Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
14/08/2024, 21:04
Behavioral task
behavioral1
Sample
2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240704-en
General
-
Target
2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.2MB
-
MD5
5bc627c80faf460469241d61a37ae05b
-
SHA1
09d335c2a20422d71e074b2141c240c459a66d94
-
SHA256
15d6830b17a879ee36eb4f14ea6e9597480679b897b0262a7c4b53f232b59fe5
-
SHA512
6439460d667f3b3e8510ad2754225bbfee1324a6cd429b7a77db40d896565ea255dba752b574aa87e3d7ff981b79be7f4dbaa5970aa558fced160c8a738b0f95
-
SSDEEP
49152:ROdWCCi7/raA56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l8:RWWBibj56utgpPFotBER/mQ32lUQ
Malware Config
Extracted
cobaltstrike
0
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
beacon_type
256
-
create_remote_thread
768
-
crypto_scheme
256
-
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 21 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule behavioral1/files/0x00080000000120ff-3.dat cobalt_reflective_dll behavioral1/files/0x0007000000015d56-15.dat cobalt_reflective_dll behavioral1/files/0x0007000000015d62-29.dat cobalt_reflective_dll behavioral1/files/0x0007000000015d34-20.dat cobalt_reflective_dll behavioral1/files/0x0008000000015d13-18.dat cobalt_reflective_dll behavioral1/files/0x0007000000015d6a-37.dat cobalt_reflective_dll behavioral1/files/0x0006000000018f45-102.dat cobalt_reflective_dll behavioral1/files/0x0006000000018c0c-101.dat cobalt_reflective_dll behavioral1/files/0x00060000000190d2-98.dat cobalt_reflective_dll behavioral1/files/0x000600000001902d-90.dat cobalt_reflective_dll behavioral1/files/0x0006000000018c18-84.dat cobalt_reflective_dll behavioral1/files/0x0005000000018784-74.dat cobalt_reflective_dll behavioral1/files/0x0014000000018655-69.dat cobalt_reflective_dll behavioral1/files/0x000d000000018660-66.dat cobalt_reflective_dll behavioral1/files/0x00060000000174a8-58.dat cobalt_reflective_dll behavioral1/files/0x0006000000017562-57.dat cobalt_reflective_dll behavioral1/files/0x000800000001657e-50.dat cobalt_reflective_dll behavioral1/files/0x00050000000191c6-112.dat cobalt_reflective_dll behavioral1/files/0x00060000000190c0-106.dat cobalt_reflective_dll behavioral1/files/0x0005000000018679-80.dat cobalt_reflective_dll behavioral1/files/0x0009000000015d7b-45.dat cobalt_reflective_dll -
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
XMRig Miner payload 35 IoCs
resource yara_rule behavioral1/memory/2796-24-0x000000013F030000-0x000000013F381000-memory.dmp xmrig behavioral1/memory/2104-23-0x000000013FF50000-0x00000001402A1000-memory.dmp xmrig behavioral1/memory/2856-11-0x000000013F6E0000-0x000000013FA31000-memory.dmp xmrig behavioral1/memory/1628-117-0x000000013F280000-0x000000013F5D1000-memory.dmp xmrig behavioral1/memory/2588-116-0x000000013F680000-0x000000013F9D1000-memory.dmp xmrig behavioral1/memory/1628-133-0x000000013F680000-0x000000013F9D1000-memory.dmp xmrig behavioral1/memory/2696-83-0x000000013F770000-0x000000013FAC1000-memory.dmp xmrig behavioral1/memory/2248-64-0x000000013F2E0000-0x000000013F631000-memory.dmp xmrig behavioral1/memory/2912-139-0x000000013FAC0000-0x000000013FE11000-memory.dmp xmrig behavioral1/memory/1628-134-0x000000013F680000-0x000000013F9D1000-memory.dmp