Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 07:02
Static task
static1
Behavioral task
behavioral1
Sample
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe
Resource
win7-20240611-en
General
-
Target
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe
-
Size
1.5MB
-
MD5
ab3e9cf29a1b10d88e7c24fc35f06660
-
SHA1
bb34b46edd73f89e2e1144e98a8274cf8a7149b1
-
SHA256
289f0fe99d4119a2a67c4e5428093ebb00854b31a3b80874f944c9b31e7f67e8
-
SHA512
1daa4465df643d40d9364dc5c4253c856638df663d51daf9d04461f7c6bd432f34e0d186657efb17a6c77372f834db3a6efe751eb23ef5f7cc8ae7ba6b7ea177
-
SSDEEP
24576:+omUFhNkmLFj4svqaShRsUiTfjo5ya8j8Dt/sBlDqgZQd6XKtiMJYiPU:+Camxj4svqaShRibza86/snji6attJM
Malware Config
Signatures
-
Executes dropped EXE 22 IoCs
Processes:
alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exeSearchIndexer.exepid Process 3372 alg.exe 3124 DiagnosticsHub.StandardCollector.Service.exe 3640 fxssvc.exe 3196 elevation_service.exe 980 elevation_service.exe 3692 maintenanceservice.exe 2344 msdtc.exe 4828 OSE.EXE 4480 PerceptionSimulationService.exe 4632 perfhost.exe 3008 locator.exe 2008 SensorDataService.exe 1180 snmptrap.exe 2244 spectrum.exe 3960 ssh-agent.exe 768 TieringEngineService.exe 3496 AgentService.exe 4436 vds.exe 2216 vssvc.exe 816 wbengine.exe 3624 WmiApSrv.exe 2368 SearchIndexer.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 31 IoCs
Processes:
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exealg.exemsdtc.exedescription ioc Process File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\wbengine.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\AppVClient.exe alg.exe File opened for modification C:\Windows\system32\AgentService.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe alg.exe File opened for modification C:\Windows\System32\SensorDataService.exe alg.exe File opened for modification C:\Windows\system32\AppVClient.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\TieringEngineService.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\vssvc.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\System32\msdtc.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\locator.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\System32\alg.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\spectrum.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\SysWow64\perfhost.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\SgrmBroker.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\dllhost.exe alg.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\bc8c168c3136770.bin alg.exe File opened for modification C:\Windows\system32\dllhost.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\fxssvc.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG msdtc.exe File opened for modification C:\Windows\System32\SensorDataService.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\System32\vds.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\SgrmBroker.exe alg.exe File opened for modification C:\Windows\system32\msiexec.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\System32\snmptrap.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\AgentService.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\SearchIndexer.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Windows\system32\fxssvc.exe alg.exe -
Drops file in Program Files directory 64 IoCs
Processes:
