe Token: SeDebugPrivilege 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Token: SeDebugPrivilege 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Token: SeDebugPrivilege 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Token: SeDebugPrivilege 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Token: SeDebugPrivilege 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe Token: SeDebugPrivilege 3924 alg.exe Token: SeDebugPrivilege 3924 alg.exe Token: SeDebugPrivilege 3924 alg.exe Token: SeDebugPrivilege 2524 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3020 jp2launcher.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 5060 wrote to memory of 4368 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 86 PID 5060 wrote to memory of 4368 5060 6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe 86 PID 4368 wrote to memory of 3020 4368 javaws.exe 88 PID 4368 wrote to memory of 3020 4368 javaws.exe 88 PID 4828 wrote to memory of 4344 4828 SearchIndexer.exe 113 PID 4828 wrote to memory of 4344 4828 SearchIndexer.exe 113 PID 4828 wrote to memory of 3960 4828 SearchIndexer.exe 114 PID 4828 wrote to memory of 3960 4828 SearchIndexer.exe 114 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe"C:\Users\Admin\AppData\Local\Temp\6dddce51bd71511c488fbb56514e6b26e6e9305e0b901b9df56df9577646c8d5.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5060 -
C:\Program Files\Java\jre-1.8\bin\javaws.exe"C:\Program Files\Java\jre-1.8\bin\javaws.exe" -J-Djdk.disableLastUsageTracking=true -SSVBaselineUpdate2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4368 -
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamRrLmRpc2FibGVMYXN0VXNhZ2VUcmFja2luZz10cnVlAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGJpblxqYXZhdy5leGUALURqbmxweC52bWFyZ3M9TFVScVpHc3VaR2x6WVdKc1pVeGhjM1JWYzJGblpWUnlZV05yYVc1blBYUnlkV1VB -ma LVNTVkJhc2VsaW5lVXBkYXRlAC1ub3RXZWJKYXZh3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3020
-
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3924
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2524
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:5048
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4992
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
- Executes dropped EXE
PID:5012
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3232
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:4872
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3472
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:2404
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:3180
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5080
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:1072
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1324
