Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 05:50
Static task
static1
Behavioral task
behavioral1
Sample
635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe
-
Size
1.4MB
-
MD5
635b7061a824b5d45bed41bbccb81380
-
SHA1
eacec7b9291a3246a547b09a3c6787df76dc440e
-
SHA256
fa7f2035a33554a001b06bccb8b7f19109c048d1722897362d06d001982e957b
-
SHA512
8eb31490ab5680d63989ebfec56af05b3d8d04c1ec74539e4cf58520da1f8d3c74fb5bfe3e98a6c56e366297d3ca34265aeecdb6b838f8de74b5e9e606e0f9cc
-
SSDEEP
24576:EQo5WHRlMugdD+JsRgZRJ4fM430Eg6nET7M/IiN:boMxlMPdlR8v4UC0Eg6ET7M/I
Malware Config
Signatures
-
Executes dropped EXE 17 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exepid process 2816 alg.exe 1544 DiagnosticsHub.StandardCollector.Service.exe 4856 fxssvc.exe 4836 elevation_service.exe 3628 elevation_service.exe 3484 maintenanceservice.exe 2808 msdtc.exe 4212 OSE.EXE 4188 PerceptionSimulationService.exe 4944 perfhost.exe 4388 locator.exe 2320 SensorDataService.exe 4528 snmptrap.exe 4424 spectrum.exe 2608 ssh-agent.exe 3496 TieringEngineService.exe 4404 AgentService.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exe635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exemsdtc.exedescription ioc process File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\fxssvc.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\TieringEngineService.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\SgrmBroker.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\locator.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\AppVClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\spectrum.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\System32\msdtc.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\SysWow64\perfhost.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\System32\SensorDataService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AgentService.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\System32\alg.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\msiexec.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\83d5361cb3b9834c.bin alg.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\dllhost.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\System32\SensorDataService.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\AgentService.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\fxssvc.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\snmptrap.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\msiexec.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Windows\system32\AppVClient.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\system32\SgrmBroker.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe -