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exealg.exedescription ioc Process File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\kinit.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe alg.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe alg.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe alg.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe alg.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe alg.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe alg.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe alg.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe alg.exe File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe alg.exe -
Drops file in Windows directory 3 IoCs
Processes:
msdtc.exealg.exeab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exedescription ioc Process File opened for modification C:\Windows\DtcInstall.log msdtc.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe alg.exe File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
spectrum.exeSensorDataService.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 SensorDataService.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 spectrum.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName spectrum.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A spectrum.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
TieringEngineService.exedescription ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 TieringEngineService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz TieringEngineService.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
SearchProtocolHost.exefxssvc.exeSearchIndexer.exeSearchFilterHost.exedescription ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a3f141e528beda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" SearchIndexer.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ab6576e528beda01 SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit SearchFilterHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" SearchIndexer.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e8c778e528beda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" SearchProtocolHost.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000017fa2de628beda01 SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" fxssvc.exe Key created \REGISTRY\USER\.DEFAULT\Software SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" fxssvc.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" SearchIndexer.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" SearchProtocolHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer SearchFilterHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File" SearchProtocolHost.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" SearchIndexer.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a52fffe428beda01 SearchProtocolHost.exe -
Modifies registry class 20 IoCs
Processes:
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 35 IoCs
Processes:
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exepid Process 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid Process 660 660 -
Suspicious use of AdjustPrivilegeToken 45 IoCs
Processes:
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exeSearchIndexer.exealg.exedescription pid Process Token: SeTakeOwnershipPrivilege 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Token: SeAuditPrivilege 3640 fxssvc.exe Token: SeRestorePrivilege 768 TieringEngineService.exe Token: SeManageVolumePrivilege 768 TieringEngineService.exe Token: SeAssignPrimaryTokenPrivilege 3496 AgentService.exe Token: SeBackupPrivilege 2216 vssvc.exe Token: SeRestorePrivilege 2216 vssvc.exe Token: SeAuditPrivilege 2216 vssvc.exe Token: SeBackupPrivilege 816 wbengine.exe Token: SeRestorePrivilege 816 wbengine.exe Token: SeSecurityPrivilege 816 wbengine.exe Token: 33 2368 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeTakeOwnershipPrivilege 2368 SearchIndexer.exe Token: SeDebugPrivilege 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Token: SeDebugPrivilege 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Token: SeDebugPrivilege 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Token: SeDebugPrivilege 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Token: SeDebugPrivilege 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe Token: SeDebugPrivilege 3372 alg.exe Token: SeDebugPrivilege 3372 alg.exe Token: SeDebugPrivilege 3372 alg.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exepid Process 2800 ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
SearchIndexer.exedescription pid Process procid_target PID 2368 wrote to memory of 1796 2368 SearchIndexer.exe 108 PID 2368 wrote to memory of 1796 2368 SearchIndexer.exe 108 PID 2368 wrote to memory of 3068 2368 SearchIndexer.exe 109 PID 2368 wrote to memory of 3068 2368 SearchIndexer.exe 109 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ab3e9cf29a1b10d88e7c24fc35f06660_NeikiAnalytics.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2800
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3372
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Executes dropped EXE
PID:3124
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵PID:4572
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3640
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
- Executes dropped EXE
PID:3196
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
PID:980
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
PID:3692
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2344
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
PID:4828
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
- Executes dropped EXE
PID:4480
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
- Executes dropped EXE
PID:4632
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
- Executes dropped EXE
PID:3008
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2008
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
- Executes dropped EXE
PID:1180
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2244
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
- Executes dropped EXE
PID:3960
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵PID:1736
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:768
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3496
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Executes dropped EXE
PID:4436
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2216
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:816
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
- Executes dropped EXE
PID:3624
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
PID:1796
-
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8962⤵
- Modifies data under HKEY_USERS
PID:3068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD597461fb7aa7236073b0705cb0b508911
SHA16b9ec9e78ca7577456d9db6856b688f2f701d542
SHA256e04e8e0eea2115588f53d717bca7c616002d150ea6473b64f5f919fb9ce744b0
SHA51285cf18aa2c74d0eac71a2bd0014dec1ec40ed6e0fe3735a2f9916a07a9bfb37b395fe9381e990c783a9da93ed0d9c52d6697ec12ad66907348b9e6a8e4be9e13
-
Filesize
797KB