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:3688
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4284
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:4036
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3308
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:3720
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3300
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:2516
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:996
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2064
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:3456
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:4344
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
PID:3960
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5f4a5289dbc27018b2f356a36b9bd7303
SHA1ea3710e01f2d20a2e556fe583027c00e65a98782
SHA256b43d66553b95d87f8c04f3f568de6f094311e81cb7fa42fd2892dc7e7e3f4f3a
SHA51285b1191cfb5d9c70dc2d5c7e5a6e30101e394045e1afc709b490d3f985d9e174e8c9e6cf49af65be8d0930d635f83a8dec2b46df0a17908b8049cbe1e524026e
-
Filesize
789KB
MD5cefb9fa9d0e66623ace979dd9940bd83
SHA17f68d187a137d51da55995e971d646ab9cbc5327
SHA2565dd2b57010a4cb782e8194a69cd37ff7b70c298ba0829532656e5b0d5dbd7c68
SHA5124cfb6304145e582707e59f6ee49af9c555b6e51b35019ac1176b8f2fb042386dbee69ee74425801b2eaf9a66a22d787a47fc1ebdb7e461bf1e52c699ef724c71
-
Filesize
1.1MB
MD5c90bf061e9b87b41f3588200c9168b5e
SHA1de8120f7e3854a293e48ae3c423d0efc3ab060f6
SHA256193239f17dbb83606f392a95220552e3dd3f95def8672955ac3a6ba14025b017
SHA512953e66f3af74ecd7b773dc8e808325a920db6f52881b0d19a222fe850b3e1d71ff70ef0a8d43a0f95091f8b84e9dbfc999a683e425bfc0c54ac62bb0032d098d
-
Filesize
1.5MB
MD52a3b26c505030231a682124a0da3815a
SHA165986e53cc2a6c1ed576c08507c771ec42756786
SHA256bc9240e35ed48902f0948a7721c480d00051f8b77a284f20c8c45b2f56842fda
SHA512d0ad701609bd69a240ded67ab10d5c5d2a40b550319c2b752cee7f1179f6dce5cfcb04c3ac8f4a7a0e1a5fa019635cb0eb1cd8fec82ea345c4ce94b504cba745
-
Filesize
1.2MB
MD5b81e20ee67fd082d972ce763ea170780
SHA1c6a02c1eb9c4fd17a432efb22ed60f6e1c7f241d
SHA2562c5cb5c4997bfd823666167f7a95b6cd8f1ffcddde10ad1969e9c1f231396fd3
SHA512e95173636bd4a19e27b6af2aa9ce86fea187b4ee8efdb769c36d90b4a0cfe2aeedc1d141299e94b7c74ae76f0e1a698b9d8dba2390c3b07bd89d296dda426c01
-
Filesize
582KB
MD5466d332fec94928842890a268b2ba46e
SHA1b36eb94038cde7a8b9d0817ce8ca346c7722e22a
SHA256a52daac28926cd17c269d235db7b35b817d9495c462f0500c7dfc57067a61a36
SHA51210cb2acfbcfcf21d41c7b54b0630b1ae650953601d1a9f90d50c35f02c1c7c240c55d24beb2c020e2d2ad2c8a886a74b912051b96e4f435f59cd7040e384f40a
-
Filesize
840KB
MD58c95ab18e869da4ddc3fda8c64bf2e74
SHA1db97223587b7bb513df20d9d2b9ed155f4e64fe7
SHA256a6b76003b258a0043759ea49e1f9d7d34100eedaf7b7e235774b4dcc4704b8b3
