Analysis
-
max time kernel
138s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-08-2024 21:46
Behavioral task
behavioral1
Sample
2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240708-en
General
-
Target
2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
f46369adc3525bf2078d9202b855753d
-
SHA1
b343dc0bfd14bf0b1b96858d407110c2e2193334
-
SHA256
c77276ec6dd1928c6f3d03deeac5bc7b712612b3845adc049fe71770c529014b
-
SHA512
56588d14b998a8e76912ad7f9cc4c93e39344c4bd4cd0deb1687eb185067cde008015b79b6d2509ec6bd9aa3a177bfd866ab4468bc6fd9b86175740249a14f36
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUp:T+856utgpPF8u/7p
Malware Config
Extracted
cobaltstrike
0
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
beacon_type
256
-
create_remote_thread
768
-
crypto_scheme
256
-
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 21 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule behavioral1/files/0x00080000000120f4-6.dat cobalt_reflective_dll behavioral1/files/0x0008000000016d67-12.dat cobalt_reflective_dll behavioral1/files/0x0008000000016d6b-17.dat cobalt_reflective_dll behavioral1/files/0x0008000000016d6f-19.dat cobalt_reflective_dll behavioral1/files/0x000700000001703d-37.dat cobalt_reflective_dll behavioral1/files/0x00090000000171b9-46.dat cobalt_reflective_dll behavioral1/files/0x0006000000018bd2-51.dat cobalt_reflective_dll behavioral1/files/0x000500000001927e-66.dat cobalt_reflective_dll behavioral1/files/0x0005000000019431-96.dat cobalt_reflective_dll behavioral1/files/0x0005000000019456-106.dat cobalt_reflective_dll behavioral1/files/0x000500000001944b-101.dat cobalt_reflective_dll behavioral1/files/0x000500000001941e-91.dat cobalt_reflective_dll behavioral1/files/0x0005000000019412-86.dat cobalt_reflective_dll behavioral1/files/0x000500000001938f-81.dat cobalt_reflective_dll behavioral1/files/0x0005000000019372-76.dat cobalt_reflective_dll behavioral1/files/0x0005000000019354-71.dat cobalt_reflective_dll behavioral1/files/0x000500000001927c-62.dat cobalt_reflective_dll behavioral1/files/0x000600000001902b-56.dat cobalt_reflective_dll behavioral1/files/0x0009000000017093-42.dat cobalt_reflective_dll behavioral1/files/0x0007000000016db1-31.dat cobalt_reflective_dll behavioral1/files/0x0007000000016d9f-27.dat cobalt_reflective_dll -
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
XMRig Miner payload 54 IoCs
resource yara_rule behavioral1/memory/2576-2-0x000000013FB00000-0x000000013FE54000-memory.dmp xmrig behavioral1/files/0x00080000000120f4-6.dat xmrig behavioral1/files/0x0008000000016d67-12.dat xmrig behavioral1/files/0x0008000000016d6b-17.dat xmrig behavioral1/files/0x0008000000016d6f-19.dat xmrig behavioral1/files/0x000700000001703d-37.dat xmrig behavioral1/files/0x00090000000171b9-46.dat xmrig behavioral1/files/0x0006000000018bd2-51.dat xmrig behavioral1/files/0x000500000001927e-66.dat xmrig behavioral1/files/0x0005000000019431-96.dat xmrig behavioral1/files/0x0005000000019456-106.dat xmrig behavioral1/files/0x000500000001944b-101.dat xmrig behavioral1/files/0x000500000001941e-91.dat xmrig behavioral1/files/0x0005000000019412-86.dat xmrig behavioral1/memory/2852-114-0x000000013F140000-0x000000013F494000-memory.dmp xmrig