xmrig behavioral1/memory/1668-150-0x000000013F4C0000-0x000000013F811000-memory.dmp xmrig behavioral1/memory/3056-148-0x000000013F310000-0x000000013F661000-memory.dmp xmrig behavioral1/memory/2872-146-0x000000013FDD0000-0x0000000140121000-memory.dmp xmrig behavioral1/memory/2096-144-0x000000013FF70000-0x00000001402C1000-memory.dmp xmrig behavioral1/memory/2264-142-0x000000013F0E0000-0x000000013F431000-memory.dmp xmrig behavioral1/memory/2220-141-0x000000013FE90000-0x00000001401E1000-memory.dmp xmrig behavioral1/memory/2668-140-0x000000013F9A0000-0x000000013FCF1000-memory.dmp xmrig behavioral1/memory/2764-149-0x000000013FD80000-0x00000001400D1000-memory.dmp xmrig behavioral1/memory/2288-156-0x000000013FD20000-0x0000000140071000-memory.dmp xmrig behavioral1/memory/2516-155-0x000000013FEB0000-0x0000000140201000-memory.dmp xmrig behavioral1/memory/2760-154-0x000000013F200000-0x000000013F551000-memory.dmp xmrig behavioral1/memory/2532-153-0x000000013F0B0000-0x000000013F401000-memory.dmp xmrig behavioral1/memory/2524-152-0x000000013FDB0000-0x0000000140101000-memory.dmp xmrig behavioral1/memory/2708-151-0x000000013F280000-0x000000013F5D1000-memory.dmp xmrig behavioral1/memory/1628-157-0x000000013F680000-0x000000013F9D1000-memory.dmp xmrig behavioral1/memory/2856-202-0x000000013F6E0000-0x000000013FA31000-memory.dmp xmrig behavioral1/memory/2104-206-0x000000013FF50000-0x00000001402A1000-memory.dmp xmrig behavioral1/memory/2796-205-0x000000013F030000-0x000000013F381000-memory.dmp xmrig behavioral1/memory/1668-209-0x000000013F4C0000-0x000000013F811000-memory.dmp xmrig behavioral1/memory/2912-210-0x000000013FAC0000-0x000000013FE11000-memory.dmp xmrig behavioral1/memory/2220-212-0x000000013FE90000-0x00000001401E1000-memory.dmp xmrig behavioral1/memory/2668-214-0x000000013F9A0000-0x000000013FCF1000-memory.dmp xmrig behavioral1/memory/2248-216-0x000000013F2E0000-0x000000013F631000-memory.dmp xmrig behavioral1/memory/2696-218-0x000000013F770000-0x000000013FAC1000-memory.dmp xmrig behavioral1/memory/2588-220-0x000000013F680000-0x000000013F9D1000-memory.dmp xmrig -
Executes dropped EXE 21 IoCs
pid Process 2856 hzUYrSg.exe 2104 HueECcs.exe 2796 lbiwyXX.exe 1668 mvGnTaU.exe 2912 QliQpVJ.exe 2668 WXJfaJi.exe 2220 ngcAVtS.exe 2248 wVFKsjz.exe 2696 LDExCJZ.exe 2588 HdMTmEf.exe 2764 riXNPPo.exe 2524 xhatQTk.exe 2760 lGCgJNb.exe 2288 jAIKwuf.exe 2264 ThtScjb.exe 2096 JxTPJYi.exe 2872 HFisDfW.exe 3056 olVwuWL.exe 2708 PHqWRzH.exe 2532 ERFWURk.exe 2516 MCUeisu.exe -
Loads dropped DLL 21 IoCs
pid Process 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe -
resource yara_rule behavioral1/memory/1628-0-0x000000013F680000-0x000000013F9D1000-memory.dmp upx behavioral1/files/0x00080000000120ff-3.dat upx behavioral1/files/0x0007000000015d56-15.dat upx behavioral1/memory/1668-28-0x000000013F4C0000-0x000000013F811000-memory.dmp upx behavioral1/files/0x0007000000015d62-29.dat upx behavioral1/memory/2796-24-0x000000013F030000-0x000000013F381000-memory.dmp upx behavioral1/memory/2104-23-0x000000013FF50000-0x00000001402A1000-memory.dmp upx behavioral1/files/0x0007000000015d34-20.dat upx behavioral1/files/0x0008000000015d13-18.dat upx behavioral1/memory/2856-11-0x000000013F6E0000-0x000000013FA31000-memory.dmp