SHA5123b82cabf106544e7e5baa2ffeb4f6803571a8a90cb038288d42d36d568c8fe3eb2aaf9bd42b16dc1fd040c8e54e5e379b5626a092aff9b73583fdfb6591490fe
-
Filesize
4.6MB
MD5ae309cbdc4200c4a7b142d733c7e93aa
SHA1e266256b79cbef40b8736d845ee0b7d2999976de
SHA256e986073fb40dee876f14f56f86ad0494c8a8942204429b9821abff00eefc0222
SHA512f87852c925d70bc0187877f5c017f2f88f343afd9af6e877f5263a006ea0546a9b5138719364749620850c6d92f82c2a0eb19668327dbf9db5e7778d132a2bab
-
Filesize
910KB
MD58a12a7667f3a1a66659c384320772e68
SHA143a218411cc69728812c7684b3779d428912ba44
SHA25688a0df0b84fdd03f9f02164c649b8d06fbbbb389840cba3597c1184e6bdcb6ce
SHA5128f644fe255a83e76677cbbd8a8261f9e6dba18922fff5070abbe59c2ee94976e60d37a32e0e7896b5279e7135b99472e04dbf071fc7b3bd9cdba6a93cb1d1ff7
-
Filesize
24.0MB
MD5d5a49a2295cf9072f5e67b6de14d1cb9
SHA1e7a4ed2d0c98120cfddc7b3617c79d32945df606
SHA256dd4e71ca0c0deb485da9ec7d901225411d9ec91891e8bfaf9031d8f0914caba6
SHA512ca7a1fc95a7837a8e787ad624f1abc2154e85edffd790def5ae149ad9bd58c616e963bc0cca732e011f5e48712701ea179dbd9385605fd756732a1a3b3b3c045
-
Filesize
2.7MB
MD576320ecc99cbb7118d78884864826f91
SHA1cb47becfd020dc8842f10a3e2ca3566fbff5f955
SHA2569e5706b3a2721f3f0b80812b0a75f9b43d75fd624cb3032163cd47f7f9c5b178
SHA5124d64acf0a33c8644dd43cfae5b5ed0fdd4dff1baadecc56f168df7756d1cfdcef39144f3d448564fa2f45f96120d8bbbf195d1db35899541e9530f1445965194
-
Filesize
1.1MB
MD5ea237995c544d2b5f5ba1016e265ae39
SHA1f2289957a960903b10bee2ac00adad176a619d00
SHA2566a1a947ec7849b6e83c6858dfb9b31cb015808a07bd4b0ed1bc3757ad219647e
SHA51287f325f00a8106bd7e5ab90587e8a6ffe970600a526489ea4b7e288daafdc4162ccaf43c07246e0343a4a8059105ac44336b3457080fe9a96f1b5fc689c6ffe5
-
Filesize
805KB
MD59b5cd3ed73e5721e0802a936a54a2a52
SHA104b484b82c06d08abe4181cffc5d5a6c68db8289
SHA256fc18e46f07c5fab6b335faca8b0d06c97d3d35144697bf1a05a56275c6c4a003
SHA512b429960f8fd498e6a218ab0a534f3c23af53a786178d9d15e87c9e351c92ff29ac1807633a0cb2197856340ccd674eccbc949fdead668828ce809b9ed4e4b3dc
-
Filesize
656KB
MD5acd7397c174bc1bf0c81dda55d002763
SHA1664a3bc76d932f464f250f7b89ffefed1d87c6c0
SHA256e633a387b94a305e7e03249d312e115b0dad6508e4fc303b4f6195afd8d17eaf
SHA512c9e8aef7535d60e3221c91f7b350c460a9edb6605bf40d95efa7dee515ca69b393910a2846a0c4ada595cb7d97b41e251309a0f16a906217708dba58cd8f7081
-
Filesize
4.6MB
MD5cf026aedb8a5fabf394161bc5a03d6ad
SHA138bef761ed6dec85f9c742772b22997bca63ab73
SHA25617bf533b4ee0d9e060dd23da715acb9832d641b9b85b6bc4d5b11c6ac46e069a
SHA512d1dd8e7580cfea3f1645191dfe85956f1e58ef9adae70697167e2b9880302adbe387db5fcc89b85d123ed526e9ad0cf63e6d873a57271928c2ca163bd2e5385a
-
Filesize
4.6MB
MD5fa26a9b1b26600365c9d765c13f58614
SHA15b15434ab0473e526a84aa82bf3022481587e81f
SHA25625ec1af029d1e460dcd68b638ff00d59fd070da9299d61d6a9f5955f65da88a0