MD5e30fb72a89c408e914c8ddae2a1c9bac
SHA17d7fc512099bdb1f9b76ded2560079fd284c1eae
SHA256c6d64154276fcde23e530e3d624473d10ab2f73f11d69c64d98105c7f5d52f5e
SHA51241f64181b0c3d41149ee49cde3de95a2141126fbe45b65a0395b862482095940a02d553fc7a0e0ec77e21c8479be5d9c0bacf50ab9f019c338ba4d994eaa49dc
-
Filesize
1.1MB
MD52dbd7b049c69ba3202301690b6292983
SHA142f630308e2821a9b19eb7faa8469af9d69325e7
SHA256f4aa5f6cd7ab91fedc896d3d83213bc7088f5b0f6c0fa042e4a28faae03c2855
SHA5122bdc08aaf77d06f076f6b737c7a366be6daf2ae54dee5a7653fecccbf83a8e7155c604cfd1fc83463dc613d985538ec7dc3a860cf0173e4af93bcc529fb6f5c5
-
Filesize
1.5MB
MD5f2c489b1da8051e69bd4f49b4c19bd94
SHA1182eeb98c765828ffef8470f0e97624639a53cda
SHA25606306f409d92383deb53546459a7ffef48ce3685e6359612b1cd623971b3363b
SHA5125c0340e38bffaf9ffa4f1ccb376c5696437271cb51de8aa60f6c7eaadfa843b05c74e58d119089b9a64cd401ccd894497b5c73411fd4d073d713d52abb0fb8df
-
Filesize
1.2MB
MD510715e694d8a6e5aaed2fcf7b6909ba9
SHA1864817a41d469e89d57662f31bb18aa4a40991a4
SHA256225a1dd20408ca0e555888795504c7c56bb2a11f08082e522cc8d55ab54efa90
SHA5125b8b2c55192767882a8873636dd6bb8aad9032b9f5a5063fbb4c94b4eda21451df45801dc4b0853f3e043eaf83b79894527e4c67dbd7f85a436bfad077159db6
-
Filesize
582KB
MD5ca8cc0d192ff23aa86d9e3fd0b21738b
SHA1b3dc208357499d1dd26017382a27f01312abe723
SHA256535ef00a1de175a5d93a6b7e5c2fce50f36416b4699f29026cb8a6dc4a62d27a
SHA512c72fe2e8606efb54ebdf214780b4a81ea5e0d588c228d69bcde649111776df14734c9cb3692b8bcf3421ebcd08aef131c09270bfd2dc6e7f3f1a454fc75dc860
-
Filesize
840KB
MD581750f9bb31132902b35c6e4f3e4a81b
SHA1b14d728770528705656460f81ce7c260a8139d57
SHA25638936977505ad4f0ffda2f3db52c4202af65632cdd3e21b8b04a944185571024
SHA512733b35d6e869a8332316ea1e553d82612f311750cf920a574d0df9690455293eef24772ff2c43b8b265720fb443a02ac07b43ac55c97c55b79319e565cb3e8f2
-
Filesize
4.6MB
MD5a981dd64a0921889885b55cd2f2282ec
SHA13dd9d6db3325212df951d199a31ad8196aa3092a
SHA256588fb9ed11c673176c4c3eb89f5ebb654a5172485145ff1da2b93b93f195b576
SHA51294c7ffc02740ebc6a0320548d8140b44ef0663b87b6b63811c7110691af0d539f66ba999f699e85f652cbfa1078addf4242f438da4c52888e0c296aaad129bc8
-
Filesize
910KB
MD5d3c9c3c63f9905771af9578655bbcd6c
SHA16d98401616bbb8b7332a508510365c99c95e51bc
SHA2562df5b9b3a9bde0b46b0df95223e94d68a2f71ef6584922fc2f590245615c540e
SHA51202dc48e95bd2553b105d6d566dd96ba0872c8dd6384c4078c50849826636cb73428072a55e1dce187801c090c6b3857be6e9fac790b9cb33f9baa09a1c68faed
-
Filesize
24.0MB
MD531afb6d5b8b928695e277a91b185c163
SHA1fae16440b9c07386590e75833974a411827b16d8
SHA25656b7f3a3100831ea9e4a3612a1f3abd62201ae6b84808a286087c85eef68af62
SHA512959af80cc45e3fe525214161ddf99e1d1fbdab1a7abfc249304f872ffeccd0c747a50185830a480ee71ee144e38b803ddc11726c6adc8956cb6a31d4a3135bff
-
Filesize
2.7MB
MD554d049814069b1e834a0f7673b7a422d
SHA1d8c14059eec792ace37fa5db132cd57d57f770b2
SHA256f8b9dcebc9810b51f4837b2176586b9bd27902274e7c72bec149bce01fcc57a7
SHA5129689cb1f71388f744fd4a3b8fed7156bc733e955215a0700160e6089f0fa9dca021af8ce0d8fd83de54d4c62e7ba75ffae0c19e4f1bac5710e406a129fd07301
-
Filesize
1.1MB
MD5a44e370603238933fc6bda0e9379f282
SHA10efe5f894ef1b41fcd360ef042240d07ca7e3892
SHA256dfb8f5d884d5c741a24de0ad495a5c3439e887d1dbb519dd6f7fb6473337d70c
SHA5125161cd17dcde9640d261e715719e325004e5f148dc3b440f8bfad7c2ad84095d200bad3c4524cf603947d2c0a361a515201fea3ebda4248a9c8eb8ce90b25b38
-
Filesize
805KB
MD58f00d624f770e87da159fece44cdb3a8
SHA19616de27cde260befcf732b96f48ca2a846f16b7
SHA2567f7c44a0597ba68d47960c34e806db1a8b9eb197230f90ef6fa29ee3ba938d59