upx behavioral1/memory/2912-36-0x000000013FAC0000-0x000000013FE11000-memory.dmp upx behavioral1/files/0x0007000000015d6a-37.dat upx behavioral1/files/0x0006000000018f45-102.dat upx behavioral1/files/0x0006000000018c0c-101.dat upx behavioral1/files/0x00060000000190d2-98.dat upx behavioral1/files/0x000600000001902d-90.dat upx behavioral1/files/0x0006000000018c18-84.dat upx behavioral1/files/0x0005000000018784-74.dat upx behavioral1/files/0x0014000000018655-69.dat upx behavioral1/files/0x000d000000018660-66.dat upx behavioral1/files/0x00060000000174a8-58.dat upx behavioral1/files/0x0006000000017562-57.dat upx behavioral1/files/0x000800000001657e-50.dat upx behavioral1/memory/2588-116-0x000000013F680000-0x000000013F9D1000-memory.dmp upx behavioral1/memory/1628-133-0x000000013F680000-0x000000013F9D1000-memory.dmp upx behavioral1/files/0x00050000000191c6-112.dat upx behavioral1/files/0x00060000000190c0-106.dat upx behavioral1/memory/2696-83-0x000000013F770000-0x000000013FAC1000-memory.dmp upx behavioral1/files/0x0005000000018679-80.dat upx behavioral1/memory/2248-64-0x000000013F2E0000-0x000000013F631000-memory.dmp upx behavioral1/memory/2220-47-0x000000013FE90000-0x00000001401E1000-memory.dmp upx behavioral1/memory/2668-46-0x000000013F9A0000-0x000000013FCF1000-memory.dmp upx behavioral1/files/0x0009000000015d7b-45.dat upx behavioral1/memory/2912-139-0x000000013FAC0000-0x000000013FE11000-memory.dmp upx behavioral1/memory/1628-134-0x000000013F680000-0x000000013F9D1000-memory.dmp upx behavioral1/memory/1668-150-0x000000013F4C0000-0x000000013F811000-memory.dmp upx behavioral1/memory/3056-148-0x000000013F310000-0x000000013F661000-memory.dmp upx behavioral1/memory/2872-146-0x000000013FDD0000-0x0000000140121000-memory.dmp upx behavioral1/memory/2096-144-0x000000013FF70000-0x00000001402C1000-memory.dmp upx behavioral1/memory/2264-142-0x000000013F0E0000-0x000000013F431000-memory.dmp upx behavioral1/memory/2220-141-0x000000013FE90000-0x00000001401E1000-memory.dmp upx behavioral1/memory/2668-140-0x000000013F9A0000-0x000000013FCF1000-memory.dmp upx behavioral1/memory/2764-149-0x000000013FD80000-0x00000001400D1000-memory.dmp upx behavioral1/memory/2288-156-0x000000013FD20000-0x0000000140071000-memory.dmp upx behavioral1/memory/2516-155-0x000000013FEB0000-0x0000000140201000-memory.dmp upx behavioral1/memory/2760-154-0x000000013F200000-0x000000013F551000-memory.dmp upx behavioral1/memory/2532-153-0x000000013F0B0000-0x000000013F401000-memory.dmp upx behavioral1/memory/2524-152-0x000000013FDB0000-0x0000000140101000-memory.dmp upx behavioral1/memory/2708-151-0x000000013F280000-0x000000013F5D1000-memory.dmp upx behavioral1/memory/1628-157-0x000000013F680000-0x000000013F9D1000-memory.dmp upx behavioral1/memory/2856-202-0x000000013F6E0000-0x000000013FA31000-memory.dmp upx behavioral1/memory/2104-206-0x000000013FF50000-0x00000001402A1000-memory.dmp upx behavioral1/memory/2796-205-0x000000013F030000-0x000000013F381000-memory.dmp upx behavioral1/memory/1668-209-0x000000013F4C0000-0x000000013F811000-memory.dmp upx behavioral1/memory/2912-210-0x000000013FAC0000-0x000000013FE11000-memory.dmp upx behavioral1/memory/2220-212-0x000000013FE90000-0x00000001401E1000-memory.dmp upx behavioral1/memory/2668-214-0x000000013F9A0000-0x000000013FCF1000-memory.dmp upx behavioral1/memory/2248-216-0x000000013F2E0000-0x000000013F631000-memory.dmp upx behavioral1/memory/2696-218-0x000000013F770000-0x000000013FAC1000-memory.dmp upx behavioral1/memory/2588-220-0x000000013F680000-0x000000013F9D1000-memory.dmp upx -