Drops file in Program Files directory 64 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exealg.exedescription ioc process File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7z.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe alg.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe alg.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe alg.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe alg.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\7-Zip\7zG.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe alg.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe alg.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe DiagnosticsHub.StandardCollector.Service.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe DiagnosticsHub.StandardCollector.Service.exe -
Drops file in Windows directory 4 IoCs
Processes:
635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exemsdtc.exealg.exeDiagnosticsHub.StandardCollector.Service.exedescription ioc process File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe DiagnosticsHub.StandardCollector.Service.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SensorDataService.exespectrum.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
TieringEngineService.exedescription ioc process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 5 IoCs
Processes:
fxssvc.exedescription ioc process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
DiagnosticsHub.StandardCollector.Service.exepid process 1544 DiagnosticsHub.StandardCollector.Service.exe 1544 DiagnosticsHub.StandardCollector.Service.exe 1544 DiagnosticsHub.StandardCollector.Service.exe 1544 DiagnosticsHub.StandardCollector.Service.exe 1544 DiagnosticsHub.StandardCollector.Service.exe 1544 DiagnosticsHub.StandardCollector.Service.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 656 656 -
Suspicious use of AdjustPrivilegeToken 9 IoCs
Processes:
635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exefxssvc.exeTieringEngineService.exeAgentService.exealg.exeDiagnosticsHub.StandardCollector.Service.exedescription pid process Token: SeTakeOwnershipPrivilege 4724 635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe Token: SeAuditPrivilege 4856 fxssvc.exe Token: SeRestorePrivilege 3496 TieringEngineService.exe Token: SeManageVolumePrivilege 3496 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 4404 AgentService.exe Token: SeDebugPrivilege 2816 alg.exe Token: SeDebugPrivilege 2816 alg.exe Token: SeDebugPrivilege 2816 alg.exe Token: SeDebugPrivilege 1544 DiagnosticsHub.StandardCollector.Service.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\635b7061a824b5d45bed41bbccb81380_NeikiAnalytics.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4724
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2816
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1544
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:1856
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4856
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
PID:4836
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3628
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:3484
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2808
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:4212
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:4188
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:4944