SHA512474dece3f7035814be799ab4946ab9c331af5797afb237b21a593f2b3f7181f1f9822ee17da18677f95503666b0814a909e39d5f8a777fb7309a3bbc1a4df10f
-
Filesize
1.9MB
MD5963dd3752e2ee22af4751993b2a2e9db
SHA1e220fd3bfa23412edd34e26c02b2305d25ffad9d
SHA2568e9ecc6a7469a152aa614e2865c14f36113a3c8c853d7805ff4ee05a1d0212f7
SHA5120282e9f9340497a5d12c1d6159d0c899c08942902a65520ba33ef836dd16ee2d8a1755a3f53eda972f6aa3dd585f7a5afda35291201f9d8fcb7ba02b09968498
-
Filesize
2.1MB
MD5ae7b819e3c1fa685078e20c6ec4c6ec1
SHA17df4afddfb6e587b9a126b94f3253fd08d889909
SHA256aa3e25647ea1e29ca3006699db1f14a9905738220d82368e7aa8bee2c6926dfe
SHA51250c863cbd3bb8cc0f9a91e754a47dacd8602e5588adb7b742b2d365ade62aa7af0aa1c712c2d25a297486dfebab565b8eddafe102b90ef6eccf0588af6cc0aa7
-
Filesize
1.8MB
MD52871df0a787012ef9378890e710e723a
SHA113429161c6805a73713ddc0a37c4818313fc5c1e
SHA2569f7067552ee3fead30a1bad6c0307bb140e14d58dc126b85490b0568b339c0a4
SHA5123d762009223ced9b6c8a931425c705e32870108cfbbe1f94157276f8ec1c21da513e27a9731184c2e802250d71f5ea560cd5c8cc971f3d32c00d2fe0e3bd43b4
-
Filesize
1.6MB
MD58c642047eef7167514c547d47ddffe6f
SHA1fb42ce45eae2ab24a9d8bb976703a8f3da73cfdc
SHA256c990c460473a2dff533e961c1f467fe52197d96ba5102e466c6d35d2f5ee6512
SHA512e3517cda993a1002371a09fcae1724489f6892f1578c68e7500141a9baff1f80044da57b857cfc14d04a0ecb71ac6b2918d218c3d21845f9c9eb1a8f51942fcd
-
Filesize
581KB
MD53bdacc2b78ac1549ff8ab6c0969e7acf
SHA1a0812a44b54a6e629eeb0b287febfb68e4d0aaee
SHA25678bac3803936fb2fb545e20ac005d0ee38be196df100edec0dce4b68ddc7822f
SHA5120761d5e8f0a79f870a7c7738dba755d1c248d1835888e996c3d40d5d2ef98bd810dbb39dd78d5756b63dadee72b4fc3fb08c546447b50d56dd32ccbe74f83921
-
Filesize
581KB
MD51fb2b7df6db3d0168c4fa45721cac4bc
SHA140021e04ff70d303f3ea45f223123f12cedced21
SHA256b6b729868ceb2364b2e1f70d136182d5c8ae6626258020ed2fc30e717b73f025
SHA512849723874a451abb14a7b28a7ed8d3fb92e6dcdadaee6575f36afc0737623dfdfba6f2c93177020d4e52ee1b17a23f43e358a43b2d52df15e3b07d61affc8329
-
Filesize
581KB
MD53b88180dc4bdcd8c814b71f27009665e
SHA161420abb985446942da855d6d414cd252bf9a10e
SHA256777658f3fa9ce519376a356959979494ce9f9ace73c44e1f5d2ea7f747a68550
SHA512043d29268ecf675f06c4a75b87ca85312c8bec5fc487d5424a7e07cdb0e15b78b816ff058ed0713e022477862b80e8bb497d450f0c57765418bdef909880e724
-
Filesize
601KB
MD5a53b2d285eef5c4d59d3cdb6d5f45537
SHA1401b0690ee82e3b0ebdaeb5401eb012d2f196194
SHA256c5bc224e909a29b4be180c5b0fe74d1edab869961e12ebeced323b6e616a58ff
SHA5126fffa5cdc73a28b41404b1de3207790ab0ea8c978b433077615119087333a9ba4e780d18a53083a893d26d25ebcbf3e84d481d0affff29346b910c0cb2225f8d
-
Filesize
581KB
MD5636d1ceb18ac01d5b00a73df802590db
SHA13c560eb7a24ea3c7ab01bb0b45b35ce5384c8bcb
SHA2560d4b3f336ac493a69d779f3c19e4c39e25cca1fd79a58bedf1c020b1e23642e6
