Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:29
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe
Resource
win10v2004-20250502-en
General
-
Target
2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe
-
Size
6.3MB
-
MD5
113823381d651780a04c014720f41a69
-
SHA1
a3f694d5a23271e7a46d907ffe70a3d3e22a7f1e
-
SHA256
86f1d5ca95e1ff395be3a353bb45a1d33729432a51acad8243669d35ffb9f44c
-
SHA512
4cb486b28598ca3e7b0cf177f0ee5b12e77426cfe6f5ed239abeaa5f4123b8d84fa3673e096e69a3aaf200ae7869e14c675f6085a3fe1cda8c2f41bfa8c2f6cf
-
SSDEEP
196608:rf4KpGMG/9vR6POA93KjnICYHwrFIvTgA4V+k:rf4KpGMiqOy3KjnICYHwrFIvTgAm
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
pid Process 1448 alg.exe 3368 fxssvc.exe 1104 elevation_service.exe 5792 elevation_service.exe 448 maintenanceservice.exe 4504 msdtc.exe 4552 OSE.EXE 4656 PerceptionSimulationService.exe 3464 perfhost.exe 1496 locator.exe 4956 SensorDataService.exe 5208 snmptrap.exe 2476 spectrum.exe 1380 ssh-agent.exe 1252 TieringEngineService.exe 5736 AgentService.exe 3232 vds.exe 5556 vssvc.exe 3768 wbengine.exe 1924 WmiApSrv.exe 5524 SearchIndexer.exe 3632 DiagnosticsHub.StandardCollector.Service.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe -
Drops file in System32 directory 35 IoCs
description ioc Process File opened for modification C:\Windows\system32\dllhost.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\wbengine.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\SearchIndexer.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\AppVClient.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\fxssvc.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\System32\msdtc.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\AppVClient.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\dllhost.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\System32\SensorDataService.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\spectrum.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\vssvc.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\dllhost.exe elevation_service.exe File opened for modification C:\Windows\System32\alg.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\locator.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\System32\snmptrap.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\System32\vds.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\AppVClient.exe elevation_service.exe File opened for modification C:\Windows\system32\fxssvc.exe elevation_service.exe File opened for modification C:\Windows\system32\msiexec.exe elevation_service.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\AgentService.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe elevation_service.exe File opened for modification C:\Windows\System32\SensorDataService.exe elevation_service.exe File opened for modification C:\Windows\system32\AgentService.exe elevation_service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\fe2a357a676a9926.bin elevation_service.exe File opened for modification C:\Windows\system32\msiexec.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\system32\SgrmBroker.exe elevation_service.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86781\javaws.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\os_update_handler.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe elevation_service.