behavioral1/memory/2576-113-0x000000013F140000-0x000000013F494000-memory.dmp xmrig behavioral1/memory/1972-127-0x000000013FC60000-0x000000013FFB4000-memory.dmp xmrig behavioral1/memory/2680-126-0x000000013F040000-0x000000013F394000-memory.dmp xmrig behavioral1/memory/2084-124-0x000000013FF60000-0x00000001402B4000-memory.dmp xmrig behavioral1/memory/1708-122-0x000000013F940000-0x000000013FC94000-memory.dmp xmrig behavioral1/memory/2892-121-0x000000013F820000-0x000000013FB74000-memory.dmp xmrig behavioral1/memory/2944-120-0x000000013F1A0000-0x000000013F4F4000-memory.dmp xmrig behavioral1/memory/2576-119-0x000000013F1A0000-0x000000013F4F4000-memory.dmp xmrig behavioral1/memory/2668-118-0x000000013FC10000-0x000000013FF64000-memory.dmp xmrig behavioral1/memory/2208-117-0x000000013F320000-0x000000013F674000-memory.dmp xmrig behavioral1/memory/2576-116-0x000000013F320000-0x000000013F674000-memory.dmp xmrig behavioral1/memory/2912-115-0x000000013FE30000-0x0000000140184000-memory.dmp xmrig behavioral1/memory/2808-112-0x000000013FE50000-0x00000001401A4000-memory.dmp xmrig behavioral1/memory/2532-111-0x000000013FCC0000-0x0000000140014000-memory.dmp xmrig behavioral1/memory/2480-109-0x000000013F060000-0x000000013F3B4000-memory.dmp xmrig behavioral1/memory/2288-108-0x000000013FAD0000-0x000000013FE24000-memory.dmp xmrig behavioral1/files/0x000500000001938f-81.dat xmrig behavioral1/files/0x0005000000019372-76.dat xmrig behavioral1/files/0x0005000000019354-71.dat xmrig behavioral1/files/0x000500000001927c-62.dat xmrig behavioral1/files/0x000600000001902b-56.dat xmrig behavioral1/files/0x0009000000017093-42.dat xmrig behavioral1/files/0x0007000000016db1-31.dat xmrig behavioral1/files/0x0007000000016d9f-27.dat xmrig behavioral1/memory/2576-129-0x000000013FB00000-0x000000013FE54000-memory.dmp xmrig behavioral1/memory/2288-130-0x000000013FAD0000-0x000000013FE24000-memory.dmp xmrig behavioral1/memory/2480-131-0x000000013F060000-0x000000013F3B4000-memory.dmp xmrig behavioral1/memory/2532-132-0x000000013FCC0000-0x0000000140014000-memory.dmp xmrig behavioral1/memory/2808-133-0x000000013FE50000-0x00000001401A4000-memory.dmp xmrig behavioral1/memory/2852-134-0x000000013F140000-0x000000013F494000-memory.dmp xmrig behavioral1/memory/2912-135-0x000000013FE30000-0x0000000140184000-memory.dmp xmrig behavioral1/memory/2208-136-0x000000013F320000-0x000000013F674000-memory.dmp xmrig behavioral1/memory/2668-137-0x000000013FC10000-0x000000013FF64000-memory.dmp xmrig behavioral1/memory/2944-138-0x000000013F1A0000-0x000000013F4F4000-memory.dmp xmrig behavioral1/memory/2892-139-0x000000013F820000-0x000000013FB74000-memory.dmp xmrig behavioral1/memory/2084-141-0x000000013FF60000-0x00000001402B4000-memory.dmp xmrig behavioral1/memory/1972-143-0x000000013FC60000-0x000000013FFB4000-memory.dmp xmrig behavioral1/memory/2680-142-0x000000013F040000-0x000000013F394000-memory.dmp xmrig behavioral1/memory/1708-140-0x000000013F940000-0x000000013FC94000-memory.dmp xmrig -
Executes dropped EXE 21 IoCs
pid Process 2288 FuhUpub.exe 2480 JRGjtZw.exe 2532 gxWyPGB.exe 2808 sjCwBXt.exe 2852 ybeuwjh.exe 2912 zCtlhRN.exe 2208 jvHntHS.exe 2668 jkwrxkP.exe 2944 cGsoKFR.exe 2892 vWqAorH.exe 1708 xlEPEAP.exe 2084 xCMXfsp.exe 2680 bxFLcOc.exe 1972 lMQaDdJ.exe 2172 xBWslNS.exe 1932 ijnFSfW.exe 2752 aYNEBdE.exe 2332 XgffJxT.exe 1196 hTaXfGq.exe 2904 maOQgwR.exe 2976 ostxXlA.exe -