Drops file in Windows directory 21 IoCs
description ioc Process File created C:\Windows\System\HFisDfW.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\HueECcs.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\JxTPJYi.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\LDExCJZ.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\xhatQTk.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\lGCgJNb.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\MCUeisu.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\lbiwyXX.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\mvGnTaU.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\PHqWRzH.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\ngcAVtS.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\olVwuWL.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\ERFWURk.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\ThtScjb.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\wVFKsjz.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\HdMTmEf.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\riXNPPo.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\jAIKwuf.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\hzUYrSg.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\QliQpVJ.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe File created C:\Windows\System\WXJfaJi.exe 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe -
Suspicious use of WriteProcessMemory 63 IoCs
description pid Process procid_target PID 1628 wrote to memory of 2856 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 29 PID 1628 wrote to memory of 2856 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 29 PID 1628 wrote to memory of 2856 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 29 PID 1628 wrote to memory of 2104 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 30 PID 1628 wrote to memory of 2104 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 30 PID 1628 wrote to memory of 2104 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 30 PID 1628 wrote to memory of 2796 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 31 PID 1628 wrote to memory of 2796 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 31 PID 1628 wrote to memory of 2796 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 31 PID 1628 wrote to memory of 1668 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 32 PID 1628 wrote to memory of 1668 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 32 PID 1628 wrote to memory of 1668 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 32 PID 1628 wrote to memory of 2912 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 33 PID 1628 wrote to memory of 2912 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 33 PID 1628 wrote to memory of 2912 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 33 PID 1628 wrote to memory of 2668 