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe elevation_service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\dotnet\dotnet.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\7-Zip\7z.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe elevation_service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe elevation_service.exe File opened for modification C:\Program Files\7-Zip\7z.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe elevation_service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe elevation_service.exe File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\chrmstp.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe elevation_service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe elevation_service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe elevation_service.exe File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_pwa_launcher.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe elevation_service.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe elevation_service.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe elevation_service.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language perfhost.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a927356bdbebdb01 SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007fd0ff6bdbebdb01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000879e4a6bdbebdb01 SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b057286cdbebdb01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000063e2126cdbebdb01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002bc6326bdbebdb01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\msinfo32.exe,-10001 = "System Information File" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003064306bdbebdb01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe -
Suspicious behavior: EnumeratesProcesses 46 IoCs
pid Process 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 1104 elevation_service.exe 1104 elevation_service.exe 1104 elevation_service.exe 1104 elevation_service.exe 1104 elevation_service.exe 1104 elevation_service.exe 1104 elevation_service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 668 Process not Found 668 Process not Found -
Suspicious use of AdjustPrivilegeToken 43 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Token: SeAuditPrivilege 3368 fxssvc.exe Token: SeRestorePrivilege 1252 TieringEngineService.exe Token: SeManageVolumePrivilege 1252 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 5736 AgentService.exe Token: SeBackupPrivilege 5556 vssvc.exe Token: SeRestorePrivilege 5556 vssvc.exe Token: SeAuditPrivilege 5556 vssvc.exe Token: SeBackupPrivilege 3768 wbengine.exe Token: SeRestorePrivilege 3768 wbengine.exe Token: SeSecurityPrivilege 3768 wbengine.exe Token: 33 5524 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 5524 SearchIndexer.exe Token: SeDebugPrivilege 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Token: SeDebugPrivilege 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Token: SeDebugPrivilege 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Token: SeDebugPrivilege 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Token: SeDebugPrivilege 4300 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe Token: SeDebugPrivilege 1104 elevation_service.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2352 wrote to memory of 4300 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 83 PID 2352 wrote to memory of 4300 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 83 PID 2352 wrote to memory of 4300 2352 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe 83 PID 5524 wrote to memory of 5940 5524 SearchIndexer.exe 109 PID 5524 wrote to memory of 5940 5524 SearchIndexer.exe 109 PID 5524 wrote to memory of 5712 5524 SearchIndexer.exe 110 PID 5524 wrote to memory of 5712 5524 SearchIndexer.exe 110 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe"1⤵
