hxxp://www[.]ximalaya[.]com

Analysis

max time kernel
86s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2023, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ximalaya.com

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1032	Ximalaya-3.3.5_99B_sc100002.exe

Loads dropped DLL 11 IoCs

pid	Process
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\ximalaya\locales\pl.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\sv.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\sw.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\library\better-sqlite3\build\Release\better_sqlite3.node	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\[email protected]	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\hr.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\it.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\sl.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\icudtl.dat	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\LICENSE.electron.txt	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\bg.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\fr.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\th.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\icon.png	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\[email protected]	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\d3dcompiler_47.dll	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\te.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\xiangsheng.ico	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\snapshot_blob.bin	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\es.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\hu.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\sr.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\sv.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\ta.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\libEGL.dll	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\vulkan-1.dll	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\el.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\es.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\fr.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\mr.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\clean-cache.exe	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\kn.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\ru.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\app-update.yml	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\library\fullscreen\prebuilds	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\et.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\fa.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\hi.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\santi.ico	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\library\fullscreen	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\LICENSES.chromium.html	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\ca.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\en-GB.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\pt-BR.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\ffmpeg.dll	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\chrome_100_percent.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\ar.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\pt-PT.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\[email protected]	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\vk_swiftshader_icd.json	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\he.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\ms.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\resources\config.json	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\resources\library\fullscreen\prebuilds\win32-ia32\electron.napi.node	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\[email protected]	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\locales\el.pak	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\xiuxianzhuan.ico	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\xiuxianzhuan.ico	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\resources\resources\tray-icons\icon.png	Ximalaya-3.3.5_99B_sc100002.exe
File created	C:\Program Files (x86)\ximalaya\icudtl.dat	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\da.pak	Ximalaya-3.3.5_99B_sc100002.exe
File opened for modification	C:\Program Files (x86)\ximalaya\locales\fil.pak	Ximalaya-3.3.5_99B_sc100002.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
4548	schtasks.exe
4316	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133237596308587100"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1512	chrome.exe
1512	chrome.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe
1032	Ximalaya-3.3.5_99B_sc100002.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeCreatePagefilePrivilege	1512	chrome.exe
Token: 33	4688	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4688	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1032	Ximalaya-3.3.5_99B_sc100002.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1468	1512	chrome.exe	85
PID 1512 wrote to memory of 1468	1512	chrome.exe	85
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 3176	1512	chrome.exe	86
PID 1512 wrote to memory of 4136	1512	chrome.exe	87
PID 1512 wrote to memory of 4136	1512	chrome.exe	87
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88
PID 1512 wrote to memory of 228	1512	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.ximalaya.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd840c9758,0x7ffd840c9768,0x7ffd840c9778
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4756 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4876 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2772 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4500 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5636 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3892 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4812 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Users\Admin\Downloads\Ximalaya-3.3.5_99B_sc100002.exe
  "C:\Users\Admin\Downloads\Ximalaya-3.3.5_99B_sc100002.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ximalaya\install_task.bat" add \"C:\Program Files (x86)\ximalaya\push-message.exe\""
    3⤵
    PID:1116
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn ximalaya-message-push /sc MINUTE /mo 30 /tr "\"C:\Program Files (x86)\ximalaya\push-message.exe\"" /f
      4⤵
      Creates scheduled task(s)
      PID:4548
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn ximalaya-message-push-onstart /sc ONLOGON /tr "\"C:\Program Files (x86)\ximalaya\push-message.exe\" --onstart" /f
      4⤵
      Creates scheduled task(s)
      PID:4316
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe" /e,喜马拉雅.exe
    3⤵
    PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 --field-trial-handle=1812,i,1188218594941263555,2198787795374451001,131072 /prefetch:2
  2⤵
  PID:5760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x3d0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4228
- C:\Program Files (x86)\ximalaya\喜马拉雅.exe
  "C:\Program Files (x86)\ximalaya\喜马拉雅.exe"
  2⤵
  PID:1968
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:1312
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:5312
- - C:\Program Files (x86)\ximalaya\喜马拉雅.exe
    "C:\Program Files (x86)\ximalaya\喜马拉雅.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\喜马拉雅" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=1956,i,1820345042364815606,4468376893936050421,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5876
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:5932
- - C:\Program Files (x86)\ximalaya\喜马拉雅.exe
    "C:\Program Files (x86)\ximalaya\喜马拉雅.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\喜马拉雅" --mojo-platform-channel-handle=2200 --field-trial-handle=1956,i,1820345042364815606,4468376893936050421,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6068
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:2724
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet"
    3⤵
    PID:4520
  - - C:\Windows\SysWOW64\reg.exe
      reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet
      4⤵
      PID:4640
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:4404
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:1312
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    PID:2300