SHA51240a4174206ff522c7b06cfd3232b208e90f0f03a77a16927190dabf62a1b784ae06f12e67965887f968035afafb56fb7249b960ccb07ccb843d1910fb901ccc5
-
Filesize
656KB
MD5d1044a68287487200ac2bd37c6b6d9b6
SHA181a100311e5e0827a38bd2f321a2a724d5425487
SHA2566a6c3daf033344b8db001b6eb7c84d9599147612f5a15c0ca64447b153781303
SHA51232e1cf142edfa35ca092fc300769253c4adac1c6fd6e07942b8b35d8790d8faaaa607b1c1992384e6dd5a0b7da0c374023a40444c70c0803b38155420fe87f9f
-
Filesize
5.4MB
MD5dbe9510c0dd76bcbd33ae541f7154f6a
SHA125ef664eaa885384b7a35f1bf1edd1996bce224e
SHA2567e9932a0cda9f6da5cf437c991dbbe368d5442574336cfadc3b3c837eb16f1c8
SHA512d829655b8ac74efbcd51ce9bfdc53ecf4025584a222b32a632f8873431ad194c2925902aa72f8b574d242bed411373289886a27b39616ed4eebf1082b15a5f65
-
Filesize
5.4MB
MD56fb5ccde23ba4888b6a3c6778dd0f5bc
SHA1e58f41f838b4feb101ee5e831932deebc947cf0e
SHA25613ef518c3c9697f5aadc1a7a94e8a64476ff76d5ff26a2b5d4ce6b937898daa3
SHA512e86cefb3d2220642494e7278386a013889f6c3758863a22c5f09834ed2aeccdb519f67790d460fe468f3e9c7819cc4f4dec472679a2c8c83f449e20db804df5a
-
Filesize
2.0MB
MD568f12685949efd462d48601ed230f599
SHA182355327c3e4655b4c0fb79a3cae0aae739290f2
SHA256aea2d6abf5a4f9956ec235e6521e5581c4519af08ab68ebb6565e7d96e8f9e48
SHA512392fe96071c950de2e3ca786710137d3a36c1c3a758aefaabaa2325f58a9c1fe957a234d3bd67aaf5007a61d0f979e184eb60db97856834493a5e55881ba96ca
-
Filesize
2.2MB
MD50836036e88134bc20d591251bfad07fc
SHA11cd548320b4b076a62c138f7b599869012eed3a4
SHA256c284b1e88dac47fc2e120036316887bf9934cecceee479f257a310c074f8da4d
SHA512fac038fa59578c66e058ca68d3ff83d60fdbb43f2362f68bb802a721dc8165fe182cccbde425743527fc9b93fb41229dc771203fb35963f2e2d082b274ef53e1
-
Filesize
1.8MB
MD53e7767be9c9da9ad055475eb2086a59b
SHA11ce05447c70e7bb44b8c6a1afcc3269391927ee9
SHA2564c41500a8fd9c6490c682347adabeadb5f0a2d582737ae8e15c6fbd36fe9da06
SHA512c42e6ea0a411e2022738729306388061552507b6bb05073bc395b2bf764e3a1fdcf9f45904f143a17c8af6d9b7fa860ef08cffa9e9208512e28acd16a2c3c5f4
-
Filesize
1.7MB
MD5e02d54ca3235d5b356ce39db73649a0b
SHA1bfd17be55464435091253855f56186e66d56771d
SHA256f26f720fd45e15c21a0976d5d76910169667cbbb8d4ae3579d4d51ac6862f7fa
SHA512c67c001f7febb113266e5245299eda887ed87dd1597700a09c34ff02ed7d62cd8e2e0298f13a59c07cfbead9c55aaad5c03c7ee2812c5482914f7679046b9f1e
-
Filesize
581KB
MD57b0aad6eeb0e1929e8142c763de83988
SHA11f1789ddb70240c5a8723efe4848e244c90d7421
SHA256bc158928ebb4fa17e39570c045567d95b7c8d708dc8fc71a9ca89b89c5721dfd
SHA512cfaae45e6eb1d93f8aaf2ccd0481dbbc0b1a6d304d2bb820af02a8d9dd17c84ba8ca2f4e0c65872be960913a3c6ee5d65ffeb7b6c39368974372c7c962c664d7
-
Filesize
581KB
MD5f2e600b614fae372b300a3089a00d869
SHA147d89d96343133e8c95292bdccb7a17723cdcce0
SHA2567703464ec37374ee72b2f27b33d5954bbf7c12df22e89a11b6334a123c69ed74
SHA51261dc73a6651a5333379924380bb13607a9217c794ba134cc53e96b11f5dde83a98a8dd7d0295c89013b915f480be8e486aa7d5c1eafd6093dc992288c7822a32
-
Filesize
581KB
MD536c141eec9d2d70d0924ee5f4e221c29
SHA10fcf72965d16accbc5cd24d86e9234b544a4d9e4
SHA256645f8d5a9a45a6f9ceb0eb4fe603d78773851b6ff427d86c972f7f24324b26e8
SHA5127a68fc5cae89f2395dc0178b921541941f66ed60379be1dc270888e7481e135ccb4556947d1983c0ce194b585393896315805ca94c42e570170872c318a84881
-
Filesize
601KB
MD5e88f4d384e61e4cc8fdef73d494acf76
SHA13622c6346b4059e5dbcd1c22b5164f505420e4f7
SHA256162a90b2746d99d8457b8be623735bfa005a8b7cd375c2331b40d35ee794c053
SHA5120f10d85595350ce240d0869c66479572b656c940af7c3974e0a6552464c3e07c7914048abd882105e1092f6a28aec2755155605f2b1c18b5dc31d9a2d45c2f9b
-
Filesize
581KB
MD508a432e8e6d8f10441f0feddc132744b
SHA184440b72c121916504cbb13fb25a1ef35ebfcd2d