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:4388
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2320
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:4528
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4424
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:2608
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:4156
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3496
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD58fdffe8829aa75df30a14fffb8c34aab
SHA1d949345b3047288f248e94b6145f558035628bb7
SHA256c570b897de3f40da3fff791083594c3b9b46c998ed3d40bb2649eb5a1b1e0722
SHA512f3d925aaf26e952effddd33362f7f9fb5d1de6418cf9a600c85116cc179767593cdb3708fe9bbc7131dc9ad6d91851a0b1541e5edd9c9f056465f0fac2a7e2f6
-
Filesize
1.5MB
MD5fc109f14989d8d559820d00be49c7778
SHA159bbfe1a450fce85878e5915af387d58b6cd5acb
SHA256f1fd2720f34681bfe41f4fe786ca22e4e3e953bd250fb8960604575cb92864b3
SHA51266fb729a0869f1c89dd2238c4c5bae8d6c7ef72c3b824b6c7d6a81fb7e5246606b08ca8387141dc44f40486919a1591ce1955a4d3f693c16ba1780fd333a3e20
-
Filesize
1.8MB
MD5c677fe0a3835ba3cd09ce735b568da2f
SHA17006e65bbf8157b23b98db2b3014efa2fb9685c7
SHA2563a25fb57794706b0f68e65db643baa2b11cd545ed55f3aca44ee6bc94e5ad816
SHA512c1914c3163c971e9abd3d90cc4200cc80a8a09e7b9cf0993107affae1f8959af69c2fbe0595a9f9429dc73900aa9394570e5eb3393b094fe1b7bc536e24a40da
-
Filesize
1.5MB
MD5ed26ebc83266823e43d56fc9f6f40add
SHA1cc7d2ba3df7705906dabff4c0e2b7b27ce02b675
SHA25681176bfbe473644729d839bd3c27732c591c35af201993c4591a16cd5b4f8893
SHA51234b467e2db88afe8a0bc24b4aa6f7d8739f6de9d92cb6817f283a86588d3781f075138d19dc900b885c6c485e5e50044fd7efb0f9fccd7d888ff9f2966ef9797
-
Filesize
1.2MB
MD5a1fc6b1860a2f2ef9d99a1cd84cd3f92
SHA126d4c6c3f0e76225c78b7c66b629127eb62b1991
SHA256eec28554d00931c24f8c437e2ecda3ed613bcd6fdd011861719a4b6fdaef1af8
SHA51225d72ec9b6ad75b2eb2575874030ba1694a28b91a41bd1c2638c3efbe9794d5da2e5aecc1f2989554e5572c8be1fa27bef6bdc29452c3b414d5914b801b3ddc1
-
Filesize
1.3MB
MD5c4230cb665f1568ea2f981a30d4291b5
SHA11ad8a0d4798111bc88621a1fe4873972d66ffb00
SHA256349b5dbf2f4f589f845f18bd677e131ad2df0568fa6e0b67e566363a6faeb345
SHA512c28f08627f3b9ae665ddf0e672a6edeb44271dca70e9acc548df70185f57663343c4fca5d7a0499591401de3b71480572ea9ca03fcc4e639342b27c430babf47
-
Filesize
1.6MB
MD51c4ca5eb5037fbb6bf201e5aa0f9234d
SHA159e8a7f1686b2c3c8ecbc8e52323f6d399834f46
SHA2560b21ae7798ece9ed308443e76026354d214d4475ae8a614574224d9d725ed35c
SHA5120269c9717b19a08526cd7997da3e7d7a65d4796aeaf134430d59a0a9853bde13f2decc9464b6703e54fbd4e70f052f950493e458d46b0e08e50c13ec5c1dccf8
-
Filesize
4.6MB
MD5cae9c518c3153307f657f6f3fec67f5b
SHA1da6ae31ea20b912f343ed53ef155a16155cc2bff
SHA256824af0204572b5222a4900a780d46f2eb69555eeebb37cbe700fba6d194a4427
SHA5129633ebd08cb1af7e0a0506d0dd154b203553874543e89bce88a8e84a7aa30e28b3ef068bd815caaa77cb6af45229293c2658ad51bbc06175f0bf587937aeab46
-
Filesize
1.6MB
MD5affbc8c3f2f9e82b9e105a33ed89317f
SHA1ccc52d080b8086b1f80a4b268e84cb349a6328a9
SHA2568a0642e02667d989aac4a299441d6b0ad868786936639e51aad3978140791471