C:\Windows\SysWOW64\chcp.com
chcp
1⤵
PID:536

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ximalaya\D3DCompiler_47.dll

Filesize
3.5MB

MD5
1207a0c435625e0a44278a51070cc32b

SHA1
9c54fab7e1b90fb0797722eac3203ff34e57758a

SHA256
8718999e507110fbf256d66e413459cfb1ad7c7bd671d7ee34576d24681cddbe

SHA512
f56904c0ac7e900b9344b5d75999aff7a0a2ed9fc76a7366b92ede525e3bb1bb6fc3602b54495967f2c75d14aa09d3cd9da93ad67288eea4a11c89ba689e398b

Download Submit
C:\Program Files (x86)\ximalaya\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Program Files (x86)\ximalaya\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Program Files (x86)\ximalaya\d3dcompiler_47.dll

Filesize
3.5MB

MD5
1207a0c435625e0a44278a51070cc32b

SHA1
9c54fab7e1b90fb0797722eac3203ff34e57758a

SHA256
8718999e507110fbf256d66e413459cfb1ad7c7bd671d7ee34576d24681cddbe

SHA512
f56904c0ac7e900b9344b5d75999aff7a0a2ed9fc76a7366b92ede525e3bb1bb6fc3602b54495967f2c75d14aa09d3cd9da93ad67288eea4a11c89ba689e398b

Download Submit
C:\Program Files (x86)\ximalaya\ffmpeg.dll

Filesize
2.5MB

MD5
08f16284936db98e5665f79a77946302

SHA1
7c064d11226f2f69a2f3b58cb445f9dad121723f

SHA256
927d81609fa5f4a01fed3470045b1671ca0980a68544cdf1b9554c251a0eab32

SHA512
276716bd0d0008883c4382c804f169a43259e94b8cdd71c6211597045f7b50e2822565e4d978f092e2457b664c3be66b98346e9c907c7a367f3a09d90b2a4fd3

Download Submit
C:\Program Files (x86)\ximalaya\ffmpeg.dll

Filesize
2.5MB

MD5
08f16284936db98e5665f79a77946302

SHA1
7c064d11226f2f69a2f3b58cb445f9dad121723f

SHA256
927d81609fa5f4a01fed3470045b1671ca0980a68544cdf1b9554c251a0eab32

SHA512
276716bd0d0008883c4382c804f169a43259e94b8cdd71c6211597045f7b50e2822565e4d978f092e2457b664c3be66b98346e9c907c7a367f3a09d90b2a4fd3

Download Submit
C:\Program Files (x86)\ximalaya\ffmpeg.dll

Filesize
2.5MB

MD5
08f16284936db98e5665f79a77946302

SHA1
7c064d11226f2f69a2f3b58cb445f9dad121723f

SHA256
927d81609fa5f4a01fed3470045b1671ca0980a68544cdf1b9554c251a0eab32

SHA512
276716bd0d0008883c4382c804f169a43259e94b8cdd71c6211597045f7b50e2822565e4d978f092e2457b664c3be66b98346e9c907c7a367f3a09d90b2a4fd3

Download Submit
C:\Program Files (x86)\ximalaya\ffmpeg.dll

Filesize
2.5MB

MD5
08f16284936db98e5665f79a77946302

SHA1
7c064d11226f2f69a2f3b58cb445f9dad121723f

SHA256
927d81609fa5f4a01fed3470045b1671ca0980a68544cdf1b9554c251a0eab32

SHA512
276716bd0d0008883c4382c804f169a43259e94b8cdd71c6211597045f7b50e2822565e4d978f092e2457b664c3be66b98346e9c907c7a367f3a09d90b2a4fd3

Download Submit
C:\Program Files (x86)\ximalaya\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Program Files (x86)\ximalaya\install_task.bat

Filesize
354B

MD5
095437f81045d9e72626dbea156aa51d

SHA1
6f794a6ff34e927e822e88f3f681a3881a618e0a

SHA256
e812b1fb320c1a7ee1e9a09366b4f58695e152f3a4767161c9e23e5c6e5db928

SHA512
42ca2a724e1533d25c43fed1de37d663de077e34cb36978eb57feedc5be6ec4391cff0a3255a158a5fd24d8ec53f9fa3c5ea94429b6142095d5f7f6d246d3676

