Resubmissions
07-06-2024 19:53
240607-yl3b7sde56 807-06-2024 19:50
240607-ykgdcace4x 407-06-2024 19:49
240607-yj29esde32 1Analysis
-
max time kernel
85s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
07-06-2024 19:50
Static task
static1
Behavioral task
behavioral1
Sample
Picture.psd
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Picture.psd
Resource
win10v2004-20240426-en
General
-
Target
Picture.psd
-
Size
275KB
-
MD5
51d05bdf927d6db9b8955a0f0884a157
-
SHA1
851e1197cca9b39275bd29bb24da1a606e894c5d
-
SHA256
fcb63ed3223083b3f1d6830ad56204e47d2394fca667cd21125b744c05f6e3e8
-
SHA512
80d60f5aaee5606f427983b77d6b315141d938f3a9e231ac83eaa6274992ed3815a8ee79186655a09278327a9d7abc0353f60215f0f367d8778ad8fe3d6a29fc
-
SSDEEP
3072:ewz/rtm3CEcBqzzyv+KSKT5UoPUrN9GRi79:eZ3cBwzAKKyociRM9
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
Processes:
WINWORD.EXEdescription ioc process File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Processes:
WINWORD.EXEdescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" WINWORD.EXE -
Modifies registry class 64 IoCs
Processes:
WINWORD.EXErundll32.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]" WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" WINWORD.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec WINWORD.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print WINWORD.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command WINWORD.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEWINWORD.EXEpid process 2800 WINWORD.EXE 1172 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2144 chrome.exe 2144 chrome.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe Token: SeShutdownPrivilege 2144 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe 2144 chrome.exe -
Suspicious use of SetWindowsHookEx 18 IoCs
Processes:
WINWORD.EXEWINWORD.EXEpid process 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 1172 WINWORD.EXE 1172 WINWORD.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.exeWINWORD.EXEchrome.exedescription pid process target process PID 1776 wrote to memory of 3052 1776 cmd.exe rundll32.exe PID 1776 wrote to memory of 3052 1776 cmd.exe rundll32.exe PID 1776 wrote to memory of 3052 1776 cmd.exe rundll32.exe PID 1172 wrote to memory of 880 1172 WINWORD.EXE splwow64.exe PID 1172 wrote to memory of 880 1172 WINWORD.EXE splwow64.exe PID 1172 wrote to memory of 880 1172 WINWORD.EXE splwow64.exe PID 1172 wrote to memory of 880 1172 WINWORD.EXE splwow64.exe PID 2144 wrote to memory of 1532 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 1532 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 1532 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2312 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2100 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2100 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2100 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe PID 2144 wrote to memory of 2200 2144 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Picture.psd1⤵
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Picture.psd2⤵
- Modifies registry class
PID:3052
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2628
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2616
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\AssertGroup.doc"1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2800
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:880
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6619758,0x7fef6619768,0x7fef66197782⤵PID:1532
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:22⤵PID:2312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:2100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:2200
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:12⤵PID:2996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:12⤵PID:2128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:22⤵PID:2864
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:12⤵PID:2060
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:2096
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:820
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:1760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3500 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:12⤵PID:1172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:2412
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1088 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:3060
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:1080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1092 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:2792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:3004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=1372,i,8352663475337583786,7056216347871654052,131072 /prefetch:82⤵PID:2040