Loads dropped DLL 21 IoCs
pid Process 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe -
resource yara_rule behavioral1/memory/2576-2-0x000000013FB00000-0x000000013FE54000-memory.dmp upx behavioral1/files/0x00080000000120f4-6.dat upx behavioral1/files/0x0008000000016d67-12.dat upx behavioral1/files/0x0008000000016d6b-17.dat upx behavioral1/files/0x0008000000016d6f-19.dat upx behavioral1/files/0x000700000001703d-37.dat upx behavioral1/files/0x00090000000171b9-46.dat upx behavioral1/files/0x0006000000018bd2-51.dat upx behavioral1/files/0x000500000001927e-66.dat upx behavioral1/files/0x0005000000019431-96.dat upx behavioral1/files/0x0005000000019456-106.dat upx behavioral1/files/0x000500000001944b-101.dat upx behavioral1/files/0x000500000001941e-91.dat upx behavioral1/files/0x0005000000019412-86.dat upx behavioral1/memory/2852-114-0x000000013F140000-0x000000013F494000-memory.dmp upx behavioral1/memory/1972-127-0x000000013FC60000-0x000000013FFB4000-memory.dmp upx behavioral1/memory/2680-126-0x000000013F040000-0x000000013F394000-memory.dmp upx behavioral1/memory/2084-124-0x000000013FF60000-0x00000001402B4000-memory.dmp upx behavioral1/memory/1708-122-0x000000013F940000-0x000000013FC94000-memory.dmp upx behavioral1/memory/2892-121-0x000000013F820000-0x000000013FB74000-memory.dmp upx behavioral1/memory/2944-120-0x000000013F1A0000-0x000000013F4F4000-memory.dmp upx behavioral1/memory/2668-118-0x000000013FC10000-0x000000013FF64000-memory.dmp upx behavioral1/memory/2208-117-0x000000013F320000-0x000000013F674000-memory.dmp upx behavioral1/memory/2912-115-0x000000013FE30000-0x0000000140184000-memory.dmp upx behavioral1/memory/2808-112-0x000000013FE50000-0x00000001401A4000-memory.dmp upx behavioral1/memory/2532-111-0x000000013FCC0000-0x0000000140014000-memory.dmp upx behavioral1/memory/2480-109-0x000000013F060000-0x000000013F3B4000-memory.dmp upx behavioral1/memory/2288-108-0x000000013FAD0000-0x000000013FE24000-memory.dmp upx behavioral1/files/0x000500000001938f-81.dat upx behavioral1/files/0x0005000000019372-76.dat upx behavioral1/files/0x0005000000019354-71.dat upx behavioral1/files/0x000500000001927c-62.dat upx behavioral1/files/0x000600000001902b-56.dat upx behavioral1/files/0x0009000000017093-42.dat upx behavioral1/files/0x0007000000016db1-31.dat upx behavioral1/files/0x0007000000016d9f-27.dat upx behavioral1/memory/2576-129-0x000000013FB00000-0x000000013FE54000-memory.dmp upx behavioral1/memory/2288-130-0x000000013FAD0000-0x000000013FE24000-memory.dmp upx behavioral1/memory/2480-131-0x000000013F060000-0x000000013F3B4000-memory.dmp upx behavioral1/memory/2532-132-0x000000013FCC0000-0x0000000140014000-memory.dmp upx behavioral1/memory/2808-133-0x000000013FE50000-0x00000001401A4000-memory.dmp upx behavioral1/memory/2852-134-0x000000013F140000-0x000000013F494000-memory.dmp upx behavioral1/memory/2912-135-0x000000013FE30000-0x0000000140184000-memory.dmp upx behavioral1/memory/2208-136-0x000000013F320000-0x000000013F674000-memory.dmp upx behavioral1/memory/2668-137-0x000000013FC10000-0x000000013FF64000-memory.dmp upx behavioral1/memory/2944-138-0x000000013F1A0000-0x000000013F4F4000-memory.dmp upx behavioral1/memory/2892-139-0x000000013F820000-0x000000013FB74000-memory.dmp upx behavioral1/memory/2084-141-0x000000013FF60000-0x00000001402B4000-memory.dmp upx behavioral1/memory/1972-143-0x000000013FC60000-0x000000013FFB4000-memory.dmp upx behavioral1/memory/2680-142-0x000000013F040000-0x000000013F394000-memory.dmp upx behavioral1/memory/1708-140-0x000000013F940000-0x000000013FC94000-memory.dmp upx -