Download Submit
C:\Program Files (x86)\ximalaya\libEGL.dll

Filesize
382KB

MD5
78f784a8fcedf424008596f047ce9ed7

SHA1
e191f2e1aad1f7409d1cf93e7cd4ee19c207b540

SHA256
a9e0391b2d91fd8f297adbce4d991af976caef6bdee6d1b4351de3744697a2e6

SHA512
39c2d7ade9364d6062dd7252f00780991cff391dd2de3703455bcd2288382c00310e856213cf33d0314bbcee0e1cd4f359873b089de62defc89a12a205442021

Download Submit
C:\Program Files (x86)\ximalaya\libGLESv2.dll

Filesize
6.1MB

MD5
c604403bd89e751388cf08bf7d8dfd38

SHA1
c2e1bd73fda88a19c60a7eb71b7b15b67489d133

SHA256
94d8cc0ddc0d3cccbd7be688140666eacf732576b858c8c042636f481aa1d015

SHA512
529e706effb814df4dda2491cabeb7373d993a86a1d89bd6cde3e2aa0c9132c1fef47d3ddb6e1886b97c78c12fdf12baae6b4b00cf0edf40ec4b1e4069d0a964

Download Submit
C:\Program Files (x86)\ximalaya\libegl.dll

Filesize
382KB

MD5
78f784a8fcedf424008596f047ce9ed7

SHA1
e191f2e1aad1f7409d1cf93e7cd4ee19c207b540

SHA256
a9e0391b2d91fd8f297adbce4d991af976caef6bdee6d1b4351de3744697a2e6

SHA512
39c2d7ade9364d6062dd7252f00780991cff391dd2de3703455bcd2288382c00310e856213cf33d0314bbcee0e1cd4f359873b089de62defc89a12a205442021

Download Submit
C:\Program Files (x86)\ximalaya\libglesv2.dll

Filesize
6.1MB

MD5
c604403bd89e751388cf08bf7d8dfd38

SHA1
c2e1bd73fda88a19c60a7eb71b7b15b67489d133

SHA256
94d8cc0ddc0d3cccbd7be688140666eacf732576b858c8c042636f481aa1d015

SHA512
529e706effb814df4dda2491cabeb7373d993a86a1d89bd6cde3e2aa0c9132c1fef47d3ddb6e1886b97c78c12fdf12baae6b4b00cf0edf40ec4b1e4069d0a964

Download Submit
C:\Program Files (x86)\ximalaya\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Program Files (x86)\ximalaya\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Program Files (x86)\ximalaya\resources\app.asar

Filesize
12.0MB

MD5
77a97f7d556f9f9134eb2f676c6c8b30

SHA1
8561cc9a28ad08a20aa11c2f62b17b442390a889

SHA256
731fbc27271ebb9867f189e27060c2981cf434cb81675846557c82bdc96b91dc

SHA512
4f434dfd41e2768bd6d7530b4a96989a25a15ed4e11adf3dbb57823256f6d73ee67fcea676ce7b63a9e13ecefa74d602441caf766733eaf00fdaf2869a51a66f

Download Submit
C:\Program Files (x86)\ximalaya\resources\config.json

Filesize
16B

MD5
f0da7dba6fdd5f6fdbc5d0d434d84e33

SHA1
4a081d8029b86a9f049789ece81970816656011c

SHA256
38a51190e2e1a27257c04fb153f162c46256f4e31da6cb833f513b3f18b9e0c9

SHA512
e88aa5b7ba6882933049563342f99ee47e322a39782126c1f05a8bf2bb1f73dac7bfcf6d7219353c71561ebb734817bc3ee33c0dec67e61283d0146222130106

Download Submit
C:\Program Files (x86)\ximalaya\v8_context_snapshot.bin

Filesize
596KB

MD5
5d9b4473dd8705940bbb4a4036e395d0

SHA1
af35aa3374200dd2b9102f6767e53413e4e09e20

SHA256
ca2245da2a4aa7e4c9dcbf810c90048f73a9a96f6432f7895f3e6fe0c21e48f1

SHA512
bcc78b845a2aac96e46162c6a81dd1a914a6e8ed6d9753f648ae125958042a76ab49f1fefc8615891a1e007f0d0b63980517953ee088e29d46ba9d258f130192

Download Submit
C:\Program Files (x86)\ximalaya\vk_swiftshader.dll

Filesize
4.0MB

MD5
888e46920adb684e1389102cb6108e10

SHA1
c72e4ea8f3dbcf4242a7177aa3f7649265c60eff

SHA256
cb6e3bc8f724cf83e76629463fcacb42f1c56a00da10163f68ead8aaca57c2d0

SHA512
3c9829222fea6048b9323e5f290a38b1b5fa13687589f4a1cb916409b3aba3ca527cca08c6323eb0d720f62a75da7ec43c308646f9a7473e851dbdde8eb640d0