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exeC:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe --crash-handler --database=C:\Users\Admin\AppData\Local\Google\GoogleUpdater\138.0.7194.0\Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7194.0 --attachment=C:\Users\Admin\AppData\Local\Google\GoogleUpdater\updater.log --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x2fc,0x9229c0,0x9229cc,0x9229d82⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4300
-
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:1448
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:2828
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3368
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1104
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
- Executes dropped EXE
PID:5792
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:448
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4504
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:4552
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:4656
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3464
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:1496
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4956
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:5208
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:6136
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:1380
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1252
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5736
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:3232
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5556
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3768
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:1924
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5524 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:5940
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 804 808 816 8192 812 7842⤵
- Modifies data under HKEY_USERS
PID:5712
-
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:3632
Network
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB
MD50d59e3c83da4dfb3d31038fc616f9630
SHA1740efd49d2e934aa9e7ab4591e7907c8a3286230
SHA256624bc27c7c6cc2368fb14b2c403cb7ce0a3647b3df459d56d0907bb344c7de83
SHA512b66812a156e1e0b42172a48899833725a9ad19db6de648ac23c5ae5c15914761565aff406349f151beb2ac34b258aca4f900016a71e2264335118d2b6f62f293
-
Filesize
1.4MB
MD553fba451c5528597fd382a7718017be1
SHA18a826b52ee95012c12fa948883327c02d26375a9
SHA256969d792306f67014cff365c1d272154f5fe888c43d473fd5bc22abcbf7d7d044
SHA5125ec4ddc02964fae240f2654484345daef789832245731ba54e52a0c13421abcf91987705c7f208f5c2a0cd6473377e6e628e3f88814fa934dbc76ff9e8300df5
-
Filesize
1.7MB
MD5e0693e0470bb3313d0bbb45e8de0404d
SHA1494b3703bbc792abae787c0e9c3727de881f5c21
SHA2568baf14d3d611325c7a04021c65d41f77682cdaa342ae01b307b4dfaf62103101