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 34 PID 1628 wrote to memory of 2668 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 34 PID 1628 wrote to memory of 2668 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 34 PID 1628 wrote to memory of 2220 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 35 PID 1628 wrote to memory of 2220 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 35 PID 1628 wrote to memory of 2220 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 35 PID 1628 wrote to memory of 2264 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 36 PID 1628 wrote to memory of 2264 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 36 PID 1628 wrote to memory of 2264 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 36 PID 1628 wrote to memory of 2248 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 37 PID 1628 wrote to memory of 2248 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 37 PID 1628 wrote to memory of 2248 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 37 PID 1628 wrote to memory of 2096 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 38 PID 1628 wrote to memory of 2096 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 38 PID 1628 wrote to memory of 2096 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 38 PID 1628 wrote to memory of 2696 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 39 PID 1628 wrote to memory of 2696 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 39 PID 1628 wrote to memory of 2696 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 39 PID 1628 wrote to memory of 2872 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 40 PID 1628 wrote to memory of 2872 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 40 PID 1628 wrote to memory of 2872 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 40 PID 1628 wrote to memory of 2588 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 41 PID 1628 wrote to memory of 2588 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 41 PID 1628 wrote to memory of 2588 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 41 PID 1628 wrote to memory of 3056 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 42 PID 1628 wrote to memory of 3056 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 42 PID 1628 wrote to memory of 3056 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 42 PID 1628 wrote to memory of 2764 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 43 PID 1628 wrote to memory of 2764 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 43 PID 1628 wrote to memory of 2764 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 43 PID 1628 wrote to memory of 2708 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 44 PID 1628 wrote to memory of 2708 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 44 PID 1628 wrote to memory of 2708 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 44 PID 1628 wrote to memory of 2524 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 45 PID 1628 wrote to memory of 2524 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 45 PID 1628 wrote to memory of 2524 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 45 PID 1628 wrote to memory of 