Download Submit
C:\Program Files (x86)\ximalaya\vk_swiftshader.dll

Filesize
4.0MB

MD5
888e46920adb684e1389102cb6108e10

SHA1
c72e4ea8f3dbcf4242a7177aa3f7649265c60eff

SHA256
cb6e3bc8f724cf83e76629463fcacb42f1c56a00da10163f68ead8aaca57c2d0

SHA512
3c9829222fea6048b9323e5f290a38b1b5fa13687589f4a1cb916409b3aba3ca527cca08c6323eb0d720f62a75da7ec43c308646f9a7473e851dbdde8eb640d0

Download Submit
C:\Program Files (x86)\ximalaya\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Program Files (x86)\ximalaya\vulkan-1.dll

Filesize
761KB

MD5
b7e1b8a091f342e247df7b3597310270

SHA1
662b9d91636edc6f539de0f75295014d007683ad

SHA256
3d6fba9787397c9d4f3fe9a7366c18df218416ff96e74ecb5142cb0780c52db0

SHA512
28ffea43743034a5648b3b25f2cf237cdf220ed43a64fa768a1718f7069719b4bc27cbff322c2951943c67ebf03686071a520c41f810a249e4604fb72db93afd

Download Submit
C:\Program Files (x86)\ximalaya\vulkan-1.dll

Filesize
761KB

MD5
b7e1b8a091f342e247df7b3597310270

SHA1
662b9d91636edc6f539de0f75295014d007683ad

SHA256
3d6fba9787397c9d4f3fe9a7366c18df218416ff96e74ecb5142cb0780c52db0

SHA512
28ffea43743034a5648b3b25f2cf237cdf220ed43a64fa768a1718f7069719b4bc27cbff322c2951943c67ebf03686071a520c41f810a249e4604fb72db93afd

Download Submit
C:\Program Files (x86)\ximalaya\喜马拉雅.exe

Filesize
124.2MB

MD5
59edf9ae22cfb36207367e094cb80388

SHA1
280c003caa5dafb84a0199d2361a3be32834794c

SHA256
f82171b0c1377de4a4e487286587f842f6f539de7def393a2267fd46ca19c0b1

SHA512
4035b43f10b49d63613edd5638b9ee6eeb26eb1c8c1a73ec5e15b1a127f2447cb9c3cab9f41255ae9e4bfe8a1e521acbd98053bc423ba9736bde03df20c3aee9

Download Submit
C:\Program Files (x86)\ximalaya\喜马拉雅.exe

Filesize
115.1MB

MD5
1d4bceaeb528579195a6b3402b994117

SHA1
d2c3dab41bda5b3359ff1a3cf231dc86fa07ff11

SHA256
446f303d630ebf76a1fa68c7f15990c584d9cf5ad90a9c483bedce52d2d8f122

SHA512
39498e943f0bae4c1cf4d6dda6b2039cb6c5d776e53ed11c0b297a840bce7c06ba6ec29e3473f9e1e6813189252e849b0640c169aa85de7ed1003132e8abd308

Download Submit
C:\Program Files (x86)\ximalaya\喜马拉雅.exe

Filesize
111.4MB

MD5
f6b145c301263dbcaea585f382cd6fd1

SHA1
324e7693fdfab1346bbbe936ab1a220cefa68c7b

SHA256
7b507b582e630a6286b530c3c92750201a206cc1c66525dbd792284457d0d429

SHA512
54ad0e7b6fbe0f7e074e96c7257f1b27ac887dcea45e1822a5b1ae8f2f49807b08785aa5a6d50b39a88719ca42da3f8f0b2e7cdc83cb3516ece2b0ddf5c25269

Download Submit
C:\Program Files (x86)\ximalaya\喜马拉雅.exe

Filesize
77.5MB

MD5
70d514eaaa6416bbb3d7b116ca49a034

SHA1
81b339528b3e5e086e796c90af3aa4ddeb6179b9

SHA256
b21697a817bda5a2bdffbac9ccfe92f2ab44fc187db6fc374a0ad58d8fe27fb1

SHA512
4ed78390e2300b0c79bf61b7e124218f77d82f73c03371638eb2689687087c385bd75daeebc0c197a40db28585e6e60e448b00c982f406d1502771775c1d94f7

Download Submit
C:\Program Files (x86)\ximalaya\喜马拉雅.exe

Filesize
76.8MB

MD5
8cc4117c933086fe284e3450be2f77db

SHA1
3ab8188c47908c397f8040caba14d79000e5c50e

SHA256
c2c2bee7188a1e54502f4e84fd88e18bc687473a15a2c26c6bf14a98e7d849da

SHA512
3f8ca96111ae249d276e2b8c499eb46498e885c7ea36c02437d500e36bc53aba0374afeb27e6da9734b4469b5f1562b1544eab706c343e4072e03eba25464516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
8f30e3f97e61360e7efe99ecaf7d4575