SHA5123b0aa5381dd03189430f49fd4f6ffccbcfc3c337196b5f8f770155925956e9a01990ffdc837513dfe326c5a6ef008bce4d170da1311c5f6489958207e27596bb
-
Filesize
1.5MB
MD5e1e9c0b8921f8da503999d3c8d74f2a3
SHA1bf069dd9bdf89c71314216e8d481b40fef3d5f4a
SHA2566cacc17e7187635f63e262831696834693ddeadddcfe4ddfd25038d820545e4e
SHA512374e61a643515966e465586457d72783cc965aa8d734c9eb03127a44e11daa9534fcf5caf8af14cb0320040618c7e0d232c73912aa32f54aed1dc686159779d3
-
Filesize
1.2MB
MD5e42298066933fc5a653e17bff8fee153
SHA10455d531dd388d0375481326562a6e53a04219f1
SHA2560f762637502c5bdd298238002eea06ea38e33b253660219a79a144db040ba9ac
SHA5121b52a04c9b23e861149c80d979a0e4424630b540d8069d8dac7fcff117f22da3b4159c9bbedcf87c36174680546da843451ada97fd9c7fd4747041deb9a52ff0
-
Filesize
1.2MB
MD502d07e523294f15cf76aef523d4a9024
SHA1cf63c36513dc3de346d5206c52ba619861dd7a47
SHA256025ef181058a3a7db92d8e2cb79a549f5c2751b9756a487aff01af26318b8b01
SHA51259f8a37ba5a5fd4f45cb70addc88432a5ebcf720556d339848f2532d22b0ddfbab0a1f5260815a655f6bb7016a4f7aa75096f00a934a2ac4b8df95470704906d
-
Filesize
1.4MB
MD56efd52018860d156eda900f0fdd70d21
SHA112ba26402ad519d7309c1f1dfb45e92b9828a936
SHA256629df74ffd6dac033b5eec2c83c22bb5a6c23a26a91e78f1c07d4be2df51b3e9
SHA512ee2bd85348e85bc6c248921ed19f2ef1ddfe541c4c3722bfee4dce8428fd2ec6e9f7ed1cc3063c351320db3065cc1096760546d8ebe3e2cb7965220d1c4ab5ee
-
Filesize
4.6MB
MD562e539131e7423f8a0fee0d10b28c5c4
SHA126b92f2215d4b21f7f4ff9c103c6cd47d0815199
SHA2569b9b3576ee84fa4f0ae8a1ac3ceb825a7d2e582df077f2bd407bee8c98a4055b
SHA5127cd7b9da0a19bc902a08900d3113fdda0ea40696ba0d19454bdfc494e4136926d8254bc80aa8430b5a77ce74717e72d0e8097d86781ef496b7fbcdd744cd3742
-
Filesize
1.5MB
MD58b8888b63b5a20e75a19f330cea16c0f
SHA165f6606b1ab371dedd023f84ad3bc6ef4a42630f
SHA2569d216d5c9088a68d64c91409c0203cecd10c96292a814e906cabf65df2c363be
SHA5126f15ecaa85d88055c9ad3d1a12a126498697c064614be9ae9e850743e1386ed1798ed3c7f6d5e108233f096cc60cbbf940496e55bb4b71e2e6c10c486ba723d1
-
Filesize
24.0MB
MD51cf63f86fef08c602b5ebb53767613e7
SHA1435009a3bf297dbd496d48441b1ad654d14919fb
SHA25620d84436abc116e697c6c1748643acb522cb6fc740da57d60a98ad47980ae0f4
SHA512d6fafdaaf1a3d3ac61e1b46f28d3397c5a14fadb8938cc4720bdbe93355413aee31a8ade79d9e0ac0b1beb7ff2d6d57ded3f9a2c4f1cf0b1ca25794b666a7b40
-
Filesize
2.7MB
MD5d8d6c6972fc658e83c1dcd8e906d4166
SHA1cb2d1ed0326c8b19dbbd2fedc6f0a1185d512a14
SHA256709c18f75d9996d3d26db1d4e1e4cfbfb95c53f53f7f40085c925e3040e1a787
SHA5127f738302a2618ec2d8b203e310245aa0c17acf1d0c7567ee1e197ffe3d7ac7b2b4269b14e012988686b672a3ff13311d185a02b21edc10f8907da06cab0b3ac9
-
Filesize
1.1MB
MD5cf04d87c6cd3b515203b547e0401d48c
SHA137796fd78e6794c45fa0c6ad28dffd118c1978ed
SHA256b0a4fce18ae020d3fe7fa1c0c6abb0406cf8758dfebfbeb6da56a546cc00e706
SHA512ab8669c023c144ff64599f61ed6c0e59d3bd7c24d540af08d223f3e0a10784b3c3aa31eeb75f734e9861c0a5da6ea3827f99e65f7f722a7963671da7791bd92d
-
Filesize
1.4MB
MD579585348f55c5a5114e5cfb9a65952f4
SHA18b1d29af2945a3937c17e284cdfc1e93433a28ab
SHA256a6cfc82a937c21362a1dfc5c88dfbfb8cb3f304cdfa0333a13744fdb6f9f7696
SHA51224f23843cf3081567115d4e34d15f2160844cbae909e95ca490496e139dfee27925cd1eec418cc1872fce5cc2e71ceb2dbaf3db654f6a8bbadc45cde8f13182f
-
Filesize
1.3MB
MD5167f5a880da599f9d37e0a1268d3ebf2
SHA10187349c5636719396e17f6853a1fd4b5ee7c036
SHA256105a791bf6e0d5704b17c122b0804051a4d78c7517f5e67dc613c5b2540abad8
SHA51284f334840d41116b1bddf1fa5525906ba42cc50194ca9a5105051b5938c5915630fc3feaab5173826aa0a0a4c085af009f9ad8a965802eab6762f11a63a53075