2532 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 46 PID 1628 wrote to memory of 2532 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 46 PID 1628 wrote to memory of 2532 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 46 PID 1628 wrote to memory of 2760 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 47 PID 1628 wrote to memory of 2760 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 47 PID 1628 wrote to memory of 2760 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 47 PID 1628 wrote to memory of 2516 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 48 PID 1628 wrote to memory of 2516 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 48 PID 1628 wrote to memory of 2516 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 48 PID 1628 wrote to memory of 2288 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 49 PID 1628 wrote to memory of 2288 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 49 PID 1628 wrote to memory of 2288 1628 2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe 49
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-14_5bc627c80faf460469241d61a37ae05b_cobalt-strike_cobaltstrike_poet-rat.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\System\hzUYrSg.exeC:\Windows\System\hzUYrSg.exe2⤵
- Executes dropped EXE
PID:2856
-
-
C:\Windows\System\HueECcs.exeC:\Windows\System\HueECcs.exe2⤵
- Executes dropped EXE
PID:2104
-
-
C:\Windows\System\lbiwyXX.exeC:\Windows\System\lbiwyXX.exe2⤵
- Executes dropped EXE
PID:2796
-
-
C:\Windows\System\mvGnTaU.exeC:\Windows\System\mvGnTaU.exe2⤵
- Executes dropped EXE
PID:1668
-
-
C:\Windows\System\QliQpVJ.exeC:\Windows\System\QliQpVJ.exe2⤵
- Executes dropped EXE
PID:2912
-
-
C:\Windows\System\WXJfaJi.exeC:\Windows\System\WXJfaJi.exe2⤵
- Executes dropped EXE
PID:2668
-
-
C:\Windows\System\ngcAVtS.exeC:\Windows\System\ngcAVtS.exe2⤵
- Executes dropped EXE
PID:2220
-
-
C:\Windows\System\ThtScjb.exeC:\Windows\System\ThtScjb.exe2⤵
- Executes dropped EXE
PID:2264
-
-
C:\Windows\System\wVFKsjz.exeC:\Windows\System\wVFKsjz.exe2⤵
- Executes dropped EXE
PID:2248
-
-
C:\Windows\System\JxTPJYi.exeC:\Windows\System\JxTPJYi.exe2⤵
- Executes dropped EXE
PID:2096
-
-
C:\Windows\System\LDExCJZ.exeC:\Windows\System\LDExCJZ.exe2⤵
- Executes dropped EXE
PID:2696
-
-
C:\Windows\System\HFisDfW.exeC:\Windows\System\HFisDfW.exe2⤵
- Executes dropped EXE
PID:2872
-
-
C:\Windows\System\HdMTmEf.exeC:\Windows\System\HdMTmEf.exe2⤵
- Executes dropped EXE
PID:2588
-
-
C:\Windows\System\olVwuWL.exeC:\Windows\System\olVwuWL.exe2⤵
- Executes dropped EXE
PID:3056
-
-
C:\Windows\System\riXNPPo.exeC:\Windows\System\riXNPPo.exe2⤵
- Executes dropped EXE
PID:2764
-
-
C:\Windows\System\PHqWRzH.exeC:\Windows\System\PHqWRzH.exe2⤵
- Executes dropped EXE
PID:2708
-
-
C:\Windows\System\xhatQTk.exeC:\Windows\System\xhatQTk.exe2⤵
- Executes dropped EXE
PID:2524
-
-
C:\Windows\System\ERFWURk.exeC:\Windows\System\ERFWURk.exe2⤵
- Executes dropped EXE
PID:2532
-
-
C:\Windows\System\lGCgJNb.exeC:\Windows\System\lGCgJNb.exe2⤵
- Executes dropped EXE
PID:2760
-
-
C:\Windows\System\MCUeisu.exeC:\Windows\System\MCUeisu.exe2⤵
- Executes dropped EXE
PID:2516
-
-
C:\Windows\System\jAIKwuf.exeC:\Windows\System\jAIKwuf.exe2⤵