Drops file in Windows directory 21 IoCs
description ioc Process File created C:\Windows\System\FuhUpub.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\sjCwBXt.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\ybeuwjh.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\vWqAorH.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\lMQaDdJ.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\aYNEBdE.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\gxWyPGB.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\jvHntHS.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\jkwrxkP.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\cGsoKFR.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\xlEPEAP.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\bxFLcOc.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\XgffJxT.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\hTaXfGq.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\xBWslNS.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\ijnFSfW.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\ostxXlA.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\JRGjtZw.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\zCtlhRN.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\xCMXfsp.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\maOQgwR.exe 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe -
Suspicious use of WriteProcessMemory 63 IoCs
description pid Process procid_target PID 2576 wrote to memory of 2288 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 31 PID 2576 wrote to memory of 2288 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 31 PID 2576 wrote to memory of 2288 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 31 PID 2576 wrote to memory of 2480 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 32 PID 2576 wrote to memory of 2480 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 32 PID 2576 wrote to memory of 2480 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 32 PID 2576 wrote to memory of 2532 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 33 PID 2576 wrote to memory of 2532 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 33 PID 2576 wrote to memory of 2532 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 33 PID 2576 wrote to memory of 2808 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 34 PID 2576 wrote to memory of 2808 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 34 PID 2576 wrote to memory of 2808 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 34 PID 2576 wrote to memory of 2852 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 35 PID 2576 wrote to memory of 2852 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 35 PID 2576 wrote to memory of 2852 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 