-
Filesize
6.6MB
MD5e0a36977513a54141edc3dcd62360470
SHA1d2cd97a86ea02f720f27d7d97f5fbb7bcd335286
SHA256cccfaa34d36aff6838145a82902168414c5375a2c3cd648b55094c657e84aacf
SHA5128bf33fe3086aed57bc5b4f57a694594da667f3d5d40d51186d36cd2fb53df831c7be4ac59683458527c2961c63691dd8253fe6049420421dc30338b57e3584fb
-
Filesize
6.6MB
MD595f61bb9d4009a02fef20fed00b843ce
SHA12d78d44cd479797634febf6519d819bd8f728da6
SHA25666078efa28eba1f540a0b774d947381e0b3d7e90f8610c90e53c71b5018a9821
SHA51235f68259b8971c900872e5cc07172c79c1ae903f4eb5142a1a69559b54a960ee267d4e82d74893d7634ead3431ecef5284790b2226b0e06411bee7bf2d6d79d0
-
Filesize
1.9MB
MD5f06ead6f7e150921454028df5c215972
SHA1a2133eb6828bd0b01557e036d88205ddf09a055e
SHA256cadfe9efb1bb37efc1f4817478a677d2c5960cccc37955e35859f800d6027caa
SHA512ac66e500d9e5e99c062bb37c1dbf67cfc672abbcec8a9cac050446ca63a0e2fc1471724697b08e80de3a34319e9f1107e1f8156a4a3e91be626aae2e2732f3c8
-
Filesize
3.3MB
MD582f9341685a8649443e36e41925fbeec
SHA1a3e8f1e067386d16c92513c8e9f96521ef3a9856
SHA256411495a4b4378f0dcad81fcd744ad10364a98224b4eefd35456c1147fe42995a
SHA512e7a9bd3feff9ad0fec8ae3459615a844acf31bf75e2808d0b2569a85a82920908bbaa2ae30fd82cccc7ad49763ac1f43c0e47135ef1c15817138c6bfb0e5572f
-
Filesize
2.3MB
MD51600a54baf39b871fd5aa6e503e4e52b
SHA1e12cfda04f1badd43ca6b98551ca89c5b879664d
SHA256ae5d8b85e4b1fd5a2c87e21839531d878d2626111bc5955d9a96a559a67d034e
SHA512ee3375bee676842480add91b8849e4d7176db41b3eff777e1879ac3184e93a7b311bf2ff742f7c28ca54415cf66edc91195ce3fa4a3c72768b7525922c191373
-
Filesize
1.9MB
MD53cb679435d9eea5d9dccdd46ecf07e1d
SHA17efbe5a37678b62db29fb13c2fde8ce57e6bb8dc
SHA256d4d22fb6d807a2da64c851912d1356a3b654fc4e1d75414e647d95279e1daa27
SHA5129cd7fe86baa479f33b43d9aa6674982cb19bb7d4caa0a2081a6660e4a52b4cd3575c1d0055b3942d24e0173616759983d3e6bf5f534f0d44c0aad1a4771b0483
-
Filesize
2.1MB
MD57c22325401db9675201ba3564e640602
SHA18511cf647dd35cd211e2c526e87ca6014ff05b01
SHA256ea020e0ff8b91b0074317ce4fd4e83ef73dc597b21521ccdc0663c75a20f7829
SHA5126c076d3738705f86a194a580ec6f8b198833d9e4e0e107aa7b37a229c7f6282fb62e9592f40304ab04726c622fdbe47c0ee88308764ac60cf082f0fe91632266
-
Filesize
1.6MB
MD5b0530bfb0ae37605bcb7b94370d6d4df
SHA193068767db91dc21ff751e14b3c92ab80ada851a
SHA256905bc0ae2dc8ab0cb05a388ca5ac0a3dee8d1ebecdd4543c15f63a9666a92e2a
SHA512bc6ff3a498a497c14fc5efafe1339b3bafa61c404f4def9a7691d002974d27316c6332199d810d71e7572b9cdb546bc144fe2982ea7348afcc0922be7237be8e
-
Filesize
1.2MB
MD59efa04983443a8e9842764f8afba438c
SHA15723581beffd64550b4db4df1aedd0b448fb3016
SHA2561a7d42eb68e60170e8fa798ff8153bd8b1c55f950636799c498636add86e190e
SHA5125cdf413e6e278b2f262832405eded8ae8ccd1ec2805bacf983f74911efde05a0987e8de95ac9d2be868b70b29130144e5da20dff32cca20d40166fb83f142534
-
Filesize
1.2MB
MD50a45a2be1f533a790b64b875aa78ad33
SHA12a128e7d51f5a62101c5925adf57e045e3521230
SHA256d816d7e6bd1cd746ed4d0368bdbd6be3e57ef534b02c57c3c9b74f7bed839c4c
SHA51281bc0f0c7696f1c1228c8590730f8efe90034db6c939df1607e4e72174d37ef56a3857e1f1cf8c85060103785b5e72fc3f5a8b9de4298af7b83aad0208ef0969
-
Filesize
1.2MB
MD598603151562a388f93595ebffb03c89f
SHA1d29e53a492145185cc4651af674766c9aabdd3c1
SHA25614d1f21314bc724b79c7ce6f75b28931128dde690cf6c388eb4efaa7a19f7dc9
SHA5129649d05755a7adbf4b94580b2efeb147dc822ab18570f40be09b2a88b482623867c216de2c984b7fa2f3352230d173eddb0d9a58a8d4b469cc7e60b6a6d8c2b6
-
Filesize
1.2MB
MD5de2425e34d8e7d68500a86a092aa9f72