- Executes dropped EXE
PID:2288
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.2MB
MD5fde495e7555101c1e06df7e3060b1fd3
SHA1856e552a134af3639d0e279a63adb39e13eb7b09
SHA2565d2ff19ce60ba5002a95145e659e522c4e7097d55e64dc9236f991f32120d121
SHA5120dcc09e39261db3aabd543cac8ebf66a1ec60255bd15032c7ed453284018c20a8e271640dfa02af1470125229c946723a509fdb8b679da55a2e8f8abaebc0b69
-
Filesize
5.2MB
MD5ddca784f53b9f9a4b3be097fe7f3f647
SHA175f55617498f590019e2b7cdea688090e4558b79
SHA256f031127a0507cfc99b8451e6a99aef3703e436ca094325a666ed0c12872259ba
SHA5129d12a595119168d9a746dd152ad878c15108a2ab1738c8ec4339dd4343ff9d28b395766d6f3cb19dbd636a29c6216c134d474094541df771769aa14f69e6dbea
-
Filesize
5.2MB
MD58bd149b39db32442a747e416bc44d32d
SHA121f2b6732728877e14d4ac8c27b8bb3eed30e19a
SHA256fcebb720570ea0f70b9f56b391c3873cd228b787096eb6999f520cc707d14ee7
SHA512cab3d6a53001e064bbc1939bfb8a2d33c331e14de8d152d36562f475497a016dfe2f7bc7216ccbbb76677be792c09434adc802bd1f338b21a0a4d66232eed0e7
-
Filesize
5.2MB
MD5966d489e647681e9f630ece01a2318d0
SHA17dfdf92c3ccc471322cc4c742f9d0d95feece552
SHA2567bb619a809d3912cb4015977858930989bc35c906b3fb22d69bb5f91c5d84e02
SHA5123314d2b4f0cfc38bdc9f137b38c9ec60f25c82410a2fd3bd4f6b2036d0edaf3f3c23ac9c0f710ac8f663a52f76b2d3ae9b34824e26cf3bf7f56876c8258b1573
-
Filesize
5.2MB
MD5edb783f0c3e173fedc567e701ce822fd
SHA1863acbdeb5c85f84a35f8d7e2edf5d31a551e301
SHA256f26c9f80efa532ab2acb6afc86a36561caae42d6b1cb2f3a922ebf2430ed1f6b
SHA512a4fe7c215124a5db4e446f16ccccb9ef1f9f1445a272afb3f8c52d093b789ce600cfdfb400018967fe9fc7f76619e4005b1238f663b458f2ece8ca596149defd
-
Filesize
5.2MB
MD5a37b91985b005ef7ed849969d30f0ab2
SHA18c4c13e504e64c1dc2eebc04fd3d6563b690f91d
SHA256277eb02ec285f483346661eb2ae658b8fab439144b2e5ce04be1efa411658407
SHA512c98a79d5ae0f1cfdcd525a14a29335947e6d0ec737d30210b9e0d23143153ed7eb7770c3d75927e660732a449bf2d5aa1b7895edca4c93d0646577047727e596
-
Filesize
5.2MB
MD5f3b7e26fad643c4e6a5f91298c73c40a
SHA19352663571545378a9cd896376da836b9510a2d2
SHA2567586d8d3809150a1a9d6146af233bfc76ab7739f09bb27da7444be0863fb6b46
SHA512ffe761b4d7f37b596bcb4064682a9a37a4d73c98a238cf5c6f9a75a47bc14ff36a09f1d9e6e958decba1a39f1360629aee92f7691248552fec0454d7f1c287f9
-
Filesize
5.2MB
MD5bef6b3dac9df6cd90d38ac22f486ac19
SHA10f38eae0bafe49445787fc31a7e8c8856270f3a1
SHA256718aa8b01f1d609a2deb18059dc50040f95206b92d7acab23570b401083c6033
SHA51229c1b502d0fc567f622b80a43badce6c9968e016068b1c1441533efaa7509e4df14bbd001c6b50fc408706fdc486c97c30d7f23e2a795b8d71a1626256c241bc
-
Filesize
5.2MB
MD59bb307b44a47d1b80be313bd0484b577
SHA18c2d89c726a328b6a3a6524a8822c9fa0fe81311
SHA25639a1f963f68f5a64b3034fc5bea4fae4d0336a10fc91f36241d3e62b968964eb
SHA51224a5b4548ae87c64def9867daef1b2a93cfec24ef63c223ddfe47fba19564b686d53de3ce0106b862ae57e146790f7884f696f8f51dbd2b4941fdcebc1a53d51
-
Filesize
5.2MB
MD536933b75a81d78c2245c3f22721daabc
SHA1a8bad0c0d0dc0c1617b1c53b9b471ceaa9e2bbe8
SHA256307db04e6bf9372c5db806361f3e462c85e5224479d3614a236452a6b97fecc1
SHA512ba0aa6dd40adc4715099dd5e33c8b30b16418f18f2475841d39fc8864661b72f6f0cf95d7cbfedc108cf5c3f82c4bdbf027f67df0f3aa9f1c8e885d4b4ff501f
-
Filesize
5.2MB
MD5b32122aa79ccabc3b1e2fb1b2a3dc135
SHA17cbd03494e3aec0eaec78b4f7b7d15157d0eaf63