35 PID 2576 wrote to memory of 2912 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 36 PID 2576 wrote to memory of 2912 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 36 PID 2576 wrote to memory of 2912 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 36 PID 2576 wrote to memory of 2208 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 37 PID 2576 wrote to memory of 2208 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 37 PID 2576 wrote to memory of 2208 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 37 PID 2576 wrote to memory of 2668 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 38 PID 2576 wrote to memory of 2668 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 38 PID 2576 wrote to memory of 2668 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 38 PID 2576 wrote to memory of 2944 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 39 PID 2576 wrote to memory of 2944 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 39 PID 2576 wrote to memory of 2944 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 39 PID 2576 wrote to memory of 2892 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 40 PID 2576 wrote to memory of 2892 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 40 PID 2576 wrote to memory of 2892 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 40 PID 2576 wrote to memory of 1708 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 41 PID 2576 wrote to memory of 1708 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 41 PID 2576 wrote to memory of 1708 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 41 PID 2576 wrote to memory of 2084 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 42 PID 2576 wrote to memory of 2084 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 42 PID 2576 wrote to memory of 2084 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 42 PID 2576 wrote to memory of 2680 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 43 PID 2576 wrote to memory of 2680 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 43 PID 2576 wrote to memory of 2680 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 43 PID 2576 wrote to memory of 1972 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 44 PID 2576 wrote to memory of 1972 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 44 PID 2576 wrote to memory of 1972 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 44 PID 2576 wrote to memory of 2172 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 45 PID 2576 wrote to memory of 2172 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 45 PID 2576 wrote to memory of 2172 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 45 PID 2576 wrote to memory of 1932 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 46 PID 2576 wrote to memory of 1932 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 46 PID 2576 wrote to memory of 1932 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 46 PID 2576 wrote to memory of 2752 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 47 PID 2576 wrote to memory of 2752 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 47 PID 2576 wrote to memory of 2752 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 