SHA168a75f8e8d11eccf85d75480bb557cbb9c032b70
SHA256137ccd7234687dec2f859bb18861a8f400657067c9b0ebbae8acfdf2704108fb
SHA5127648969f44beaeb89d5d13c2ad3c1cf23ebe659722b3345f6a6367c7d90eff97def7f5e4cfefe78aca815c2b6fcbca787032f7bf37bb9accd92b1f7591ef8f2d
-
Filesize
1.2MB
MD50aab029838155b492008787ab6e235f9
SHA143cb1b390ea1ef6a7edf87b749353601372105cb
SHA2561d6e193a91a53a5c078415ad9240d93304b66383bab4857a9bf9b37604e30d4f
SHA512f2b811e56b42c23a71c5cd884a89cb549082aa320accb6d7d0094cdb357a5a1d1330bd774177ed34c20fde47f443695776a66ef9afb05614d11b02b554de1cf7
-
Filesize
1.2MB
MD57d33d2e66c659858402dec55b44de6cb
SHA17500a3d89bee24d240a3e5f40751c199c715ffa8
SHA256488bcd84bec3dae24b513b4188e30507d4677ec5c226b4b612ca8fb11e9dbfef
SHA5128180469edfa290ba5b2e3032fd9644db63ff3a8ff5963c95f43586679058dd79c963afba7e8e8a814a6dcd8afa794c19f2ed0b217c5082cafa25d1dd11383ae2
-
Filesize
1.2MB
MD59710bfa9a8ffbf7550c3d3921e358dce
SHA123bfcabcbcbb779ab308be66734a3f930c71f729
SHA2566d0ab4633479c30e6f52706972c933067f8db74b43d2d085190194a0c3ce9dcf
SHA5121f3433f59b32dc315d9c99306ab7f333e24c18a68d5ed6bc0675c32ec349f2de4419c2c1e0f0dabbd3a972d9e3058ecf533753e17301242279577cebf90b140e
-
Filesize
1.4MB
MD57c4dd031ec178f3c66a10ea13fadfcd2
SHA179bd05dda32e8e71accfac2060d24bb18d3c2f4b
SHA25669d11416fb0d1716cf9fbb743b47c825829caa8cfff3c33e46cba6f3cfc9d2b2
SHA51292449980912e84dad709887f8624a7c062cc5ccff4a158d05af7ac10373aafba814559cb19f7c5503e26f84f07dc55461cbb0ba84d878da882a5785878e34ab4
-
Filesize
1.2MB
MD5f073be820bcbb319c47b9ce034f302b1
SHA181a3803e2b31efda6d889dd817bdfd9b6d46f51e
SHA256a727f843e1efad40fa506e0236e9e267ddb2a9243c352934ac13bc07a6bdde6d
SHA51231552fde53e3a04689fdb228f3df5470aa40e2c81c4efcf744725d902a33ff3c64db0aa62d61befa248861471ffa53987d6315a45b7296fd60f507683b9197c2
-
Filesize
1.2MB
MD519294a6c4a6b219797816abac1cbeb34
SHA195615278f14ded5c1caa44d4f15a461452bf4d86
SHA25698b98d163ce31b6d1f1c75aa3424e18ecb85209bb8cc73f46c9614b4ad77a89b
SHA512dcc7d88be301b7990d268f29dd75342f6a415d5a23d29ebc1d8e0794ea97c3561a1f9142dbc8a2b912f66f42add374e5f71906d4a201d2257230fb18f86e3015
-
Filesize
1.3MB
MD53a9009da79763bd57c6da4d55b0b9c77
SHA123f5133fbd53b99656d0367cf9e6cdebc7f6dda1
SHA2565607fcf521340aa6ab5b60f91af7f02b0b17795dacd18b0ea5dc5ac2ff08a994
SHA5127454c1aad74ab1d243fef9908602c6b0b0bf07ced36408ced6b4056abec1ac0f8f104d9fda709009a47b152c2b2e80e7fe64b972872c9750c793faec435ffe43
-
Filesize
1.2MB
MD50ba9010d14c858d014aa4e692a216613
SHA1bd26572bfc2358953c4dfdcae715c9e7e98879f3
SHA2569860820a91a9538e766c3bb376a2585fc633f78345e1ade1f034aafc67d4a37a
SHA512e80a2fe3b92b8cc1aed3e2116ae4b51ae3ade92452513c26beca624a21dbfaec2a41c4456a85f3f183973c547fe035f79227670d841286fdb6d86f6d9c9772cf
-
Filesize
1.5MB
MD52a6f0775dccce4900b3a10e13e16529d
SHA1cbc2fb0d5331b2e5ffbd7e88cd8f131a48b9ee85
SHA256a74af6afe33fe46086729e3323165bce427c4aca70824179ef2c2ba62b4180e5
SHA51232443fa119034f40835b2e140537ccb376b83060fb8d43290ab09ef505fc8e7096230835eeb9e1c5851e79228110408d39165ed5116d58e96afdcc600e827121
-
Filesize
1.3MB
MD5c03f87107e538d4533006cbd6f214c69
SHA14311717efe005a1697f9bd3372e03649cb284798
SHA25674747e890a3915c2f13262e2fe67e70cfc360ebdef25f83d74e2e1fa6239ec07
SHA5123c23ec4631f55a1379898568c4442c8e5590f4d8b3341bf310e5dc8f6e421a0f3609f8d2df8c169320cef5211b401f338b0ce0e2a9bf8c16c7b32de2e4c68001
-
Filesize
1KB
MD5f1f52561647b2fa0fb0d1d35b6d407f0
SHA1b1d60d86c769966b511b44898024f9729387aed2
SHA2560a29f8ba30da46953df31fe6ba0fe9ee17326b95c52cd55ad4d5d2007eba9105