SHA512b6e2bb4043e2932ee0bd7f578bc289a2ff15a869968f16d33c81168cab9ed32c24b2df85cb0ff353a446838aab650805c706ef0b3c35507abe28a0a7d66bd55b
-
Filesize
581KB
MD509fb2c4f20a845b07120a31b309f1d1a
SHA11f33845c610f5ed245127e12e3e3d8049dd5f8ce
SHA25622218776a5b08b6d5fcac7ec59ff0ba348b40bd01ace33b899b5428f088505a9
SHA5121ec448e3982d7a5d1b53e007ff52b39616f48561b627a4fa2ba45be718eca8a48bb0f9128746ba1bec63271c8973ea7a1d519c73deb3469468777f29c5469a45
-
Filesize
581KB
MD52ab9ca9ad3d8c15d372be29ae49348c0
SHA1e549525eb037074e0634efbbbdc9a4a71d834f16
SHA256e386ca0207f8957053d7f023b8035159eb0e22676ba5a9573657f7de5281225f
SHA512df84eb3c36dcd12c34d86464b6d6e366a5e598adc406b8cd85825d05f841fa83af697e78134a2361c3e0e80a1d58990ebce1d8d43e7e7f16f72d6e48f97c2648
-
Filesize
841KB
MD503f56232cb5934b38edd576dda0af01b
SHA13c7d771cede4cd0e303b2a912972882fe7e4392f
SHA256bd449fabd3ff3a92fddbcdba3c58795e4504cd56671e0660d76a8b6943e99172
SHA51217aa1a82b00cdaec4a596efce037bef88c2b040f587b7cd0b2b783044dd45fecb72a3cb81ca4525a14ceac86d3f1717047d644e1b8dd155e6c7e02ed53aa8c6c
-
Filesize
581KB
MD5b120a33311c2322f67ea505b8c895769
SHA1a6a04e10e633f3e5396955d205eacb6741a34af0
SHA2567dd75e769ecad609edc244736e9cbc64067b5e58ba9f277b371e883e19586c48
SHA512cac6a2dcdec31175333382d86026bc718e8eacbc666358eaa538aa31d9a94d677396d59f1fa251b4d2ff00bea5201b6ba3e6d33cb20b371c46b04f098dc697e3
-
Filesize
581KB
MD56d29387a041f29032b38c03225223f36
SHA1d546c403e5984e2ac59fa27474395b268e38f7c5
SHA2569787fc75da284d4f78ebede254a0ab9add659ab09a767b8526c077b23d03ce6c
SHA51260093eb9fc78e81f6dfed37ae4d66221f827fe98895abed2cc2b0b66cea2f606a4164501de2e959ef619b36c8d6008e35a16f7a8afa894a57c5b763e2120d0fc
-
Filesize
717KB
MD5873b05a49206da7acfae785236e10b31
SHA12703d93e3ef4ee336fcdd4b1d3e4488d5d2a2393
SHA25660f1463363b6aa6e20999f89c26c460b188e27376657299c28b7299b0ecabef7
SHA51208d3b11dcaf50b3c6c2df0962a88978d9a9808973c7b78bef737cf21cce237f4844b1014fcc66101f7eb536267189f15c6dae9a901c8068f55a2b592eed9cc7d
-
Filesize
581KB
MD5f0c2d8bace32bc6e780ee5fb090d2e6e
SHA18f2069c3c499dc65cac55cab7d7142393c393b33
SHA2568bc9d2bc23dd454e613cde0ffa2fd7933d443379ba23b2ff336b370fe64ea97c
SHA512f2e652d056bd7f620facf196cc944e348b78606be8669719bcea5f6e4ef07cc7fbd24fc4d21f80710fb980c06b63905c5bd3ba1d6674b06e4b6263e76b8fb03a
-
Filesize
581KB
MD57ce830551588c6d093382e264406fff6
SHA1a48e352b466f06d1cd63bf5a38b2fa43d4d7c2c4
SHA2562eecf8e250dfd049c393c681b4d4e5ef8082ebd596e7e4ddca852f571e52ed7c
SHA512c7d28062c4d48b244840cf89ed34fa0842cf940e07ff4b58aa52b2a5ae22a34fd3e0050ee95f5626a543b8a47b49ed9ddcc64cbaed6ec93b8ca63b87cca7f58a
-
Filesize
717KB
MD53f53a74c370dabf9d10a196667ab07be
SHA185170a2951f31b8f1913761ae9dd07612e820452
SHA256c8a1f7ae396308b1564890b740c104e6f1644e5417da532bb2fe2508d523a538
SHA512fcf518de19f67cfc585df0e87fca527d96cdaa5f7e6175e4d78a8fdcf62026b882f1427353b361a2ee6c02f7709abf321ceb7119b0de786355b01a31fad82233