47 PID 2576 wrote to memory of 2332 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 48 PID 2576 wrote to memory of 2332 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 48 PID 2576 wrote to memory of 2332 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 48 PID 2576 wrote to memory of 1196 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 49 PID 2576 wrote to memory of 1196 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 49 PID 2576 wrote to memory of 1196 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 49 PID 2576 wrote to memory of 2904 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 50 PID 2576 wrote to memory of 2904 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 50 PID 2576 wrote to memory of 2904 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 50 PID 2576 wrote to memory of 2976 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 51 PID 2576 wrote to memory of 2976 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 51 PID 2576 wrote to memory of 2976 2576 2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe 51
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-07_f46369adc3525bf2078d9202b855753d_cobalt-strike_cobaltstrike_poet-rat.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2576 -
C:\Windows\System\FuhUpub.exeC:\Windows\System\FuhUpub.exe2⤵
- Executes dropped EXE
PID:2288
-
-
C:\Windows\System\JRGjtZw.exeC:\Windows\System\JRGjtZw.exe2⤵
- Executes dropped EXE
PID:2480
-
-
C:\Windows\System\gxWyPGB.exeC:\Windows\System\gxWyPGB.exe2⤵
- Executes dropped EXE
PID:2532
-
-
C:\Windows\System\sjCwBXt.exeC:\Windows\System\sjCwBXt.exe2⤵
- Executes dropped EXE
PID:2808
-
-
C:\Windows\System\ybeuwjh.exeC:\Windows\System\ybeuwjh.exe2⤵
- Executes dropped EXE
PID:2852
-
-
C:\Windows\System\zCtlhRN.exeC:\Windows\System\zCtlhRN.exe2⤵
- Executes dropped EXE
PID:2912
-
-
C:\Windows\System\jvHntHS.exeC:\Windows\System\jvHntHS.exe2⤵
- Executes dropped EXE
PID:2208
-
-
C:\Windows\System\jkwrxkP.exeC:\Windows\System\jkwrxkP.exe2⤵
- Executes dropped EXE
PID:2668
-
-
C:\Windows\System\cGsoKFR.exeC:\Windows\System\cGsoKFR.exe2⤵
- Executes dropped EXE
PID:2944
-
-
C:\Windows\System\vWqAorH.exeC:\Windows\System\vWqAorH.exe2⤵
- Executes dropped EXE
PID:2892
-
-
C:\Windows\System\xlEPEAP.exeC:\Windows\System\xlEPEAP.exe2⤵
- Executes dropped EXE
PID:1708
-
-
C:\Windows\System\xCMXfsp.exeC:\Windows\System\xCMXfsp.exe2⤵
- Executes dropped EXE
PID:2084
-
-
C:\Windows\System\bxFLcOc.exeC:\Windows\System\bxFLcOc.exe2⤵
- Executes dropped EXE
PID:2680
-
-
C:\Windows\System\lMQaDdJ.exeC:\Windows\System\lMQaDdJ.exe2⤵
- Executes dropped EXE
PID:1972
-
-
C:\Windows\System\xBWslNS.exeC:\Windows\System\xBWslNS.exe2⤵
- Executes dropped EXE
PID:2172
-
-
C:\Windows\System\ijnFSfW.exeC:\Windows\System\ijnFSfW.exe2⤵
- Executes dropped EXE
PID:1932
-
-
C:\Windows\System\aYNEBdE.exeC:\Windows\System\aYNEBdE.exe2⤵
- Executes dropped EXE
PID:2752
-
-
C:\Windows\System\XgffJxT.exeC:\Windows\System\XgffJxT.exe2⤵
- Executes dropped EXE
PID:2332
-
-
C:\Windows\System\hTaXfGq.exeC:\Windows\System\hTaXfGq.exe2⤵
- Executes dropped EXE
PID:1196
-
-
C:\Windows\System\maOQgwR.exeC:\Windows\System\maOQgwR.exe2⤵
- Executes dropped EXE
PID:2904
-
-