SHA1
68098e58ddb19446733d9a45a8deefa1c0a782db

SHA256
8ab7ea63c7e8e43cf9b794e4bf317448b9c16d034f83619a2d46364f2c5731fa

SHA512
6ba11a07d3689ae44e0f66261e5849cab1631d69df059fbdec7866ee6638e50852b3505ab5e5e8c0b194800ab09b5951e468202d198d3ca2217a197055d2ced2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bd12025679f42b8a455cb1a9403ef956

SHA1
6ef76391f7a68130bc00c78a65b80e33dc3399d5

SHA256
77fcb9c67a0651399767cb20daa0177474667a57b04aa81f91b54abecc508d71

SHA512
41673f44176621b3056a58a3610c6c83f2545c98c55170a2c7e7852fc5db0664fbd7e53cbdde5589c478f1914c0ee0ed2e2b23b1faae2edc574be25bc1d85e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e145a86954ed993a79fdc1d96b5ca93e

SHA1
c43900b6cfa448db4172b30aca3c985ef3313dff

SHA256
be4c0a867f617d256a5d74e9d34bc440e428c2d4fbfb844753dad0af2923c2b9

SHA512
659436b3875fb7f5ca783f911e1eb09bf64ff94153a837aa86442e60645224785c8c8fe0a2f33eab39b522826ea45ed790ee6e99060bd34f3fd0c913b2370b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e22a299cdadbf2ee84091a92b80a0f1b

SHA1
ee3bb0bf89e03ddf809900719d7770730c3a936d

SHA256
b3f181164ed07211afa4ed1d3e4dcc10822f02ec248c6004620681d79005638c

SHA512
effd23acaa036b491192b244f01d70901097a010e80ce0d558baf757ab665a48c102aa14ebc2d556a6d8d8b88eb35d226b72abee88ac960dd24e31641e7fe847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
74afe5059d61111f88ecf2e524d737c3

SHA1
8d93640c7ba98eb0c8251bbefd1a7a07b6f047fe

SHA256
fe5c47a9160bdc3d5ce4a8bcd8e02b066c60f3784a3a26873bc9adea3f76bb04

SHA512
3babde0a90cc04f98c3ce99719be0f26b1b16da781f18227219d67a1583d34c147ebb29bf3a5c4e46510d7f05267fa2ded8b970837f3eb27e2b39d304e312e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e226c8f202f1e3c0c8fa7697c8b602c8

SHA1
35261dee50f00abbb586d249486c58815be9f86e

SHA256
688f0f2c288c2d5a7409bf23fec3f2f6176291f650fc476b7858795d5841846f

SHA512
91122c8de090f276ca48cac7862bb40432f20fdd1820aa77fa62a6cb9f8c45dc677c2a23a54539226b29fd60fe9c371507ce806a53828824d40b3f087f3d252d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4804f5765d932afc9627904c36e6521

SHA1
6d565de746a648590ba68741d20cf9c43e2045d8

SHA256
a1caecc8ea93a3f8fef2f25cae04d7592023aa9196f6cea0ac6eae00b0609953

SHA512
c3a015f7e2bc342abb01a60e274b62e0ded47a55f4162d50e48d2f3ecb90665f662964e52324282fda22013b7609c13f9fd6446cb6b3dc50fe7276bec1114859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef84dae58375671f9eef198b01ae9c8d

SHA1
37ceb54a96895d9c163b0810c17222997f69ada6

SHA256
2349bbc68b7b9dd81e3c0664b26b91f4d1855958c7579fa8cab492f75774c19c

SHA512
2f307c3e2a2319b2543e68549d3a8b1c31345054d0f815c99477b75ac2d754a3675c000e10a0b8d4611668f4fbc61377102e03b4a07ae436acd7ea138b210a35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad7e9769f11807514cca154a15b59c01

SHA1
e4f1560ad5b5413fd079673a842cd4d43b96c6ab

SHA256
00fee9054ebe11414012b25877679999ef88affcebab0738f5e8663ce823dc05

SHA512
6becddada51fdc1b851c605190f75f09f875c3725b155b76715eece287dade0af1ccd330b6403f957f8686b91599bdd8aff9d8f1eda5102a933b6b70bac5a37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
429446ef51c4132bf319924ac5f86ad6