SHA512da3ef05ef1e1a4a7d08cb5591e485be49e7a6dc5da7b3ed7c4673df4ef3bf9baa53f5c360ba19da8f8399db621a395d447b1971490c5c102d8bf27b91a52aab9
-
Filesize
12KB
MD58058ed1c664df76954aca299fa8e454e
SHA1f3b150c672bff3827ae9d865d16b4dd9ddbf13bf
SHA256f67476dd69a31ba3e68710007052c89fcb43bef5f2cf41b2322781f954640841
SHA51231fc0ff3826d69c8a4929e4feb6d429e3210ddf69a2e41eb922ecf21a884d75075eadce840218526be2f6b1f25bf7263900b0f3c0006368cd1727f9a8b8e47aa
-
Filesize
1.2MB
MD5033df1dfa45974a8a8c4259f591f2a35
SHA1c250611b857d4d64066b5469e3b060fd00ce902a
SHA25624725b9abf6ac06d0920eccf7f9918320c9bfbf5c664b8107282147a7c0aac09
SHA512b3297dc6adf45ed32c7316baad145c5fdc538ec3843111d0786ea94f70727f7d25f56b040a64726e8b4684144dba51b4a670b386d0eeff52c39ec35e49713389
-
Filesize
1.7MB
MD55a39eb8d363c1d9646626b0cf4210bfa
SHA14aedf0959bc12eb70644a10224e659cd71fa899a
SHA256719d231e87ee89f911183547c5410e453e75cfd63de3ee5456a71091e98ec1e2
SHA5122af6d3641215b2340bd40365026ee8fd511d7c7e027581f9fc574bba03ae353cdfd08219242cf5d5052ba1a0b3098e793d04207fc41d9a74289f7c2f98497705
-
Filesize
1.3MB
MD5d270870357dfce03502019acb72682bb
SHA1c11235842793787afe3f2ca569c318e42875bb85
SHA256323aa9dc820010d13877d0cf9e8fb776b49da87dab0f1814f53ef48db85fd886
SHA5125df0ecd8fd6a2c8afc8193fbf6e57b9267757c32969ba1532177ea1007b5ded39f95efa47949ade58e4b2422ce96d9d8bddacc47459ea52929d76d1e55d2d199
-
Filesize
1.2MB
MD55f4608de154581a10de2e5860e97deef
SHA183de083d23ab18ed04f13a970587b71ff8d249a8
SHA256120dde4ec693a8e49897ca9125d9541926a2dbe34235d736c09a7c6bfe5082a5
SHA512a3eb6c8be8a26bea78f8d0c6f43e57014da07dd183571d55840fb8409a8701dbd5eccee4db916f93776eb62397d6851cc6dd71dec94fcd8ee68f86a3f630fabb
-
Filesize
1.2MB
MD5bb357a6fad07d1e25ee16c73eac24e65
SHA1155250d264180e0f974e727bd1436a0cb9ff06cd
SHA256c0eb128050bcbd2dfb13032bb5d252fa7d503ef5dc3e748dea91f56e7db48c5c
SHA512655b6857475cf693eeb3df4445e2735174a16ac93146f86be1a22633d5672ad2a9bbb5cf281cd6c1bb06d2697037744590993e8bedd513b950d3cc074db8346a
-
Filesize
1.5MB
MD5ea704863024fa8095be360cf5a2684b3
SHA1e3362b28de537ac0ac2007a9584e640631759d5e
SHA256ea8d8cc95182dc38dfdaa1c42ead18a8907924ed1eab823bb248fbaef8014739
SHA512f796574fa0d4e40d61daec133c6727fd5edd095fd9fff69e120946b368e11f643e35f4825556f9b76e0e015f47b11546f295d6b5acbfc7316b6cac4b8fa82faf
-
Filesize
1.3MB
MD52d868bc5d6ee5107c7395049bc2dfa2d
SHA1e817cf27ff6cf3e1d8538b94c398ee823661b0ea
SHA25662ff6082ef905a592366e3308475c2467d25e13293888c701df0e5c5ec4157bd
SHA51282bbee2e7cb0b31f81d2acd1926c8b81d4783c0cfe32c47697e87383ac9b3d1517d43758e90be8a738dab4260c8f2ef29ca3e45164c2022d40f2084088ab1879
-
Filesize
1.4MB
MD538d00b3a9b373af147e9f41667ef772a
SHA124a10c4ad42e59b1662038b11e8edd16fa9e8586
SHA25658dc80abe5de344c45355707873a51d6d99dba19d412c328249fb6711971ebf5
SHA5128b38d52be3f541bf3e3e3ddf10fc8eb5b93e8abd78bff0f9f3d9757b443f0fa9a8fc3aefe9e835ac20e19112826307d52dc7cae36a0605059057c86897339205
-
Filesize
1.8MB
MD52b09bb5c7c7fe0ae1ef1d4f8db239a34
SHA10df29a7edafe5e271fa4b732aa849b31c719d497
SHA256d5fe4f45542c401821fbe02d5a86bd3bcb6478f70a7d3d4ed927afc24c3a5d2d
SHA51267f125b97e8466e98226cf3892c6499038013107b817ece00bc299d551422f3ce0cb49ba6703cb8d9d065520f7ea265c22aa02285e68020b8d8feff7ac90f40c
-
Filesize
1.4MB
MD5301631ebea1f9c7fb6db0d624b32deb1
SHA1274134e0ff190576333f40e806e3417e156e48c3
SHA256f583ffc2de7f0570b34d48a5b4e57355f373d746324fde976623e0ba8c8b028a