C:\Windows\System\ostxXlA.exeC:\Windows\System\ostxXlA.exe2⤵
- Executes dropped EXE
PID:2976
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD5930d7e8e91e8a0c1219cd617278204fa
SHA1a05158124bb4ed9a8d92ca5d4e6c16070aaa0aa1
SHA25664c53379a40fa62f37504ea5c37e240baec1847ef92b19945a876cd1c231e54a
SHA512554d11eb0c117ab98bd54d69e080a5e4f73afe170eac2da7668715ee5d053d02b5df8b27427a527852ae54d4ab3c41dd9295d6e488f2453f3a0ce66fe4270e6a
-
Filesize
5.9MB
MD56e1a614582d6e5efea223bfdb3fbd7e2
SHA1a21c81c18b54215dcbe65604b50b5feaa3595e86
SHA25652c77bc2b44747621a05f2623f25c26299df92976dac302aca663f8592d30fae
SHA512ed0da5f241cc331a8aa9d62d118593624b11865914907446ef713d2502e11d4744c7b634c95901a25d75b3e1116d4e15c1d5d81c48753a14a8f43554a877ea10
-
Filesize
5.9MB
MD54ff4984efe94a3d37a141f94d6dd9c40
SHA1f0c5d7b5d11bb46f38b510714b4757de2ddda6c9
SHA256a9d55f45c753449e5ba4d5594ac24dd52171c0bff23cd411af4fdd74e2c555a8
SHA512668d0279504b0ee50aceea8b050eae730ca8e8ea2782f5e08e090381744b54e7b6a626b4804edc6fe867762a85f6ade6be38ac6835c5c9911394d9a254354323
-
Filesize
5.9MB
MD57e8afde485baf31689609efddf07c33f
SHA146f6f278c8ea57653eb928c45aec1c27e38af139
SHA25672b95a569f50027d1b63dc29658b2768156644468e82ac8132dc8d7b994631b9
SHA512bb58df5db1d57a536ff42a6d521be8d11daae8d7357f50732311dfcd8c080ca915700f2c59e217d16847e0081d55cfdc61922e5cbc8dbccedd833ba345190612
-
Filesize
5.9MB
MD58de1b0bc90f3e7d56b5619d69723880b
SHA10185f5e85e00e92a3cb87606601f83069d1e0eea
SHA256e6d90c18b1c45ff6e23cb99843646b611a6d7c4ac799b450467457e27741697a
SHA5127d565803b02ed66f1dbdeee85c71b33892a4787ec1d0dd7248fe3ae503b4511db1d34dfb0e134f7c09350363ef1da5772df71eed5717a8f2d8e48cb0ec32b65e
-
Filesize
5.9MB
MD5be6d47993f423fbafca4eda7ade4a25b
SHA130f5d922e66550500e9b16ae3da962bf7170e08a
SHA256f80ead8a69551c7f0a12757aa5cd6ce8f34487b9dca1b933cd6883354429a671
SHA512edfb05574d77194368199e1a95d79a0e07dd0c8c101543753eb47981c95f0735452c09f6309f06b883628970a363afd16c40127c8b842c30e4564231451e62e6
-
Filesize
5.9MB
MD5f700dad73d9fd011b4832ca6973f52d0
SHA11e086dece80b644c338b29a6c82c2be3f6685df5
SHA25662000c5b55a5ede909f6b4fa59be80458824265e725bc60c8d8c33343853a020
SHA51247148258edf932e1c20e48b7d8a0d1bff52228f0aadddf6231f44b96a82260a4ca42ae3ac85263dd06e0527fe3bf5ea453b404d9c51da188eb5bf9688c2b1d24
-
Filesize
5.9MB
MD51942858845c616b276c18fea57b91ab2
SHA1ac1dad18457b88e0847f213d0cf33dddef3f6fa3
SHA256ca4acb712c663cb05afc09e3c406e7af3ecda63b162bd69b408b5f75356c33e3
SHA51221b2db86502f20f894ea686601643fb9de5d64d2bfa2735815ab218181b80760be9fa4ffc6017dd5f6347c4d61c51e87ffa25a86b0a37ced6e1ae840a21de351
-
Filesize
5.9MB
MD5deef49fef1bda3717b2b6002d89a6cd8
SHA1d9f785fdb058d6759a367461e9321ef13e314166
SHA25649d8a63dba94d87a18723515fdb570ae52467116786c07f57852265a50c301ce
SHA5123d5831a4db367fa0ee9747919e03355bb0c0ab8f7c9e02b3cb997f87d820d7c6bb94050e746488117df602f2dfb9a84dfb465a5c93e0e9fb9d7bfae755b827c8
-
Filesize
5.9MB
MD58b4ea0b0e66db5778e9ee9c359c5f428
SHA1f94d024a7c67b5cdb130138327cb7d9b188cd5c0
SHA256e63977f841072c0832d7b9b3ffb5c2f5b5c8f92e8d62b29bfe4e84b3b362d57f
SHA5124add58c9e2c1d078ba9aac3b4b6e0d7584802fc35fb9a1dc159b38d8e375ef1d9b97e9a46cef938ed4d7cc7e07fbebd106495d7c22fd02a68ddced21f6d2467e
-
Filesize
5.9MB
MD5dc4bd519e5145aa08cb348f94d26c8c2
SHA1c10a384ffdb81aff62b95db3b68c50231ca7a37d