-
Filesize
841KB
MD56fdc6a2ee644cc8750037ab5e2c8f318
SHA1acf27d10b2b7dce1e9029ac9c321a00d1595a9fa
SHA25653b1c58214bcd8fc105f0e654b30ad9e42f07b9e444b2849bd4f1f48b7557d30
SHA5123d3b9a6790f1d47f4b3312dd6f5171b7e3f5601aa5d838afa440bca49ae427f78ed8728cc6233d8b543ad5926df37a5f50faa6f87f4ac048865b2e1ec8a116c0
-
Filesize
1020KB
MD5f7b7be366bfb075a14cd0c78c7bcfb11
SHA125970634b6152f753ab0a78568c92374585a2c4a
SHA256caabe79471cbf25b8f0de1d713ff2c6d88ab52bd92acff7f09c6f259f0e8a05f
SHA5123bfa917f0c9454e274d0092912857b4bbb8918d0a81487b3a1ceeca8dd8b8267a9bb399cdf68c9cc094b23323673ea1486108fb520a05f0c1102e720a1132c27
-
Filesize
1.5MB
MD5c7f97ed1097b5c818b0e13339f785e64
SHA18ede9167bae0129590cbaf85a6bda788c3189259
SHA256bfd2f8e3b33aec10fe4c1d652d4c810d8a48a7b78f60d8015a2ce495006446b3
SHA51249440c85b100f04aab02c9601e0a386ee442f30d8f195edee63f721d9414dcf2fde420b8d69061b4d20c4cf597706fa6fa3efbe32c87f12cbfc93e6d8f895dc1
-
Filesize
701KB
MD55c9a86e51f773e21201c59ebe66117fc
SHA18e48131b1f50b688bfdf47fd1be553a04bb45682
SHA2561cc2574e53ba16f5bdbfccc6b2e328356b9974bdfbd74f99cebd9dcf4924e3ee
SHA51220102ea2987c8c9748136392a74355458c370f55c1ce7e821ce5455c5bd4a69472ab360e8e63f63b1cb972132ea6e18d30f13121134f7303cfb7b2cc635cc824
-
Filesize
896B
MD51cabc5e26db134850b966f11b4a76a30
SHA1ca0ae012bc11a0dc5a2f6d181acc3d6d3516bb37
SHA25660b909cc42a44ed355509fec40c603d896b92db408d904b5ecfff83b82453fa2
SHA5125c486261772fb98884afad709fcf5de23eb8026a93af364aea5b927ca2e6e123b0a5215b5a9a85919d6b4b44d8c26e1e4ca9ce85237453dd8912ad186b20dbce
-
Filesize
164KB
MD50367dbffd8690987ea97af67201d9238
SHA1364c269833ae6b81ab28a62083cccecb334123cb
SHA2565bbf1f4bbe5cfc842a4dec8a6d93e52452467cda8896f1c99beaa3d5332320fe
SHA51216e1378f4aa97d5e095b3c67d4a889ef78e19cd92a3fd74be1c765ef720cf4438b3323d44cb0c1fd450bcdb77f7bc1ea7808a19a8245faeee0523d72116011e7
-
Filesize
588KB
MD574baa6ee69d9272d13e503ee422205a1
SHA1487c75c1faba8b0c1426628c2b61a8b938fbe5bf
SHA256172cfb50d0ac944f4c7a8a93bd7af519c3173113ea2b6c01e01295be7ce7386a
SHA512552109098fb5207a656415edcc34c7725682deee8c62da53d76e55ed3989028c41d4f75d4cd9c03b5ccd3c2233fee98fe30dab0c1b79cc6078897ba90517b50f
-
Filesize
1.7MB
MD544b66169cc6b77715bd43daa9ad4b2ff
SHA14cb7f34b6b54a8c605a60c3c08c0d7facc626986
SHA2560a8fff86d9c026bef79d5cea3b8c933a62856b0595cc62bdee8804f919986da3
SHA512b4782dc1c533e6e34951cd5982efc4973ceae488764d141f49699bb314ebaf485fced69d04f783ebc5c9ed1b9fc882fa7a2f846edc41965feb7c8199aad6f568
-
Filesize
659KB
MD5b88ae98b2423251df1b1a604caa5cda4
SHA193843d2505a21bb8849fbe5545e6cdf83bbd434a
SHA256d2fce110853d8c2d76e6e5edd82039ff74fd33d8ac0238b170ad4e59b198803d
SHA51242f2650811c0ff7d3442ba958005b3ea59fa8aa29ebcb0b9758773d8ee040bc32e856393576f0f8c09943720218b70296ed2efbf05a8f9ae3db5c10f75539261