SHA5120dcb5f5eca627e6256c5591c3b506c97c49a99fa933ba5cc46976300349260c557eae608e635a51a6637c211b415a8ff18af5efb74e97359dd32b4da9d34bb0f
-
Filesize
1.5MB
MD5631b4e5490e0e825e97130ead89bcd8c
SHA1440e6d1ec987a3bfb9334a5e174e9628f25bf924
SHA25660061723943485bc22ecded77c2f56b5b1cf6d1dfa046254d4aa6a225ba93015
SHA5124e40e22a696385a8b1e93919fe597703bca85f45e2991d18a62c4276b61913553f893cefebe90433b609cafbcb39deaca65aaa0f387d4827397b566d7d7c9505
-
Filesize
2.0MB
MD516d7ae24d307060ffcb78666de90ff71
SHA139baf949895024f0cf4967ac4b319ccd28e168cc
SHA25666de3239abcee69dc4179fefb3574cfaf346673d0c4a6b4dd02409a241935bcc
SHA5123aca7ec2843d8eb4f82801f9db6e440a9a314815997b6426cc058b5aaec1a67eb667756f6454a9e014b76c474fd03b45f0dfba0d066bf88876490acbb8b857c6
-
Filesize
1.3MB
MD5c7486b08a15d2c25b8a5fa27d006af20
SHA1ce5cd158023ac9787231a17abac304398f82ea8d
SHA2565a13369cccd7a59581dd5310882a06cfebe74b8af6879727a89ef82cf1868a67
SHA51211f84f503c528d7b3a075fc977b753c282540c9faa6b82a02777f386d4445a734d861919b9980089afb4b030b26204c1eb604c5b54cfe2023084106178be6898
-
Filesize
1.3MB
MD5a12fe6a03b1b15e4ea01a1dbc16f2ed7
SHA16126d65fc2372b66c24093feee611f2e162f444f
SHA25678b75e2a55ef71d4dd277ffc52834519da1c93616dd3353510ee5e3de364eff4
SHA512f2056a9d584ae7d47f3b1b2129aae5bf7a1ee3026235f8b1c352588ae4d7e0a9b5c58eb46095887d487b707d62db01f4e59b3d3928998813cfbebbb7eb997bb1
-
Filesize
1.2MB
MD5ff7a81c1199e68c38faaac80dea75495
SHA19f31b42538703d9cca5f17264bd12b3c34c15b0f
SHA25617e2bcb5fab12b64930126a0740c05ec69e89536ee4326daddcc20352300117f
SHA5121de5e3e66083a59e8499a284d7846dbb95bc3bf03ffe4035d299f4054a0920e2f85f342bc72503077b34e1073af7b2172469bfd36c6c205ce62ef18a591a4e58
-
Filesize
1.3MB
MD59756fa823bbc75a3e4409666601d52fe
SHA1298e7b8af16a47deb353218d8af0852f22cff13a
SHA2562e96daed41073e6a5903b4473217e16593644575c978e3c6cb71f088de2b46ec
SHA512143068d86f270367c3fad79dbc829392bc33c0287cca9917357e6ef240aefc4df872bac13030afcc8e90fed68ae1ea5ae5cb8a2b2a3e8d1bfd9e5e74ca1acad5
-
Filesize
1.4MB
MD5c2b883b885f15eed3bf9c543f2f9ccbb
SHA189ab7facfc603533ed3f1c23d658fe05f492a2a3
SHA256affdfffd950dc9ebcdac3a08dc6a7f38f0b75d3320a72c7133770b64a58c31f9
SHA512b781aec46f9b521e63196c0871ce4e2aa55ab0b92d7da6a0a1fae1d83e993eb569164cc7eb7297831d9a59b7cbdb83443ed19ac3e99b27f25c241b00eeb78a4d
-
Filesize
2.1MB
MD561cb05dec447b289ffb5880ff4d08567
SHA1b000dd21c4bebcaf267c82d7ac1c5f05a74483ba
SHA2560bf1118585f11c06f944f06b62fff6e8887ebb11ac62ca4b0c9a10b2ee48b470
SHA512e38161cd0e48ae6453b6599ce639d1afcf4844e0ecb48755a3b6c9cfeb995ff4e64de62c555af3b1a72f7973ed81c3034ed9f395f9ec1056543deefe7be756b2
-
Filesize
1.3MB
MD5d783258b338e527953fa6abc2f30aae0
SHA106e04315fa06c82cf102cc2ad4059c8d22438e5e
SHA256d9df01252c500c4d5e597fec8584a1ac4926ee57106d7328564eb2f9ca854ed6
SHA512fc05984683fce91c38e60393ecc6fcaf70518a270a6086bb3e0a32b48134df849c11d9fb6c180589295d9fd9ae4c2903b7e341302c4945e6c23f6e3479b0b07f
-
Filesize
1.5MB
MD571a1bddd88401df10621702da88397cc
SHA183da91db1f1ce79f55eb898dc131f0b4faca6a56
SHA2569e85a3dc080d7ac24e940eeaa52e62a0e184dfda5d2b29ff4b733a4ac5e53b6f
SHA5120fff5a0d0a76d479b5edce401334a6686b7b49c535ee48aef7162495c41313297f60a68456875164cb5e31e73b5d8e7e4988dd2d8054a572b7d2f2b0ee0c76a0
-
Filesize
1.2MB
MD5715a14a544aa2134fceecbff319fe79a
SHA12b83206e3dea3b3caf8f42c4a210bd57d0110eb7
SHA25654c4bf334ec20ad01bf68693c1695921c046664ca621f3d731b071a5267bd238
SHA512cd1fca5b40662ed3a2d742b762c464dc2f5b2568836d774d0c4fdf87d087dc2d69d2d20a4d32bbab5b8997a23aaad2b640edb3fc1804b2872ab0cd423fbf87e5