SHA2561b058db252e513b272bc670a3e30f332677830ed14c287b500e911ac7cb3fede
SHA5122f456e06b7c38270ad8f8dc69edeb2bb22b094f98214e55d05735711e79a8e8408478e060842ea163f6f04ed1322bea412fd813c977e7f15d4511dc0707ff5b2
-
Filesize
5.9MB
MD50e3ed9a9aa9d63be5effd7269db3f51f
SHA14d86d77e0db0e8f72577ab29ff1a62a15892b10b
SHA256f51614b985da19e4191e395702e1ecb090d2283541684da5b9a8e7b5363d2323
SHA512dade94df301306ed2539d8fa1fc0c5ae2bdba8d6eef77f6c1cb855bf7c55f1a7618fa9f1e63335bb8fa01923651b8512f048f655cd30c8ba297d6d31f0b032f4
-
Filesize
5.9MB
MD5951d3ba945e049e67b175e0c8b1ac65d
SHA19cac3f5e9f076ebb39701116d761ed0dc9891b28
SHA256edd39ed5a99ed774d15dc560995f35fa2b970f39de5676846a1a8c0da29014fe
SHA5128cd4c0f53a5bd1d4d9087fdd00d20c6b998cba5ea3c0e8c42c61a8560f0f6b04981a9acf2b450c06334af5ea2c7bd49a3a019457a74585b5222da7274be5b880
-
Filesize
5.9MB
MD50b31011328c580e0ab3744004ad1a6f0
SHA1954484f68964b24608053e677410a68b0ebc9b45
SHA256b77df57dc87a1969de8f93391c6baba23c12e53a62886846acf6d33539f55e05
SHA51291b2f90def507932c6dc8882abd140eeb6712b945546693fe016593ba0f673114c4e60d28ae729ec15a5bd3b1ea62eb7bacd19e45ae32dd03060991dd39236a8
-
Filesize
5.9MB
MD59113c1d9c8211ff5fa38b89503dde6be
SHA1297029f81320b7b86e31943f4534c9f21b1b37c1
SHA25643b3206ff8d7cdac8b236ad51c019d2cdc1382391e745faece2857ba7818cdb5
SHA5127f58c00b699a434ce696304a718f25f3e713acd4519ad5087547460ae955d3b81621b1eef7d4829b4a7764f7fb7de09610facdf4b8e734a6ac4eec0243cdd8d6
-
Filesize
5.9MB
MD542322f7445b50f5db96b1264fd366952
SHA1d4956a0065bce43c35030a61a9b16a6798be5717
SHA256277e82a63efe3b78e7a55f2538b895a73e0119cb52d64112967eb6d66c6bc770
SHA5127db0a046ad7e955512d0290cd4d81d96fb31f7ec425f2cc93e3db3baf46835b162a67e6ca7326ff2c9f1d5a16ef2c7f6e83708cf5bf84032055009b851fc17eb
-
Filesize
5.9MB
MD570e355b3e3d388bd13a1e645d6e21761
SHA1e02f4e8b73dece7064bb182a77a00999e6db076e
SHA25601da36ac89d05ad42dab7fdab7bad61d2e62f1ec832c4b70d7839186a8e24f3c
SHA512b1ea5bcc67706a87533366d7d3fbdc6dd5ff240218a46f444b6a970ccf77cc2c3d52cf8b6a44e2f00e12badfa8e1750a2301e7ae1d349dcbd7e3032c4afc6c2e
-
Filesize
5.9MB
MD54e10b50c9fd23119f9479e8abd3130b4
SHA1d95aa1152939a40483306e5d08f1a8c417730254
SHA256fb2d9b7bc44d0e498b232ec309959a5c903af7dfda5264c130d58130c4aa6aa1
SHA512cf2e84825856b5b2a4f0a648e94280a6d092c1a472cdc02e2ecf72133b8e6b9c06e2a616ce04c9d9e475f762895e9dd989ed96d929d6c64177c1365cbeaa8518
-
Filesize
5.9MB
MD53619db178033144f0bbe44984f638a55
SHA154b8668757b05c7fc3d09397f184bf6a47219673
SHA256bedab5b2781960f02cac681d88001df185c1821afe3a91cd6c50900857778e40
SHA512d429e17c332ecbda40147b7d5148f45466dbcd4b8d2ca3902e18919f734096d263ca47bb91bbbfccf7fcde2bc26cc5eb504dc90708991ff48b6d3c25091373cd
-
Filesize
5.9MB
MD55d02e6b0fee44d15de85596d62bdfaf1
SHA11f2a21b7b78a56c89efe95c7836449f3ef52c0d0
SHA25699f82fec37608b9a612d8885791a9aa1b1dab318c4d5ba9ea3671d22cd390308
SHA512d2bb96a584287b06a7399fa3904ec870cecc07169ece9c5ef7b00f9d75edb635714de48e22038ad8ec9fddbd1353caba307c47d934d50f5aa71bf36b78823eff
-
Filesize
5.9MB
MD55f313ed858543fe06e2d9f46f11b711c
SHA187737c2c3e525534445bfa3070162f10e5eb7989
SHA2565dbffb2f77d2cc750ac7f2cf68cb55b491647804ea3f1f8fc20db04271a55459
SHA51209edee560a41165a224adbba680ec12996c461a631320e99ab177ef5672193d22c458eadb50002cf9bc2ab31f7aed41586ecdbf59413637077e204b9fac19703