SHA512f476d193cdd5e6e3aaea3d4de50d4cc421a6260face02786df16b709caeb3463a4e889c55f99ea876ea3d13e400ef79f2c8c613f63b242c364e6a343e53c1fba
-
Filesize
24.0MB
MD51781ab3406e9843f2188771a12e2aa87
SHA1005f3eb8e67affeec42f89ccbb48ad2ed66021ee
SHA2569ffefc03a6792c4891997fdfb4f3980d56038b6f815dde2f50f1846e96435cc8
SHA512b3cf457b3eb33148f41b2793ba5f278d9b960020953ce3b4826ff754c6f4071832ebdd88bbb5986d3c9300709c1e6470c10f1702798b439c02ae0374d7465123
-
Filesize
2.7MB
MD5c2b22dcd1916c3986073c671a1054186
SHA1de46a5a3049a70b2829fd02e1168c74aaf61dc9d
SHA256c8b22328c221bfede09efa0c248cb30040ec59242509d0d8d2e3e188e7b281b6
SHA512232043d9bad19a56806af3eeab9932d39963c673828821ee521c9013d6a68d8dd48a9c4422e602a747f931184e282e3cb088168728cee907020a3f835b3d87d9
-
Filesize
1.1MB
MD59f9a44bbb20b5ef39975ae456cd85254
SHA16f4647bd1ed416821d0f7f90ad379a2986e58a9e
SHA256c1c700af60208e756855935e32e9f03ddd5e2fc237c1897068870d84a63f2fd1
SHA512ea34d63824b356da9d4211e5c0fe393903b23424291ba0af1870666ed0ec32e3caeb7e3345d8bae1191d85f0d1323dea13bbfbc2c8be23bf2acdc5ef78a0920b
-
Filesize
1.5MB
MD5e8021edebb10218950747fc84df65d8d
SHA1c5d0559fac70e5cd352df369a8efd4a7262489f8
SHA256f0c278b1d9308a47dde3a33097153bcb2614c5f05040028209a7ff6a5875c5da
SHA512795b4e21a0ab5c4bdc62433a0f0e460c62897ec4d592cb3c22e742e72c3aa8a732e4b7052005c02f85b1a411ebb173d871aeadcba097f5e077929715b88d3470
-
Filesize
1.4MB
MD58d9632ad47605045b143a5950efbf239
SHA1af5286231725bf37f2c3e6b14009666054a0c27b
SHA256f7c72689124a8eb673b080a730976015960278d84b693d96d64863b8327c93b0
SHA512e5f7f6c760f9788cc698d0d025be14ec70b37a7a0aee43d560ac54a378aaac5e7a47e249eed313832282f841801acc2a896df97541d77b24e7e7c67370794bed
-
Filesize
5.4MB
MD581eab49879f006265d7bd36357a3d836
SHA17f098dee0d2749928753c6edc156ae5935c0f1cb
SHA25679d380100ae46cdb2c994f8278ba47fd524f1db3066567bfe1f669d11a976842
SHA51258830e74a4fb00c0a48ee8a9a90f4f37e6b6968fd40391ce03e05966cdb28ca25e1288f86f46e9eaf5c0af58a190ef3b02993d7331e4c42f4ed36d2ca54bfac6
-
Filesize
5.4MB
MD55a9e851f5e794513d2fed6269ceec00e
SHA14c2150057824c83381c9ca8bf74dce1dac45be66
SHA25644d6773594a74b0f694a3d9d94bf62b975a2ed600149d2bca7680efc257e8d83
SHA512d8e7dfd0848a2a4baa4527d75dde8d6ece8b94ab48aba28672f5ddf94d1287c1c17314c4b19ac318e0f4da9f2d4ac93a19141af71b970165dccca6ba2ee08e7b
-
Filesize
2.0MB
MD57188116d110ccbcfc15be2b7b9293714
SHA18e8ce7e2a136f2fb4e790b0f1d70c126f3fcf6e2
SHA256f8f37ed37d125a5ae1d2c08bc385fb80ec6e6b2eeb7cc6698decf67535fc2065
SHA512df423a183d7fee596befe8354dfd1bf13923e40473c2d2892724da91ae3aacaa6d7cace9390e136c0395496b2eb118e146a25d0a63da4cc64b0889d8940de796
-
Filesize
2.2MB
MD5477688b31b2a220a4e5e1ff85a41c740
SHA1b9a4e8e9942974aeea26edcf1e4ef1d0f191c964
SHA256aebec57b8bd78eb78a81b95896050227197dcb979db477a26b54077e51ce764d
SHA512adf5344765e68462d18dffbd8f732b1b5e0fbaf753d77b4f2c6e6a9721270c92a8109e0c30cc594540c94c04860a45aeb2ce9b117cbdd86401f46068c3f11fba
-
Filesize
1.8MB
MD5a2fa3642f66cbe7ea0439d7f62b29704
SHA1516ce7c25334f969bbca1acfc14c44c2095bdc0c
SHA256170853e13a6145ec5327d57b026451d3bedde599bb2fed72b09ed6c08c6b3adf