SHA256059670d9cd29b01301a455b9c3339dde41d48e6a1710834bfbec1f14d11b155c
SHA5123a5237c8e0900d0ad1f62538019a44b6d25c29d3052a7e0b280f152915db40ca24c659746bcd047956b5485507aa2b0ac97d709e9052881f204b5cfdf1ed5265
-
Filesize
581KB
MD50a909a7802ba1610b5943112d4a72a26
SHA1999be91c0e1dffc61d3a04fbfeb3966de5f37e52
SHA25698bc0b37a6fa14663c5484cfe808e6ba07d35cc1ae8917e6fc96becfb31184b1
SHA51232186f2b860dfb59b4f46663387a18c1451aa56405c5820142afa8db1986b757885b13fb6e3a71b87dd63c1f092c116d8494865462d73dbf510fc97eacab50a7
-
Filesize
581KB
MD51557d9a70c68b7ca8973b77d0ac39adf
SHA1ad4b8a017e29134268be757d059030cfddc97447
SHA256281bbf75725ac2f66160a329952e5ab1df8a1240387ca891a2d7f745284764ec
SHA5126370bb7b77e42eedeef0821503761e16e6b40347ef7660821d5a94649c9ecec3e64e82fc7a8490b13b2435ef80102364382796c6dbac2f1d251208eef9511155
-
Filesize
841KB
MD5f0d23a2998705c6d7031c35b90714886
SHA1d90805d6b7e400aaa0cca6d27a99ec31b2ffbe81
SHA2563018444cd48a0f1e55526a144f062f5df86f304876790c19f6f2c397f56a6a0f
SHA512210a28aba666b4ebecc9fff8f20f3922dc89f1c8e7976c659745bf1cc2d19ce189d48fb3ba248cbfcc7a87d0416f22d42a073078ee0dc0adee2185947b4e7ec5
-
Filesize
581KB
MD5ecd141bedc548edc12022d26d2c4802b
SHA116c27cdef0af31aa010e0e8f8130d20b436b2da4
SHA256e7f01695c7d5333708052b6e775dff79285ca5cbbe76bba79fb6545879f75550
SHA51214c0e2df6e9ecd109dc41a818350f32ca495bfc0ec92c68aad3243cc2ab006024bb625ea2cd9e285964d552fb2e463ac0c8d7de10ac05c2eddb51bfb8e002366
-
Filesize
581KB
MD5f34822af17614128efcd6f67f2e0085c
SHA1274b27a08e9f1db1893220825c658b6752453786
SHA256e8344d6eb0ec97d091f5e31f1c0516ba4f3f6208ab093bacf1326a712168f25f
SHA51216e8ef600f741ab3db99f12fac0c1efdb34e6867d435510ed98eca9ec01977013f4610a3e46e64f0d9c5c94f2c7f852705032de11c7f92a0c47ad6d42a70f698
-
Filesize
717KB
MD5f39e9ff72b761f2f519abee56194bdb7
SHA1846e2aa5816b752d959bfd5f3a92c74ba21e7543
SHA256a3530a62e85c0acef67a50abfc36b93cfab53d82377867915397527049d7ee85
SHA512a0c900957f91a86619d3487210c80a35f53393fd5757389f7f6fac475c4af020432631ad1a0e571996de384299539100eb8fe73ab4a3a83aa4b19408d85d2399
-
Filesize
581KB
MD5e857baeccd18ede7423e5c1f951c5287
SHA1fe93217eae5a8f5194408cfb5bcdf5c66a76a969
SHA256637e323f261c5283ac0176ac8529e03f5e6ba9c36b8378f7641d30f097756665
SHA512956c935311398a35b07d08456b628271acc7c0e83da8d99fb7feb08f547f1ab146df69b826612364439291e6875f6043598196edd3b2c4ea45b6a279a504272c
-
Filesize
581KB
MD589f329f08a8f86a11f2658e4dee7d393
SHA150fdc836c9c6f965f56d6bd20036b1269a6ecd3b
SHA256b4519c87433944a35969c8d30c4043c6fb679ca57443cf9438b2c0676d7a40d1
SHA5125a1d9718d3e4de52ca3d20d2d62a4600d501afcf388f5e32b4b725c507f748ed62a073e18b31f84bb38805e94cd1cf37a55b23d53691be8498ea7d39b0b659ed
-
Filesize
717KB
MD5c8b8880f9dd9f64d61284009b512a967
SHA15403b9ed4315467719b4e862526a7255194c30ef
SHA256b62f4e9e6eefee0a8f0c0a52daf2444ab577b8a88d2339e12d37941b433ad28d
SHA5120668514ff2742c289b9015928da1012cd936f2cbda00b44b9bb8d02b227071709493d5880fab12072466d695b8d824363680954d1c0914c5670ec832dfca9877
-
Filesize
841KB
MD587b215aba1329f7b5fb39a0fde5d1d69
SHA1817e1675059a6ea87112735da0de656d8882a563
SHA25637d11015b4b64df8b6e01404588a809f646a49871dc60ff87137b44034190146
SHA5125c3ab9c49475b5da16b1299a1977d57b9603bd57ce9c45839814ea47a62fc3803d27bab2817525d95677c7dd96544cae4a01317c6570190f7eeb498c9b9335c7
-
Filesize
1020KB
MD5752be4e8955879e2e462181dad86230f
SHA1efad72e3b62d24978ffab0e4068be7de770e3b37
SHA2564f9143e3516f18e2f6bae1506a71ba7109bd977ef8de9bea8aac7e34fc511a35
SHA5128fd45b1e2cc8866b6d54a87787a29182163b1aaf1857d9e075ad2e25f4562683abdf08b7536251a594503493ac79b0300f40ea5a59c8b84f4bd06426e8d9ce3b