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2020
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2276
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
69KB
MD54f9d58547367f284c0fa5c840c00b329
SHA1afdf5a998830ad8bea4d57ad8cb3882ac911b43f
SHA2563104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd
SHA5127d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350
-
Filesize
327KB
MD5420c92784446f49963c8e9caedd17425
SHA1ef05de375fedec2795f9a9527483c17ac6d211bd
SHA256fea5580fd2f268d43c0f781d9d3aa8659d4fe926e1db572c0a2ac8ff6f30fe52
SHA5129d7bfed436ea499559a9fa7cc37ca7d67c6508112c89466d8d0978a082450a17eb80edb6ce8d00b15c6b8a9958f940a159860726ab11fd9eeea46bb872fe2c43
-
Filesize
133KB
MD58bb4333c9b03c5d6bc2436bad3d9baa2
SHA15c695c20997271beb672b8eded3fdf3af1cf9ce2
SHA256bfdc6372d7f4eddcf1e45bc39d3e8208479ef1088135928f8e560b53f5c3afdc
SHA51205f270d4e56fae267c1170e73b808cb878007a112feab442581a4be2aecab117b35ca3058b25305e21250cd2079f0bc96773ea60fb161946094e9a38d35dec05
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
361B
MD5fb883a02ea4a1026a579dac3c0523088
SHA17df1931085eebf812805990898e4792ef728d5ec
SHA25637e3ad088572a0f12be19981279b1bf054fe3006ded555b7e96ab2374cf93ecd
SHA512785761d18347d3ed8d0eace89a46b641e6cedb894c4cb6d06c58e091e590edce25fdd913def63713fcc7ed051a05d11f2cb2e49f7c0d60f506211ce532b50ed3
-
Filesize
520B
MD533df2b2f25e612dca29446c516c5b128
SHA1b1b10830e1cf824029ae17b40470a2e4c860b073
SHA256ad9f9466502940075ae8978111fbee2d872847dffad1fa1cdecd3da56a372b24
SHA512291344be1aebb10dddf259973e78e19e57d84560a14d77cb0434bc9da7917ee263b73e33f999c6be349d951235bda1f0d07a4a6e8afcbd919391e491ce6e33ed
-
Filesize
361B
MD5789250d118129d11dd066f33e6479e57
SHA1d1966a87bf672cac05621d27ea6965d07806f825
SHA256d8afd8ec19acf23fa13c4cf51432d7f71b2d1cb9a1f39c37452df759bc5995a2
SHA512eca283396183fbe00ed3dbee00811e1edf2de05c5bf248c671e70daa514ade143db4e254fea540521b148232f3a99abae52a7cd09126d404a9f451bd455788e6
-
Filesize
6KB
MD5a17bd6804912b487f0db033ef102c7e4
SHA1590eb42b495b4eb501cb0e070639870c9a06a700
SHA2568489e9b485b39484c2fc4f908ff8e21dc2cbc20a5847ab0c2f7c852441cba10a
SHA51239a6f3be45a2a6135ccfaae70f39e30e1d56ea0cd48e05e8f2514a651cf72a8bf0c412c1938cfc0ddb42eb9b29a0a27a7682c86763dc9a69891aa7b7a047758e
-
Filesize
6KB
MD528d9cd18130b0d16f53ea6fa1c3aeb1d
SHA1cbae29cbc68c6e928f20c8bc417ee5a22a073ea9
SHA256ddaa425ddfab360e1f9e508498e3f94d36ee374305511b4b02ce398bb6cf49d4
SHA5121cc66640a9f0554c410e97ec72a1f6aa3560360c851df138a2535fcbca81b4ab206639e0408f1c9d6f4a4e4b0d0bbd404b7319180858192921d0080d09ad549f
-
Filesize
6KB
MD5d1d3c7b312701e453343c69380ccd54d
SHA13735618012b030f91fc71d25af66c358285ffe4a
SHA2561d039339b2294f6f4047a15adc85bed5c1508813893a28e518cd00018f78b649
SHA512db4bcde86e67b2e7a1b41d779388654f10f8f15ea1dd2f00b7956989f7a873265478f02d6069805a860cabbc976700e370f3518d7d54a576ba0f5b009a2692d9
-
Filesize
5KB
MD5b7d663715b3a4c1d2fe26ebf09baf606
SHA18dc78187461ed72a27e030be61c83ac7eac13774
SHA25687f5a6504799c09d31f52787f047f4d63c8104a496b2f55cd8728e7725074bc6
SHA5124c7f40fb8eb70d8beab1a10368adae868b6a68819437641f115adae7de3c5df90f657887195c7c7cbc7ddacc796439dc554512a9afbd7dd31a16819f1a3f5800
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
74KB
MD5044c494a6265b2b5f8cc637853c54f76
SHA11f13e740b7a3daa6944308445d1434a71cc01aa4
SHA25640f822b67d2d8c195e85ccffc9c7ec5d4d589e6b3f6bb27478955d1f5674ef8d
SHA512a4217a8d1e5d3e030807cdd1278d7d1cfcfd80426a1871ac82a60125244ffb8535942330022ee4322c0a5cfca474dcb3fd9870b6b7ae9f8152789049d5a4625c
-
Filesize
1.5MB
MD5ba30181d6345c58c90603e880caea9e8
SHA1a9c5c97e34853d8ac6e6df2048d0fb37374c07c4
SHA256590bc43ce2fb7bf8d25d301c4674485de3e0f026665048b467a470446a828055
SHA51283ddf640b8defbc10de1449c00111c2927de145565375e6194458aadb30a519cbd8cae63ca735fdc1d7dc32fcaac537a3b4e457d8d4456bff67ec2e9aa6ef065
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
105B
MD5676fc7f84178283fde8c3d966f504f0e
SHA1736a746a8183d3e7238cf9a3b57501a761046d5f
SHA256aa5dc132b8e78872dc882ada4a61806f73953497e2d1b0bb7d821e247ebf6c45
SHA512eaadad06504c54b2ae7521f6b4c01a186ea047b9181730c6d8abebcc099b1afe15026739a0b9892df74708ca0504abfa0abfbee7d91c1876373b7c613ca5df16
-
Filesize
20KB
MD5f4c2cc7b9d13e09c43a41c92e5630cd3
SHA1429b1d4ad2ddf7d57eee06c1d3b5381e6e9201e6
SHA256c0c66c9291bb3e9aac0264b4cc79f62ac8d07cecd8ddbfc00a6b3dfef3f60436
SHA5120045c71cfd4363ddfa1f3b44ef2769d9c7598c4d2aca8cfa22d0e8471981ab910a21019f2c9b5adc91645886af364d5280717b4e69817b14a22b0349faea5602
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
69KB
MD5f5b8eeb6ba26971e7ccf3a78929331d4
SHA1f3635c6493ea0ae150df8a1321d53c2477b0ffd2
SHA256cd5e868abc07764b13350177d02cc4defa971fd60b406f3db1b3b382f8da0e6d
SHA5121de4dcb95027d124075cb96fa211889c4d0d01cb1d6636043591f2dd6e1939c80de27e58f0c4d232d9a7599f4ee04d71e10b72a073589b5e726480c4b304ce1c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e