-
Filesize
1.2MB
MD58d59f72a06684b31b6573023158ce686
SHA1cf7a9c326b99531790ccb13fb8ee9a376207aac0
SHA2564c266ba71e1256e19020347e7797253ba298110135f781871e4ab84f7c2cd839
SHA51234d225ace489d94726f923fd1ace6e74e81c75aa23309155b3134706d92f771108bca677b6245a479c4801613c6e7ea9f22a49c8ddf4e8bf492718c24f5082cc
-
Filesize
578KB
MD5b1f652edf97f7bc18734159e3aec283e
SHA1a6787dcfe5d043072d331e313bf96a172b2b8c2a
SHA256b3e69924a2b39b8b0202a48405f6fb9d52ae3a7e2c705e53de2ffd712f9d75a4
SHA512541c00688eac35dd309414bd903c9c6e88b7e30ea73576b3137b152ee042c62b9c264c526be744fca815a586dbfb648e69d917c889c9bc92c78249dc0ca76c7e
-
Filesize
940KB
MD5b82a155ea5a75fdcf1f1e91c581782d2
SHA15e34dcbc9dd8069b8a229ce1ce405c820fde858b
SHA2569172ccc58f8065d6a48710b8b6ed97c80de06bc6a9698cb5f0bb1f57afac2934
SHA5127b1cc2bdfefbcb655dd08c80420893a1ab4cdb3315c8dd37d952f115014d63a592eb6d382d6063b82e997ae646d7814cc4d6da350544e7d71ecd38aa6219558f
-
Filesize
671KB
MD5c13a748650bb08430cfb19a8b2683bcd
SHA1bb182a411bcac2279fc99ff8f5c3709e5887f04b
SHA25642247172322877d6119f3c0798e9b8fd464de349a58d5e1b35a35eebbce1afce
SHA5123aa3addb01e38167c2af6ccd5fada6e49c3da63a375f9a9c88e80e696d0b7f99f585818e156943781ccca8a8747c7ac68e160bb9347a06777b63061d63c99638
-
Filesize
1.4MB
MD5cb532cda91ef1353a4dc4cd96e22785a
SHA12110cee060a47358bc2bcb5c672e1b5455a5ab16
SHA2566f3cad473153a812534b980897e600618b93b02b2f770364ae317c1e72ebc5f4
SHA512730c9fa4117552361ae66d653d3bcfccf494ff6b1ae164d28451b81df358061e4a869be273562d14853ceba54d4f62df656fe827040c5fb5384f21745841825e
-
Filesize
1.8MB
MD5537ff3bed03caf0c2152d20a4241dd33
SHA1abf29cd3d9467c01c3ca529834e81e80bc41d307
SHA2562700a41d7b14f254f57fc25f1eb7abee86612031377c616bb44782d744af17c7
SHA512d80db7216c6be0e75765bf2c58111ba926e1484f32a13942cc59c3ca9bfe69d2135ebcc29cef3777d5a05d06c32d6c1bd26585f9c00422d305b00f7d891d163c
-
Filesize
1.4MB
MD538a8c565d7ba58d4049c62f0671b48df
SHA19c29e122f3fd8943b91ffa3c17b6ff3e56d742fd
SHA25677a762f49636c865b2bfc520050642fbbb5df4a37e7ba64cdc555342c62cc128
SHA512819b49e1e1e1133968907a2392b453d579ef98a61108580da7ce7e4b7b92953ca9d081102f5ea40de330808b32667c656f118202c67c83f0841aa068f9b25195
-
Filesize
885KB
MD5adc7b5210e00d51c5366de610afd5f28
SHA10273f76c9c03fe9855746396c37f75de5ab80368
SHA2566778a5bc81ac1d508acd7bb0781b0f1c79df7505690c4c46453838e3122b0389
SHA5129bfc621f5ae05e73f9700fc9b56a506e3a9bee7104e81e8c2eb406e791ee0713a83e9004154853f17405ebc58c4d596cc74a466208e77ed4921ac7efe9839c7b
-
Filesize
2.0MB
MD54b3212d38edb7de18cf99511a15f7ba5
SHA1ef50f72ba16567c6d2cf00d262f6a51f0fde410b
SHA256a70a041ac6b5dbb896b352d5ba0b6a0f35a75f37bc2de6a03a944cf9e58a9d0e
SHA51296738243a9ee96c059025c5461e14c7052bbcad10b03cbae5f86845df9a22c144c482efc23769908f4120c90c4efe37248227553f7194cbbe195bd45970939eb