SHA2565d9dc92b0fdef0f3de4332a4eb649aed78800c3f7caa109846d2ed85be1e405c
SHA512adb5f58e92699ec46668faed78288eb4e32c40732a9442043a1d2e05d4a4b5e658f350e8d7aef533f5e31dbab6f8bc8d24112bb01a4016ff524c2e64368303e9
-
Filesize
5.2MB
MD5a1345752bf3f74335a3054541e84114b
SHA18534dfc33167cbcdaa7da1b87d369ed8274adeac
SHA2568a20d01ed78b2afdf821fa24bf378911dafc1d8139a5d17e6c241d97f975ef79
SHA512dfd943605f90ed86765af92182c1729aad7db24ba8b45a2fa92b7c84e109d6681b8d4ea631c05f89f27f57f9c916a7bc8da49ea33df966650e9b65fdb2d31a4d
-
Filesize
5.2MB
MD58033c72fbb0b35609c67f5942379ed63
SHA163ceb142ec42410d351dd14c42dae8562d33c20b
SHA2566423abb87fb46d82f4f669e94644f9e73616e88981f30f0aa78ec544b5df6f31
SHA512555efcf6b61bdea034c4035afda531813caf46992dcd2a8fe8ef64a640c97c273800902d69595be52ebe73991518383345344b402efe49cdbb90eeb4f54a9d40
-
Filesize
5.2MB
MD5993174cce772894629382608884797fc
SHA16b5d34b2cf333f70c7413a182937b06507264072
SHA256e7746c4917314bb50a706c291c6a1606cd6b32af48dae9355a4a0531e1a661ce
SHA51287ca0ac79cf4b26fed6cafabc868ed48abe2373396e73e8943df6b95310a5c679592a0e5934a99901d8e12ff1e8f8e58d97b67a9fe0566077b85390b2d02ddd9
-
Filesize
5.2MB
MD577da16db7bf9479d991385b594fa28a9
SHA1ecc52c9141b538a69eb88360973cfbc869c0f2eb
SHA256e1cd0f4b80cf0bff81a1f522b339d8c1e1be54744652a212a5df2262043f4db6
SHA512fe9e32964680ba00a81168e2a0f7e446446cd5c3ffe1768b451420b083f0750230041b3ef17aeece2441324206c529ff192aa4a09d714dbfe9b0d7dc8f7808a2
-
Filesize
5.2MB
MD5569c2e7312f0b1b29ff14efbfc3d07c9
SHA1de655258ea0088482b7f7947f2df79ce02817282
SHA25692c4c885c5345d180ddc076ded289ca33c49ccd395ef19eb899a732fe01a6f50
SHA5121f04855893c87e637559a31cc6b9672b695a68cffabe4044aa86b8e7ddf9e728fd45ed3aaa0ecd4d84747a8eae48dfc7c0ce2777b967cfde30a58bd86d3ae328
-
Filesize
5.2MB
MD5f9fb8a1ab744c2fb77c2c7540894dd37
SHA1b038665cc1c44f63ac87c2d72857f373783ccdb3
SHA25629d324b02d00de215b478fbeae95c1774f2a550c8cfd4377436130664d336e61
SHA5121d842d84bc6ac0db75a5c31c052c11e0f0c31995e2f643d25dac2b89721be4dfb9ba2d2cb819e25b3c558ac2b7a92070725bcee9e7aca9f5e8b4905c82f93773
-
Filesize
5.2MB
MD5b4fbb313c97ec9919da4af9982fbafad
SHA143d0eb95539d54190ffae91d4bc7e8fca5c111f0
SHA2560afd8e5f29d33a303b8a71785a1d71439b4a8c43f5bcd709189dcef399c60c3d
SHA512dc8a65b6c99ec51dab5a106547cd0b814076f897548ded7337e843dbae69d24e9f6695a6a997d8a2d1738b5eebf938714ce6f7ce511d02fe95a063bc9553d3d0
-
Filesize
5.2MB
MD5691985f9989b52930b8422b4293c798d
SHA1cbd38ec3262c3a6253c352798ba5b0d3f8979a33
SHA2566dff1ebdb41e5e4c459ceddfb6fc8cfa90e759150ed6af249400efee07098507
SHA5123d4b166e770cd6f27e313362261e2ab194b7fd3d04c8e041cf164c360487c338435ae37d7447006189282452ee125060957a63129582484f0ac0c384c7b2260a
-
Filesize
5.2MB
MD5dac290ced9b7f61ba53a7cbd803ab335
SHA161cb8ceeae5a785bca2e6cb027b38c33ac8b74dc
SHA25607660fd577373a0de31e669e8741372bcb7acc46685dfe7d3097796107907731
SHA512dd9bb0fd8b12e5bcabd6dc38f89532043595521c7d61f0cd0f7070931973cf1cc04e9d3521c0e9133bc2410f1cd9b8630a64e0dfe16c304e438abef8034ed547
-
Filesize
5.2MB
MD5e058b011a54d02c95272cc43847144bc
SHA1672193aa76def1ee83ce3f19c6dad17ea0b47ff0
SHA2564a4f3ab75571235de2bc09d45b810bd2b985859a416da2ca2f08dd60eafba3cd
SHA51236a2267ac4709149d8ecb79957f48b019e4a5d8237074f3d16351abec514e7af7430e9d5a6e5499cb016310892ac289b99d520452cb9285f4d7ea0eaebfc9ffc