SHA512472dcc12562f4559215e4cc445751c0388331643f0cbeccbed89f612de950d50d1f5af2cc4bcd200c5d41b781573eafa5298de75addfbb9c4b22d7cd798357f1
-
Filesize
1.7MB
MD5bcbb48b30a609618a758205f9e81539e
SHA1f095a5d99d47958e34afd0fd7d88eeee1d521ef8
SHA2561a278195ee853ba03adf7cc0b2169cf68782f450e1f0a02b2397bd420f30fdda
SHA51290e47b7bc5034c97bd172d693d1de2e0896dd79d05864393dd22a7fe69a994dd5ec65a6b0e9aeee97fa17c83561116dac3f3a553761895664ab11c47d7922651
-
Filesize
1.3MB
MD5a388fe5ae0864d438c325084da3a97c9
SHA1629ad6dd65e3f1b3ecf08bbb6b0c6a8c88c7e44c
SHA256bceb7d4a4a231c79d5502148e4c37e77f14ff64b337d3ed589b9a399d13573f7
SHA5122ce71d4afc73649d625d0c7518a66bdabca79e8f3311d6df268ed8ed514fe9463367299cd7635fd51e17e7cc16fb897df2f978ce0c749cc163a345bf3b66cdad
-
Filesize
1.3MB
MD508d088f5bca7ea20e739ee4bf09cd4f0
SHA16016cdc9580b2773c2d6520dc71bea1dde46b3e4
SHA256f28b61d3362b928447589c5837a7f643c09168e2f66f1efb0553bcb807164ea7
SHA5123df007e9cff2962439a485eca2784676a6566c1cbe283d034b3eeff2d85e96fdbbd922d6103badf5d2819dd532987805dc09c1d55a4809f468f86f5f29054fb5
-
Filesize
1.3MB
MD56c85b0311755149f00dbca26ff89bb86
SHA132a349014f8d3029b2135cc26dea15d62db51429
SHA256da2a789e48ccea1639ea473f7f67cc0e31470f6d71b6922575f33fbc7ef18006
SHA512a0e62f1ab1515b8145220bd1a6c5e9f64a1e47b27875739d8776f723180a186a178ffb71be848e0b4baf8c05fc427a2d34006d4661b04ef7de63c7a312f21fc8
-
Filesize
1.3MB
MD5bc4e5d33b8ee168ce01726413d405875
SHA12acf2f52e00c5be31164f037da956a584ebc8a8c
SHA2562ddcb580e59ee22a14b2950ab1ee5529e6240ce0177f68bfff062c7b6886cf68
SHA5129b72aa4fd8722da9e9a95b64a58efa3f71bbbce7fee86f8ad584d562bf07c126435b95000c637e962d833aeb889a8bf0d67d0ed54d89bc51eab0c45ed735a466
-
Filesize
1.3MB
MD591fe1e622e454bda9498549ca49023f4
SHA12a3f210f3c3cc468c957e755a2870e3b57d809d3
SHA256fbff2094705f9e5300c22a919d6bdd24101a6074c6daa392966db09a19bdabd5
SHA512da7ee4d76bd83b367c2c897e392e5f321f0151f60c2a4845ea84a2beba8e6d19cba1ac4a147ae9e07b88a2ade1a1e34043d7afac1836d874cc42b67705d5ed44
-
Filesize
1.3MB
MD5d2b626230e23df8182b65efa1e4ccaa2
SHA1785a3cf9d25fa40cdce59cc7891c2e8a9a12770a
SHA2560394f5032551486d2aa26a2fcef7cf91bbbb8463c2b4cb708acba719dfb8e085
SHA51263cfd3329cab4b7940041ec6bb22fa4cb0c4254c71e83a8f7c6159839455ec1603147f834b54b1cd30e93396662ffc033c3814a5d841e5103ab9d2e237bb2209
-
Filesize
1.3MB
MD5c9046444ad9670aa5159128e8eed71a6
SHA10ec8747de3064c62bd44434d8d22fe19f202ad11
SHA256e78409b1251e5db936fd3dc465cebae2500470f895efe84934c5461aed6b0928
SHA512add3974099ba2b36f85340b660591d7951c11682ebada8ba2273323982da8a7aa2552c05a63f229c738c9705750b06c22dffc4b57ae0474197f5ab3c777569a6
-
Filesize
1.6MB
MD562f9095bfae333c46fa9cbaa6d3b0545
SHA18b4ed0b6b26ea435e3719ab00b204ef72369356b
SHA25681eabaea1cfb8181403b65a3d0f622df7dfab5c73e84d99178e1b1e376861db1
SHA51292761ce3e7d6405999bb6b516ac868fef3ce0c39b84b9f2c22daa1ecf9485647822285462f6fc5087a7eb476cf1944045d480154d5f9e8b1669c09445f06ebaf
-
Filesize
1.3MB
MD5f1407d50d2a826588bf709b4f778effb
SHA1d559c2f25375e33b97ff9d8257fb8f1e24b357ba
SHA256ef30f3427ad09fe0290882c9475f210dfb93a20259618bfaa8278dff349efbbd
SHA512710d1b356ffa3ff801e0fbab33afad96c561c2dc5d6056ecca568c65d10264f7f7b9ef03c262d42b2b20cc54aa24c67bdff1cc391b52cc29a055c5211664cd5f