-
Filesize
1.5MB
MD5b3d33aec29a38a5f627622fad2a488d2
SHA147783a19e9e849e6d0a1683a481dd0252fc03127
SHA256034acf296871d03c1e137a9c2f19e215be606d1c8b5e5b1a98244f0863009327
SHA512533ef6e71125d76d58d78bc9e3382aacc6329666431466b0c782e9873dd120d85c62e74283e9ad7a00d7b7b33ac2331af3d62725bd2ec743fd0b50f040aaed7f
-
Filesize
701KB
MD556ac847f49f368c30a8544c8b4eac030
SHA1c0948cfd2369a4268c3f3baf8096e2859270309a
SHA25667e95c59393fd7df77134eed4ad3668514ee84897f3f9734b809505bc0f90df6
SHA5128c4072efb816f48ef8d082ea6d06329e4bb20e06a77698af455f4ce2a3708ebd27c85adbcaef4050b23efbe0f182cafb440ad7e213ba00970872a6dad61e71ba
-
Filesize
588KB
MD56e1595c9ee465df4e564d56f9327b234
SHA1aa5780b8f650fd4ee89b580c100a67278674a0e6
SHA2563b17114d4d3214cfb9b4a5f137e3854bcbcd0704e4f46255629ee54a1c14b808
SHA5126fd6c33236989d0130ea2f94ed5b1d4d8c33be0256b23f0bfaccab664a1c635b9f4622575e056bd14e51246eb44038d9b758ff9a32cb660e1b1dbb21302c5dc8
-
Filesize
1.7MB
MD57b3ef5acc285ce31484b38e65e79f940
SHA1b8fe159f4efc03129f00b5a43df5e3c04e8e20cf
SHA256082abed61327e3aa8c058d60ac083e9785d300b1a639949865edf30885686d3e
SHA5128dcbbfc69622fb9d74ac0edb33b78dd91adca9313182a611c4047a53165e0b8a0b845b42eba43b30b58100c063d91c9d1e6d6028ef593fa417adc084654c196c
-
Filesize
659KB
MD5cfe0f5c385429ffb6319b5e39a48e1cd
SHA160eed708460ce60f24258006ee5831364ecef61a
SHA2569ef1fbf25c30ad50c61b01ab7f055f78a2493b1cb76cb2c9f4df506e1cfc0e51
SHA512455fcf5cf4b10fcadb5b9c11f53b425a7f93a03979617b4654553cafcbd07a5611cbdd63be0c8e1e193e5364e0f1696404507934ea444576ebedf113766c36d9
-
Filesize
1.2MB
MD531482d077cdd9c5134308dc051e2c464
SHA12619bcb7c529c6595e9f488149fff2983c1b91ef
SHA2565daa69834bf181f6d2d44d8efb4339e726a7b90f322c60b79eab202fb7313317
SHA512dca7d41e2a3801ecbacb3230caf5c67ce67f94456da44604c565affc78ac19d41cd3ccd9de35921b6d6a524feed85b0c110f794e64802f67cf4504ddfa6d9253
-
Filesize
578KB
MD5d4210982d123d6885edba1c93dde98fb
SHA1d3fb0f9211dcebcbbe99c164f57f990f14b3c4c4
SHA256b79f621b4c2c488af3cb6020d65306858c67a1eaba2a72e5d730bab3b758017d
SHA5124bf66ecdf2d985fdf1af5b6ce354b5d09c720ff76159a97a06dfbc6b4704bf75f931a284463a699dea41e8c62f5e3b6b36e975ed6c7e93ce3d7b125fed12b603
-
Filesize
940KB
MD507a3daa62c57a57149b6a3ba514bb5fd
SHA19998e2b14e4b82c2ca22f58741f3f8ad6c5baa77
SHA2561df150dc2a7ec600c3ba90cb213f0bd8510b098548b1dafe0f33e1ea70e28c83
SHA512c2b05d71a3f3e2f63036dddc91f3565914a0e5a013fb796d445e922c8da298415bd41fbd6393078c27dba93dc2096051806d77a7d9201e6b5b3b7727000e6df9
-
Filesize
671KB
MD5e6b864ed072ea16f7131a50d0bd87814
SHA15ab04772682b6a3ad909efd3900714c2e2146a76
SHA256dabdb8b28a1b777e363204b851636e57f6ac6b7130e7293c46565994d2a0b20b
SHA512d8ebf437f4e8d159fb988ae41e47a96195026295b9f0652a4c173beb3b163f516623b5f00f031feb77bc0fa680a65dc16bf42e10d4dabcedede31eb8ae37e454
-
Filesize
1.4MB
MD5cc5e5e1d8df8a28cde147aeade58b11f
SHA19c716ae38983ddc3f7de1dc94d38a14a5c80d3b0
SHA2563d14b5ae6ffaac5b280330cea5571b0652754b892f2a98a4d64b50ecd77a341b
SHA512046feeb495c128cadf06bad82f87570a5e1912fd0c6d5030113d00782fc1534baa9ff7341b9b44b5baaf4b3a1f5e9963fe11437ffe6cdc89475513c5a211ead5
-
Filesize
1.8MB
MD5f6d89f29b121733b9013643ece2e53a2
SHA1fd54c80cc1561ced8a31ebf9199f12f7d5a416dc
SHA25662e7bf7844ab8a4d62fc66b904fc8b9c40947c57032d477a7d85ecb2c42309ff
SHA512e15d8a90663cc6316cfe11fa32dd6246093663e5e2e1dfe2de96379c9221e49d1b9c8294e42bddb3dfea0bacb1daca40d54eab9d5af8f204dd6dbcb700939d9a
-
Filesize
1.4MB
MD55ff83ed14bc79827913dacdd92bbb5f0
SHA13ddb2bdaf100e3b233ca7f47d8469791e8d9d14b