-
Filesize
661KB
MD5ee4940ada682f144e80b8ca8166d6eb9
SHA184e13cb6ed90a1c771b6af35a312bd760e1228f4
SHA256d6aa82e23f5545ce0b2cf436a205a202262b5e3b5ec30b5dfa2c583cbfc5c192
SHA512589c9f7d3ae54338d76b8a45b8270233881cab0cb33ed4543b7a7f07ebc041adb5408f4535a2ce7f88c7f32765011ca85adf7587246b9e87f0d159d1eb6c1f9d
-
Filesize
712KB
MD5131138494e4f10dc23572a9e2b11c76f
SHA123b268a6e8763431a3154c22573f9c2985785378
SHA25686446eaf37263c5667a1a488f84fca486647d5b12aec1a66349a9587e30c9383
SHA5122ce7fcc84156f369b8010e3202ed2586f1961119cecec5e2ecc441df37896a559982035d5d2ee60829294d2a8dae0b7952b600e5c18aaade03a54001810a8ad8
-
Filesize
584KB
MD5de4c61f5eb5f395d5373cfed5c68a8ff
SHA17aa1c4395d20740e40351897682805e6d237fd36
SHA2562b32761862ac1a4f841f9cbc37b89796949ec6911ebec45b4d657cb7affb1314
SHA5120896e95f728db96ed600fae41911ef32d73f4b0bf5b9b75f9f8248ec8847985d8ba0832766376833026b24b1872d82f6a2478ae381d4fa008519f5c952b393ee
-
Filesize
1.3MB
MD53251655a0e265fb3566e32a490d8dd23
SHA153e0a5984d37d5ba239184a3e604548a0f8c119a
SHA2569dd4ff4c7294ea7495b19d294efcfd4f4818567ae35f23f8f032893d40e1707e
SHA512563ba9dbb23d3c3d0dee0e1cff6e16d94bd9e0b5a4bbd2ba18a0787cfc31bb4a774489ce4e1619525e1db0104369fd4d080794794a011bfc44711b0881d41803
-
Filesize
772KB
MD59530b8aa2bb7228eac0aabb2848feae4
SHA10f980e7d26bf386471f1fcd7a86ef5f1c4f01177
SHA256e91f08fd08e5481e34c21e453e4a886a6d73b3495431b0b1c05ea82e0a50bf6e
SHA512a98d2d01457b1b645cceb04baaaf8bcfc29cb5180f1f2a68371c458e796020585b90c4a8b1e8c12a06ec1891050384c1b00c36c9bd48ae2f2ba417df8bd35f44
-
Filesize
2.1MB
MD59c33d39a43a02b137607024645582925
SHA11e27dc94fa4ac3fa06d2cd18142d172a7f718140
SHA2560368cf7d194f89f3cd61e1acde10f55ef8010a32165b06c6002a50fc601ed2d7
SHA5129f5350368759bf6255eb812e0b486a3da7cf65dbc8f5ea6b8ff3b7991e6904cfc34a5e3e4ead1bb039560afdacb66b03c3109aa5defc1f7504675e1f3b26dece
-
Filesize
1.3MB
MD5354ae2faaee92335d9854e93a7f63b7a
SHA188000e5b09e7e41d10441d17f1509a4de0df3219
SHA256dcb6d0e4cdcdc14693a58cbdd81b137d82a65c6078e76d1aa5c53ce577346e8c
SHA512312e803f0c1419e41db6be01a762580abe1e28d768f6a5ed2a6e6582ba2d06d3513ac167269b4faa36abd41c200ed93aefd8a08ef16d7c49bbdb47a1e64900c4
-
Filesize
877KB
MD55c1ecb28bd2f8b65983583b3b5e2b5a5
SHA1b3a48535d34a2c923875fe5e0ff8ef5636f344aa
SHA25628bf68c9788866ffa87ebee00ed238d27144f016e68700b432b42f7d01d9b315
SHA512824725c915fbeb24d11ccb4849d6576f9cd18ca8f3c930e3629214fb998a8b49cf1d31dfaa908ea6bf3642eca9f5c7abcc258ca41847fa506088a63b5e94eab1
-
Filesize
635KB
MD5b127386dfdac1fa76a20bd47ce015cd2
SHA1e14e3940544426005cdb692304c5e267d32bdfb2
SHA25688081b906cefe892c1e051fbaf11339e2fc0504ba978517dc2dfa96edde21de3
SHA51257f4c1fccc6bf3fd1a139a6b1215162580e277fdf9e2b92e8e9e698cf2158e2961d7db7b99405ffd57804d66ea131fb07910b1ca74f7df1882be49271a08f866