-
Filesize
1.3MB
MD556944a1c09a5d0bbff3cfecad5ffd906
SHA1f977cb15dbef57ce8eb02853561421b40ad3d461
SHA25620fd0b166ab8af27275c2f959649106ec17548a41947979e1f66c6c218c23c1b
SHA5125b024c0ed1f3a32177f732717f1074bdc1bc1882e4c7a4d53dd6139ca1db12ceb874a8872c1deee3a471cf367ead83fb816f59dcd84116b06f9e01058cdccd22
-
Filesize
1.5MB
MD544f74bfc5930c98eccc0844b2fc0a691
SHA180e4f636315ce75961fef7de5e531a4d4ecf4ef8
SHA256009db287102433e322835e0e56599c82ae1ebfce8d2e207a44a481ac33d6c03d
SHA512d490eb48ba32d5886ec8090b1be0a5e3e05effbe170545abc0d9803d3abae57a455cfb0c881e1a0ef72bb9d4a82430466a9452d97d20dafc7abb04b039e53e06
-
Filesize
1.3MB
MD5494e0b3d0dfcbd1b5335574a59283fae
SHA19d99e58269befb05a1e668fbc505b59aba032457
SHA2566476701e08c43515ba2efae13b0f1a8104cc2f11881124b9f69cb111db4e244c
SHA5125148b759e0ff84cb2000f2a55e17988e2dd5bd37913768eae609b8e567a52fdfecbda811b77044437d36b6fc118d896a259343b4c573b641bd1ffda9b476e676
-
Filesize
1.3MB
MD57d74bb8d96fdffba12daf253a1230d07
SHA1daa543d2cd0c6a5dd27fb8811c6ecf128e1ec930
SHA2568b3d54be3700bf1883034abcf5f8adcb01f976e0bb633691ef52a035b5c1b243
SHA5126711ebcb19b88bac78061ce6bcab432e20f718755d7d9687efb99810c0730e658ebcbd508e28c8de37f77f635f2af7bbe93addaedd9d52a1912f98370902c642
-
Filesize
1.5MB
MD5d7e11f9821d0618c3e08c2e59f49939f
SHA1b6a792594b58ba4cfe6fa2377a4ceb890a9fc9f9
SHA256a11be36764c8ac29b7adc86f6feded7a4a374a5d724110efc986b3333e70f1e3
SHA5120ef59e002e76bfcc216918c8e95c929cc43cb6f815f27573069a6a5eebeccac217a1e5f4362308a8c195cc0a5151af2785ddc3afac1df5c23423c08b26207c89
-
Filesize
1.6MB
MD5a96473eb5bb7ea9091903e73d4f643fa
SHA14a227a8cb56430bfa12d4cecb8268b8c572600c5
SHA256c19dfbd5e9c848a4a9aaaa92a6ed0be733b83232319dc24623835bf8d22e0376
SHA512794eb65a22e770f01c4e2f04eab5e3b916222f9a4f898ce147b30a6e0076492904cb2ee2a337225aefabdb8eea40c43bbee1377e208b3dd893e4bbfb3d2c6ac0
-
Filesize
1.8MB
MD5613127d6f6936bcbcce2fc44fb573404
SHA1786c5e3dfbb5bf4b681b00769d28d6ea382cf0f3
SHA2562c6c19bac059223597db2b33358802e0772f65f421f8ba8ccff5515250da8e8e
SHA51230b199a5e3ebefe116583c6673e16bf39db51a968cc89333956147845ef14881114c28afbbf41a730f7bf13c4477da8be81acee911668551874bd875553fa624
-
Filesize
1.3MB
MD58e7912b58a74c9f39f76f7adf09415e5
SHA18f2370577b463649804c4703bb207f016c3bdab1
SHA256373f74c1650b1f3a4a77ff0bef1c84e82b061550c34ddddfa05e17ec605f4217
SHA512fa1a1afe1fddb31e152b3e08da8cd5b2f38fe6331edcbe9120540eb105cdd9190e4e9ab8e755442f6c41cafebefcc9444be376dac9acdbbb69c347910ea81c20
-
Filesize
1.3MB
MD53e2793cc9f42b01aa047bab6c14430be
SHA17ba7ef9d92bcf60e897f7cf7407c7d85eb896daf
SHA2562413878300796d9e38a66f02a71945badced0fd2accd0ecda7b3ed11c6c64ddb
SHA51238a1e2a720e282c8a04555287aa769c9d31c9b1829fd460c0db3ff4f67cdb1f0b958615f39946fad295b57b917bfae0df5d5454b9c67729c0484873cd676e39c
-
Filesize
1.3MB
MD57f3492c71840bcfa99b7aeeb17335181
SHA160f272f9d49b932a68dfc0f176346ed35c6b65ca
SHA25682e3297b9babc51400cc2d2e112163dadbd4e076b308939822337fbe395d6316
SHA51203ac914c6c53e576c853ab1ee843d7f606c61bee37b3fe38bf8e10cbe8d714ac68f9374fa52e2d436a47ab85dd634d6c61da9997d88fa5b88bf7cc83494236e1