SHA256f7b5cbb3aaeff08ada330cf4b724794d76cb5cf31b63f9a25c41fa8890bd16f6
SHA512287381a095a779ec017fb802d3c8f59af2a5138399f8005d5e4c4d655bd54475400f740f8f21605f0a5d17527eb7d15d2355fb42956ec22fd7e9b01f599f1678
-
Filesize
885KB
MD52a52d881548a1dd68b01ce62051e24cd
SHA1fcbb97f46e787611b6f971208c16e6910a71f98c
SHA2563edb7843d973c852a7c9bb470998d224c0a4b7cdb217ab85783499c20c61e822
SHA512f1e42ba8af0e24f124aebad83cc6c1c9c22c2cef2faad00835d9b3de65de6a3e3ff0d33e801099b8dc658695bc6f291642da935e9e4c8f5181ede4f5f1ed2dff
-
Filesize
2.0MB
MD573809706fabca762b8d19451399baaf3
SHA147b54705dbdc50cac9b6d24f9c78792f39df4948
SHA256c5181ae26f0a4aaa9a2d9b5a5964b549c802aead4f60cfb7980abd134ef04724
SHA5124c4811a509c78b504c7fcd2f50f4d42f29b7bbf902b01d12d012763c6e27561ae7b89cc1fa24c6438048fe363d5fd35d056e6bca351a1a06f2964151a8ee83c7
-
Filesize
661KB
MD5dd6644d80c93d24e094e7a2700b068ca
SHA173450848e48caf8c462e1dd42932b4a8f3c24de3
SHA256dc858a63ec028ac2eeaaa2b9d3342265f042cc4dc6a7c0f6ce94784c0346449a
SHA5123285a491849de027c53cce62808e014f5333f600c6782ba99bd2cc6e004b50a7be0dbbeebf7eb9975b03bdbc9eaa8959696dc551789bf8b9d4adce8cfb100578
-
Filesize
712KB
MD5ad72fc725716c45fefc95e11ed22a7ae
SHA12a879bcc1ace4dd6ea99494da67733f88bfd5a56
SHA25601b4bb6ccccf6bf9a4d26517f3e5de04986ad39dc0d386a5977bf835c6b19dfc
SHA5123f794f6d4ae00fe794603490b1a5e2db6949f7abd76fb5b66ecbc07f559a85647d7c3767ccf6cb58476e75c47c822179c8d0d73f8fd63b175e6bacce004ba4d7
-
Filesize
584KB
MD512ea28b594c89de4616a2cbb8c284cdb
SHA15f2b560635daf27f0ca888f51a718df63c749e8a
SHA2562083f6f039078aefab75f04c4a57e731dc84a5857b8d666027b3e41fdd0ff422
SHA512ec4690bb0b462652d98ad2801b60698671b49af78130c02b3af15865d9d79046cc965e2d80099f456f491165fe1260e64f9786d83cdd873a8910ca7a000969a9
-
Filesize
1.3MB
MD538735b34716c7b69a2d4e48e7ad0dc7e
SHA14dcc0c3c119577c2da0d742a0103269644c96133
SHA2565af21a5d703f3262ff5c6be247220ab9c426903fc44d9842ab6b7b1c7adae7cd
SHA512314e744445437c10b6f717bbb0742531e80af8d89afa2441864ee257600f26e2c88e5ddee02cc973f19c97a6c07001447ba22632379da237c284d7cc94f4e874
-
Filesize
772KB
MD561fc01124160ff964b756b3ee251ab95
SHA184d6faaec82e473fd8483c86e418f710856f05cd
SHA25639da7c0966f9c4d67e8abc3646bdce670feaf1cdbb78c3a9884341df0157c9eb
SHA512755a74c971a39facbbb525412c440a2f2f986a05cd7e44e6b8c3568461a53756d92e2b45014ba7a5601fe847812dda61dd492106b701117a94c14e868d4298bf
-
Filesize
2.1MB
MD541af0052aefbe41e16b775f296336fcc
SHA161ef55b95e69ccfe11bbd266a1774526c3bc7ded
SHA2569b7313cdb1599442e65c241d786a3d90bb3f1938f88ed30fbbc6a13c029ac044
SHA5123e58fe1f10cc15e441323d0df23e034f64ea98dda4dbaed7cdf4b05a5ad24fd7a88daffb5d1711f35b6204cc223c9865c21500c5a60210851b7c0862c3acfbdd
-
Filesize
1.3MB
MD5449988424e7088e756c0f7572362a569
SHA18dbe559bd7558759c38d187dfae686f03aad9315
SHA25629bed9a9f8825694d68e7c15ea88f4bc0315a4d7e33bddbf9525445026136f0d
SHA512fd3458c1e025a1f2f41daac877979ce8d8e28bc6f81d62f5a624fb9f63a62f61988d1d034b13c9944de2226bc0673f6cef505127a92d0d4a8036859754efd0f8
-
Filesize
877KB
MD59aa148e6fcb9fa266991c6778cd99bb9
SHA129b94a490591c5978eb842cca4db2990f8b5438a
SHA256da019839b1316054fc815bc66e3c3244933e8b94eb8dd16c3511df8813fc87d8
SHA51292b45ea1a2307c0ae5ef627d1091397c1908c405d5d74adc5675df47f7386915e9c08cd10c109ed1ac017d22f50d2c13e9777d2dffe8d1217870d1d25dea9f9c
-
Filesize
635KB
MD535f11f21c1b791730084873b857cce7a
SHA1b7c5e7b83a2d71f626ea73fadd06e062f2df6e8f
SHA256150a8d7e3ccae75e0e9f5f1d2292a29a4147d5c93627d378aa36015fc7eb0af2
SHA512018bdabee932e92fc0e564d003ca077f8acdb91424efe4d966406a421c8752cdc60e09b1fdc54b0be751463fd2d883d1d1dcea2ae1f84a9f180fa7f0de9316e5