Analysis
-
max time kernel
93s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:08
Static task
static1
Behavioral task
behavioral1
Sample
Graphing data.xlsx
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Graphing data.xlsx
Resource
win10v2004-20240508-en
General
-
Target
Graphing data.xlsx
-
Size
7.6MB
-
MD5
e19d0eda637f74082459f65ef9932c06
-
SHA1
02c1b4bea5a8a8984ae4b06b88cc30c5ccbbe58e
-
SHA256
3eb94783cb0063c9fb90a79f8a157e315f627bd60e5bcfc4c426aa90b6069f1a
-
SHA512
d95c57f1f5df143956fd9f1582ee38ffcf0679724346b242d49cd5639a1eca714fb65ddbb23ff5b22518028938054277e2eaf3c8226c3c6dcfb6912f104d849f
-
SSDEEP
196608:nkDusCHhRf8ewh52r1LDpD7jruFNTiuYvWa4mApTz:kCs6dgz2r1LDpD7jUNTiuYu9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 4 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor EXCEL.EXE -
Modifies registry class 64 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597} EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open" EXCEL.EXE Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\"" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]" EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1" EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit EXCEL.EXE Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open" EXCEL.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open" EXCEL.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit" EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2780 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2396 chrome.exe 2396 chrome.exe -
Suspicious use of AdjustPrivilegeToken 20 IoCs
description pid Process Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe Token: SeShutdownPrivilege 2396 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe 2396 chrome.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2780 EXCEL.EXE 2780 EXCEL.EXE 2780 EXCEL.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2396 wrote to memory of 2456 2396 chrome.exe 32 PID 2396 wrote to memory of 2456 2396 chrome.exe 32 PID 2396 wrote to memory of 2456 2396 chrome.exe 32 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 852 2396 chrome.exe 34 PID 2396 wrote to memory of 1496 2396 chrome.exe 35 PID 2396 wrote to memory of 1496 2396 chrome.exe 35 PID 2396 wrote to memory of 1496 2396 chrome.exe 35 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36 PID 2396 wrote to memory of 1836 2396 chrome.exe 36
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\Graphing data.xlsx"1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7bd9758,0x7fef7bd9768,0x7fef7bd97782⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:22⤵PID:852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:1496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:1836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:1048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:22⤵PID:1092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1424 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3384 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:1960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2412 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2460 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1412 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:2960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2768 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2380 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:12⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4084 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:2324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4104 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:2216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:1428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=740 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4232 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4240 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:2696
-
-
C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe"C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe"2⤵PID:1208
-
C:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exeC:\Users\Admin\Downloads\Opera_GX_95.0.4635.88_Setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=95.0.4635.88 --initial-client-data=0x19c,0x198,0x1a0,0x164,0x1a4,0x6cc05438,0x6cc05448,0x6cc054543⤵PID:1600
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\Opera_GX_95.0.4635.88_Setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\Opera_GX_95.0.4635.88_Setup.exe" --version3⤵PID:2268
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1284,i,4925538739702954651,12099975815347542107,131072 /prefetch:82⤵PID:848
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
363B
MD5b88e16da47ddcf57660bff34c59329c1
SHA1224fb39bf7b957554c6149e432ddc8f60083a243
SHA2565122ff5c41cc2e07aea38cd930eba827b169e5b12b7ca9837d0f2b606a375058
SHA512739167856af9c0075cfb8946a58ab02e8229027a406229401de0a17d24622c83865c1ee30b84085df2fe709f5173dc837ebbd02c2b92bcd0fb749c9f4a456422
-
Filesize
363B
MD556a8074ebfcff4e6bcd982ae401bb9b5
SHA15acefeb16a5077813b46184cfae4160f4724f56b
SHA2566faaad073fb507e8a7fd6b7e99e24b5078a85ea34b0c7fb18db313756457855e
SHA5120bea311b66dc0ee245e715dcbd53ae7bb2d3f6985fbe515723f98219ed1606c0d726e0fc69cbd0a7b9ac8de30b4bdc6cb602983218471b91073229435f996cbc
-
Filesize
1KB
MD5ca7f153768cf0fcf59dfbfd42e8dc3fc
SHA1feedaea0eff98fe6521f529b38b969b8fa31e495
SHA256416cb4b8adbd0e7c5e422a48f7552c31f46de0bb6304898612789bfa68a23ad4
SHA5126aff28871b1e51acbad34e8342d2bb8a41b8dde27c1afe3aa4174f81a50c8e453970fdc65982ed9f00cee638b0a0d9394130fd04020a33020039da5f60661252
-
Filesize
5KB
MD59d3f3869a8456aa559fc90ef8b21344b
SHA1bddb930095a403aeac6c4d196d3fe51b0ea16103
SHA256191fc87a22e39addefb6c3617c5bd9cf0f8fad05aa694b3644aa99ef390ba670
SHA512e8dc27bd20e03d84c5ece11367b4ea53b7761437924a7a22e35f7c402fc573d8ea17ce48d71a1f730a7f3f51d8841eb4e85e03647a5ddac2a2da038d5c87f05b
-
Filesize
6KB
MD5773727cdf1188b190afc7b95cd764ca7
SHA1074cd231451f54649c62d66dd336a2aa3c4e078b
SHA2567ead15f080b26e06f92f52a60fa45fdc74182955c17b5408116ad7f01b4f6eb9
SHA512f043f9e76693237220d149417cf0a71049aefb020995adba789e0b490be925ab0bd6fd089ffc11622365ca6f3ee6d0b260a7abe86874b310bc87f3ae0ce200c3
-
Filesize
6KB
MD57977b0a8aeaa628cbb7628f6ebfba597
SHA15f637d7e3949634133256586e2540b60b7d6ae76
SHA256d0a4f398d8b0110145f9dfb3ec143f672fdc282eb2ba80e7a6ef21e2e126a95d
SHA512ddbeb7a44064d073dfbe0fabfa4b23cdfefac11bc9d30e4875c363352a42ceed37d2f9e913b2fcbf1f457d5c8c804a38f4830b63785007c928227caa6509e17f
-
Filesize
6KB
MD5048f3959eb0028973f2af8a5afec9bbe
SHA13ff8f9dc2a45fb9646901f286be892c56b3533d3
SHA2560cfb75dab03d5baf31910b7879686ff4b74f7679d9d71bcd498be8666b594fd0
SHA51231b8a307b12463d488e2f1ca3b2fc4d28862cf88e1be0a32488842e6c6d6666620902b0064e5d6d46248f1362e6e9533f4ad79ae0f34c55a1191439756a854c1
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
76KB
MD57e678c8a737da3655d8fbde5a6cad930
SHA131740dcf01238ba9ade09837b114bcb9eec02bfd
SHA256894c4017da04158d71e9c5c0eb3593b745decc9cb58c365beaf763d95752fb2a
SHA5120e8da57099033bf667e53ef420ea12a369f6bf1498f6b724b50b0e31fc5071097ea9e689b1f59719f449dc459362f0848e0b050fa4cc106605eb3be3c9d55e1a
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
5.3MB
MD5bd7ed8ac8b62406ed11845b4bd911047
SHA170f714e32c2838518d647056e39de16cbbf18f5b
SHA2561e6447f3549610e2fcecc244aaa3fa5ceb1596b3f3ba5eac15837c639c704b70
SHA512d2c062ad26774f5c1d173286ed4f276fcc1e27aa5a067d02b63aee1e3fd150a671c91f1e3e9496bd90988e15277998186a3d3b56db4ce361894642679d249b7f