SHA1
619c8c4102b49ce5dc76e7a3d843554c7215dd22

SHA256
089bc63c5540e414a64a94bb287cf6e73e15b689123ed7c5bf10e68fa81ffa4c

SHA512
e382c442f27f4d51c667ea4ae409d55528e0ca3f3ca02e42041b9b115ed01b500dcb0d352049a874d794085901bb699996ae089c306be093a27cbd2b5ac1a457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d71b6bcf531345ea58c45e4bbdefcc3

SHA1
6e084909993109e4e98ef4863d78cb1e387eaabf

SHA256
e2ad2c1c5d6457dba451c4c43b34fa52dc8f897da6cc63119e1b0f20600accce

SHA512
407b1bc93fad27635d05fbb231922d486d2de304fa5d6e0c678368881bc69cb8ff90296e19599e7dd439f5608813dd2dbbe1c192f6c02afe42fcab0a3bd5c4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bc22aa70548e51dc1c3c4e7ba6cb566

SHA1
52f739a5d50a5d9e5539ce7b6522c69fd34b30b1

SHA256
3966d0d8f4fcb9f80cf0d4e2f37d1b6e2cab63131accf75b4ff4e994277552dd

SHA512
4f2b5b978fa4e0f7f1751f1fed4c66de65002ab69c11a6706fedf3f0220e0030387a7f121e82ec46f599bfdbb03bba1a5b566b9f270e8af3f6c449f353b92b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9052856bb896d92c4dd8e5a878f6c8e

SHA1
f42cbc3695674b5e2a17398736a2374707b272cb

SHA256
00b2cefcaf2a8636586bb00d9dfabc942cc5768fff6e59698ed172c97cbafa55

SHA512
5a34c0879d906656cea8050d361577d1138dcc724d388425d588861de83684c19b1374cfa19ded5d9534b7090b8f7600c603ed11c367448e661dd8678eabcee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6543b569789399685728af805c18c941

SHA1
2d5eeb2057ec5736d1e856aad50c649cb291b082

SHA256
333f065295d916f0cc3c8f31d8c7a8c4c06f3f263c987c44f334b9862c238f71

SHA512
d014e967eb54127682984499b5dbeb119bbebbbe8fa63287c7079f8aff6fa02fce36dee26f652b2a2f7c89b56de5809d590abeffe1b64b694906b6d59f2c12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3f57ac80c0300020e2207c5baff9b581

SHA1
2afa5f3ae1941d3ad5ccd5349219cb3dc2d9ee5f

SHA256
406b340b57eb84a805dda4a27b92d6f5e951f45258fc9c88b426fd9be491612c

SHA512
94bd7e947294d60bbca236173d4150df42b1370613059e789fbb88baa38b4cebf92ccb09bd232fe428fdb9eedd81cde4b3120a18c487ef92708c4bdc47d3cfac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
52dcce6f8d8d1537f10340fb30397b54

SHA1
679b16e7ed89fc66bc22bbc161397aec70ad0534

SHA256
4fd4624dc11067751490261b321248ecd8d30e1f5ad4d6a550a61fce7f2b5391

SHA512
aa16f07198cf63e99b812aedf775757530059312c1389025c125c511ac3f56cf9048e0b0e455527bb47fc3f1bd88a99588cad495042b996e58c3c1e2b1b9ed3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
6caec60625edd5a5a442ea006709cb8c

SHA1
d98216fe1fac8779c68ac0794ed15bbe5fa7350a

SHA256
7b9ecbaf39b2b1e17b15e2e50ae05369f610be232ae7fe52a68218264fab002e

SHA512
2bec1317c281908636e117d2bdbf75ca64493f1502d4a039296bbcce3fa583fc8c04d986b71826e9bcd3c3064dbf5f1be65c827ff5447553c27e90fc349e37fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
52673b6e04753ba4ae679a862b3d972a

SHA1
6152715171557266238915ed43cb54259dec0a7d

SHA256
3152c0ca289f7bf633ef8ac17c0aa37f6d3a4bfdcdb4385bdab89ffb1c2c0363

SHA512
1b59d314bd4c65c3393c6bc3499d32fe42b34448b90f1be237c05b910a7ab957053d71a13dba47dbc05d7aae5b3d4bff1dce9fe0aa7dfb7078668c68a8ad695d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
13c4a4c22dd8d0da3fe909fbe911687f

SHA1
898af2caa9276ce1030dd4fdfa045cea125aa982

SHA256
e919c8ce150b578b8c56ece645a0285e9e0dc41ca1fc97067dd5c36a68e913bf

SHA512
9415d3d2db927769fdfb64551e7bab7ab13628f93a6e5b0270b2f1714972ae466d04e9890fd47174cf7fedc064523b83dd42f627528fbf302426232417ee5822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572376.TMP