-
Filesize
1.3MB
MD5f2facd85f752ec3d14da2f283f0f1567
SHA11fb72ce07dd31cc2f2b30b04afc9232b32a6a215
SHA256a51937c6abae9d08cf016fdda63412f60cbaee67c0d70de89b3f7136836c0019
SHA512f5dbf07faa7be231111583cd377b4c66212a749bdeab5364a7ac75a5e284116390c44d0fe4c2a9c02e3a725551f56add9d8378858a2c0086c47edfba3300a89d
-
Filesize
1.3MB
MD5756532f2f108eb74756f869d296ed946
SHA1bb62cca10ec330999f57693d2e784b55d3b42137
SHA2562f065c28bee5df459b7db22ff305ca144036986b8628104203b9b9577f98693a
SHA512777a9d3435273b7d9579c58c512c3986c3b660b49a5e22f9b2dfaba7df493ad3939912fcc211ba4030180f7d0b2ff0003f03af60af5375a9205a790a39b7f381
-
Filesize
1.3MB
MD51ff6183a87ae4a516ee0b77246666839
SHA143786563d4af88339336397869a5807d1ff2c55e
SHA25694814ce6d36f21a1ee9901a0af79055fd3ce545dafb9d9f825661a60d88cc8a1
SHA512d85fd0011bae6d709bfd53bbe04bb8efe133e3f4c806b16ea46feace0b44ea1624342d03449716ca4292a0203bb7545f8a1d772e45a7ccbed7b39a67e18ea47d
-
Filesize
1.4MB
MD506e18af7a204511252e326fc020f4acf
SHA13e1bf8d7cb45d9588bf257096953144e6bd42b7d
SHA2566eae015aebec155a08151a8a4ca613e55e22e6b87e7038a7d3346655d2d31bef
SHA512458aeb528c2123a5c0985f7646f6a76ea902b7c9b0e022f98dcf0cc2b1df89201db010743ca8a30eb4d6f63d17228f484a7f8fe521d60cfc2b7650e74c953bf3
-
Filesize
1.3MB
MD5a2d47b4369f1efadc13ba0b6e99ee783
SHA1c3abae6cca2b0589fe72904699d87565f2e5f836
SHA25692c0ce4cd6065d5d3db8850f8ac7ccaa94fd6f3a58c6c03aa53f0314f5a5d6f4
SHA5126ddb78aec16e462ccbf3234c66b347f38ed36a4f38a2229ae666a01683c8472b8f73834919fb73985dde2e8d98f29ce2c9e661f90329042cb9380669a18351c5
-
Filesize
1.7MB
MD59605869b1aa3c8d979f00ec950fc2a21
SHA13f27f378d1dcc691a3fea29e004ae4b446ffac9a
SHA256b2ea5de3bceecb773372291035c1697f783ff6af853052d92550cbcf8bf727e8
SHA512207502df0e0f5bed69f3fc17924d2b90d6190dd7c8b50ec583eeec2086691d9b46f3d6998b3af970e86ea662d01c4236e12a06a78925a1f7d7c211734ad16239
-
Filesize
1.4MB
MD5dec862b22230ff742ae079e7fd556df9
SHA1315fbf05a2a430e78fc1059041f48ac974b2c84b
SHA25678d4c9c6841f236751970131eb61431ef4bb76c6871bd8cdad4290b50ea75b2a
SHA512493ef8b9368de6983fb51f307797ae229f3da2b40a44cece96579b215f922a8b79230926095c96f561c22b62233337c85e52164cb9bcbee5145e40df455eeac4
-
Filesize
1.2MB
MD57be3aaf75bfd8f9f99bec1940eb2f583
SHA12f608a39c109d8cef6533533930338218f550771
SHA256a9b6c0c86bdadb0c76d0b2dfbdc587e931f64b47689d561f3907c0363ef6b7c9
SHA512150fd9a7039f240c36877df87e88c1038e5f2a122d465a70c337c43b5aec47847a32bdce5801e4dfd13d5ca183a75efbbc6a15c7345494d623d6bfb9b1c7c80b
-
Filesize
1.3MB
MD5f05e7982947e76a2fb04842f476e67c7
SHA1a14939eb8e11b09b90ff5e4b54106d89974dfdbe
SHA25642a5f54611835267529144e9c5b1d6317cfe90708f87fa31200c3267e19d89dc
SHA512527e6858a0a6a117d440b60e74a403dd993995cd1d87b5d97e1127c5bb5008f177274de91c936b264834b134ff45944d6320778a922f842d94f4a38692395072
-
Filesize
1.7MB
MD5e67e3f62a0d8e00f691478a7d3d12498
SHA18c7e666fbe6a44ffb4dc4c2538744cebe0492452
SHA25626ad8eb4cbc43ffd5fbdef6937412c714ddde118045751620545915732933827
SHA512aaf17d2166a1fb20e80295c6b11157bfb786f6a6d4047f8f55a1b9787d6c781f7a1112d639e744f80010190084cd55e3b0ae365a991baef91720b25bb9a35487
-
Filesize
1.4MB
MD5a537df3c5447132d7e775c3df1f405c9
SHA11eea3a3fdcf58a8b6ef263c646be5e6ff1b673c9
SHA256d4f968ddfa89ac26de9a0c7bb888c33b0254c956772b578b7873a4b7cc716691
SHA512eb95f6637f0f0f8ac414abefd4358788fb087c49f8f80554487bbcea9f937c4f312220f61d53214d8a0432efe6ae3bd785ba3ef257c7a955cd92e02c1cb41914
-
Filesize
1.8MB
MD59f460c0716ec9d9adc59edbf64d87f9e
SHA1b22fd8e8f48b2910e4862ce24d454cfbff71d7a7
SHA256c1ca863c128b2a65bc5161a17ceda9a63a83de0c41762de2f9afd9b086829dbd
SHA5124b488e19a54158da7126f099b5081cbc4a98601c902be134ea52b16d6b69c69f25677f3ce99df4a7eccff2120eaefbe42f72dcb6706a563d77bd8a4d48654bb5
-
Filesize
1.4MB
MD558b472d65719d9a60dc50ba9b604c2d6
SHA14429ee9fef4ae7b2513ea0b431a2f64fd3daa685
SHA25610529ebef227a6a0437a2968031e2b3c68d85578fb6d1dcbfdf08e0cdc4f4278
SHA5129ab8dab288211b2e948d5b4bdf7b3274a06104007578e3c58c554c811bfee8c46d1c66c6376dd2b0d1511abd0cb74a782fe1f31ba18850f921a5310c1093de5c
-
Filesize
1.6MB
MD57ce799e926c30d29b7b089c7f21f44e8
SHA18e3d01ee873f9cda4a9571733badfdfd21ddbac1
SHA2564e51164ff171cf1b5524d651dccab3ba46fa2b41f7e936fd3cfbdb8151a157d0
SHA512f0023b76c619d272c9ca243da28e68e564063abb5d46238f86e12191e0beea72f7949fb402e1ec23937820de38488dd5cb1b54ff37ef29376338e120ecca81c2
-
Filesize
1.4MB
MD542b4a292915d354c167201c25f5ae0ff
SHA180469422e54e2be333c3615e24943f34d9f3dcbe
SHA25699a513bc89ee9b6897e487adbb20e491d0443ebf72807201b23af812ced8ebdb
SHA5123781f30ddef69cc0af4eaef58b987b4af648f51d6837f52188459fe10ebc2f2b4fd50db7a774ea24ab8c6f489f0d1551aa0e948ae8e705e31a16220ce5456117
-
Filesize
1.4MB
MD5452c5661b1b67e7dd3c8ac5f81eb7d44
SHA1e22c46cb999066aea4b0173ce392e04c6f7a3de8
SHA256d3924ea8e4ef8d85ceaeb48a6b2aba9994e398b049676d76c5268e59589d7986
SHA5127196d57b303a158ff2e1d71d6a66e1b3b731e8c665a5ebdaa73e67fe23510064109cb75c1a05a633a8cb43898bae8db0cf94ed0c801b3faa3246e3ed1cdb00a7
-
Filesize
1.3MB
MD54a775062f7495a5551d317276ba6f4e8
SHA176665c671c465ee0f9d01bca1e855d787c6ed17e
SHA256f915ea3de48fc9037b39c2982288bd705b66997d5aaac70644d0ec0dcd14d611
SHA512f591a4fecd22bb0fa3c1eeef86d70d814a7ce91c17c9178df05b9e49b5079f13a088e75124688ad2aeaf8cbf393a23e6a5df743a8af0b0fe5afb447fa4049b3b
-
Filesize
1.3MB
MD5fd52c182a15aec59b0d82a413a6381b4
SHA1950a47e878c5c7466cbe90bf62e65852c39501d3
SHA256956ab3f1fe808406f84a5b9a2c9f61fd2973e0f66fe94179dd07f9c576f9ef8c
SHA5127f6c912d86e3fd61950622fd70c3df8dcd189830eafbf3b3ad4965f00c2484cb28296350ac090beeb4b37669e6e36898c6df8d70d482cfe3d8dca79ff100478f
-
Filesize
1.6MB
MD5a1a80b221d78e1fde1ccf55640e5bc6f
SHA1a881346a7d3671b066200e774798bc151151792e
SHA2561d1984a9338966998dd33e0ee455514886e15be21a95887162bcbf08fe212ec2
SHA512a03ca53fd6637bdf2343c0df570e869b9ea3c7670994053afc2649412ebfcb27e54c4c094d014d3c191d43972b51b4cdb7b3a76bf5163683c92b4a61a3c9e1ff
-
Filesize
1.4MB
MD559b159109e3ab886cdf598d6cf1b52a0
SHA17663ef1a8d89ae26239258e13d3b8f3dcb334089
SHA2562fd2c03d51eb3663a4ad602cb570ed4da7d38c8b7d13dbdfe4e4eca51f8ec864
SHA512957adfa7d9c53e60e6dcd260be6ae821a2977283fee6eaa47e40249e28f8cb2eb1babada1c919776137b494d4afd02a3df9ec9a03dab12a62a747da6cd88c560