Filesize
98KB

MD5
05d8bbe4481931f6b1a62a55542b461f

SHA1
177ac61a49ef0fb7b823a5b5597186b4cd546e29

SHA256
6a653db51d214424544840838199e53681113aa0dee0445d8dc2016247d864dd

SHA512
6e09b138f6c3b95ea0d68fb6f606772d43f2a576f163abb5507270cb4951bf7f8ee37facc2492c7e7dc0bf893435b355f572f404e90d9d0a6d6d4d1e2765fb77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
0774a05ce5ee4c1af7097353c9296c62

SHA1
658ff96b111c21c39d7ad5f510fb72f9762114bb

SHA256
d9c5347ed06755feeb0615f1671f6b91e2718703da0dbc4b0bd205cbd2896dd4

SHA512
104d69fc4f4aaa5070b78ada130228939c7e01436351166fe51fe2da8a02f9948e6d92dd676f62820da1813872b91411e2f863c9a98a760581ec34d4aa354994

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d4mb1hak.a4a.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsNiuniuSkin.dll

Filesize
982KB

MD5
149cfa10b1d18a65e2d0407d1a5930ea

SHA1
ba678e9857b405c434eacdbf1f322c75bd568db4

SHA256
548b7113ae115d936a790760a46c3a50ddbae6ddaf163e6510007d1c280a5488

SHA512
5b977dfb3ee61b5e65ceaf0f31b871b95129896862b17c9eb9690dd2d560830d2b16cb95ab729cf80a0c069a04052d43a0f9288756caf0958353346c05dc2c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsNiuniuSkin.dll

Filesize
982KB

MD5
149cfa10b1d18a65e2d0407d1a5930ea

SHA1
ba678e9857b405c434eacdbf1f322c75bd568db4

SHA256
548b7113ae115d936a790760a46c3a50ddbae6ddaf163e6510007d1c280a5488

SHA512
5b977dfb3ee61b5e65ceaf0f31b871b95129896862b17c9eb9690dd2d560830d2b16cb95ab729cf80a0c069a04052d43a0f9288756caf0958353346c05dc2c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\nsis7zU.dll

Filesize
313KB

MD5
06a47571ac922f82c098622b2f5f6f63

SHA1
8a581c33b7f2029c41edaad55d024fc0d2d7c427

SHA256
e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9

SHA512
04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl89C2.tmp\skin.zip

Filesize
476KB

MD5
5cf196303447388ea2c3af572ff94207

SHA1
f83c88f2f7bf339a5ca676a8439165931b4c5316

SHA256
a32a638d858c1130cc5214cc25e5691852d5fe8ecf19b25e698f880f7808aeea

SHA512
b7e3b028c97520df599097db9a191387141d2d2ace3a4c48bbcce8781637018061ed9bc656a4a9965ee249c91a5a28043b0f69950bca515d30004ec91b7f30a0

Download Submit
C:\Users\Admin\AppData\Roaming\Ximalaya SetUp\track.json

Filesize
137B

MD5
7ea040aac43996505a75c31cc770e4be

SHA1
5e1756faafb5b197fc3ad7c10cb56a60229359dd

SHA256
944ec46529f0eade2b5515ccf94aee7142dbe97e0e903de4006d6199076b90dc

SHA512
59d92317743ab8bce298019ef1275a4e8f7c29daa92824a43712b1890f69d28a0b73e525feeb748929fd1610efcd0af4a51f12b5efdbf7d8d1c6a2f2a4f81445

Download Submit
C:\Users\Admin\AppData\Roaming\喜马拉雅\config.json

Filesize
57B

MD5
ec6dcf85c057dc30c63c00a0a954c4d2

SHA1
4de5eb1d0bdb3f00a209c0501ec2e275eca0d8cd

SHA256
4e07e7a0f1eaf8f36667c13ed69371b77b66d9335eaeca091259e29499c2ab82

SHA512
72dbaa778d9a001906528681f5783337d6416625473ca1c02f4cecf104177959eaa01835bc8d30cb958dfff624c0b86c4a09356b67f401d77e1bd1fe94c97f41

Download Submit
C:\Users\Admin\AppData\Roaming\喜马拉雅\config.json.tmp-9286115710cd1c87

Filesize
73B

MD5
c2eac480320f94aad7bd19bd1b21afd2

SHA1
910dbac7e446dfaa1b8f4dde796d5848f004945d

SHA256
2c0298f0eee740af38df9ec39b3760ed4043ffacbf4169ef1cec001e97fa33c6

SHA512
095b484608198caa8f1d07e1668465a0fa8fda0012cfb9458ddaeeea24c12e72b9f8e6cce061049a263d74eed293e151e7545d1e65be47efb92d4c46bd17929a

Download Submit
C:\Users\Admin\Downloads\Ximalaya-3.3.5_99B_sc100002.exe

Filesize
66.5MB

MD5
459cc1bbda5489673e1042de953171c2

SHA1
1280264c08097949632756d4858c9c303f060085

SHA256
3197ea21b88398008eda74cbbf4e38ddcbb276581c97135d5524235ab49d01e5

SHA512
fff8143e9da2bbdf46fb0cab7861ae9a177aed1ebf618705dcb33e106a7e4e85c47fc055c374b2ed4fe1dc534b44f11f7128840945ebabbd17861c9cd632ca26

Download Submit
C:\Users\Admin\Downloads\Ximalaya-3.3.5_99B_sc100002.exe

Filesize
66.5MB

MD5
459cc1bbda5489673e1042de953171c2

SHA1
1280264c08097949632756d4858c9c303f060085

SHA256
3197ea21b88398008eda74cbbf4e38ddcbb276581c97135d5524235ab49d01e5

SHA512
fff8143e9da2bbdf46fb0cab7861ae9a177aed1ebf618705dcb33e106a7e4e85c47fc055c374b2ed4fe1dc534b44f11f7128840945ebabbd17861c9cd632ca26

Download Submit
C:\Users\Admin\Downloads\Ximalaya-3.3.5_99B_sc100002.exe

Filesize
66.5MB

MD5
459cc1bbda5489673e1042de953171c2

SHA1
1280264c08097949632756d4858c9c303f060085

SHA256
3197ea21b88398008eda74cbbf4e38ddcbb276581c97135d5524235ab49d01e5

SHA512
fff8143e9da2bbdf46fb0cab7861ae9a177aed1ebf618705dcb33e106a7e4e85c47fc055c374b2ed4fe1dc534b44f11f7128840945ebabbd17861c9cd632ca26

Download Submit
memory/1312-1035-0x0000000007A40000-0x0000000007A6A000-memory.dmp

Filesize
168KB

Download
memory/1312-979-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/1312-980-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/1312-1015-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/1312-1018-0x00000000069E0000-0x0000000006A12000-memory.dmp

Filesize
200KB

Download
memory/1312-1019-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

Filesize
304KB

Download
memory/1312-1029-0x00000000069C0000-0x00000000069DE000-memory.dmp

Filesize
120KB

Download
memory/1312-1033-0x000000007F4E0000-0x000000007F4F0000-memory.dmp

Filesize
64KB

Download
memory/1312-1034-0x00000000078C0000-0x00000000078CA000-memory.dmp

Filesize
40KB

Download
memory/1312-1036-0x0000000007A70000-0x0000000007A94000-memory.dmp

Filesize
144KB

Download
memory/1312-1037-0x000000006DA60000-0x000000006DDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-981-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/2300-1016-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/2724-973-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/2724-974-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/4404-1017-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/4404-982-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/5312-907-0x0000000006620000-0x000000000663A000-memory.dmp

Filesize
104KB

Download
memory/5312-908-0x0000000006670000-0x0000000006692000-memory.dmp

Filesize
136KB

Download
memory/5312-913-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5312-911-0x0000000008310000-0x000000000898A000-memory.dmp

Filesize
6.5MB

Download
memory/5312-910-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5312-912-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5312-909-0x00000000076E0000-0x0000000007C84000-memory.dmp

Filesize
5.6MB

Download
memory/5312-889-0x0000000002B10000-0x0000000002B46000-memory.dmp

Filesize
216KB

Download
memory/5312-890-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5312-891-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5312-906-0x0000000007090000-0x0000000007126000-memory.dmp

Filesize
600KB

Download
memory/5312-905-0x00000000060E0000-0x00000000060FE000-memory.dmp

Filesize
120KB

Download
memory/5312-895-0x0000000005A40000-0x0000000005AA6000-memory.dmp

Filesize
408KB

Download
memory/5312-894-0x00000000059D0000-0x0000000005A36000-memory.dmp

Filesize
408KB

Download
memory/5312-893-0x0000000005830000-0x0000000005852000-memory.dmp

Filesize
136KB

Download
memory/5312-892-0x0000000005190000-0x00000000057B8000-memory.dmp

Filesize
6.2MB

Download
memory/5932-961-0x0000000004600000-0x0000000004610000-memory.dmp

Filesize
64KB

Download
memory/5932-958-0x0000000004600000-0x0000000004610000-memory.dmp

Filesize
64KB

Download
memory/5932-959-0x0000000004600000-0x0000000004610000-memory.dmp

Filesize
64KB

Download