Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 14:32 UTC
Static task
static1
Behavioral task
behavioral1
Sample
06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe
Resource
win7-20231129-en
General
-
Target
06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe
-
Size
33KB
-
MD5
0323b99a69386f583bbf4aae937b7b9b
-
SHA1
c4c2024f4b57285e959f6709d007b9fbac8ab7c4
-
SHA256
06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1
-
SHA512
6055a4c8e534622d2257ec2d56c5e751b996c97347296479c2e9590a169bb5c019f03fd34757ba248fa4f337b6484c57b2ddcb08b9f49c996446ef797aef3c4e
-
SSDEEP
768:O+bjjpQFJFKZj1PVs9Ag1vzbrqaMKJcrsu:O+becx1aeg1v2axu
Malware Config
Signatures
-
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\R: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\Q: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\M: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\X: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\Y: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\V: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\S: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\P: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\K: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\Z: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\N: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\L: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\H: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\E: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\U: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\T: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\O: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\J: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\I: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\G: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened (read-only) \??\W: 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\Microsoft Office\PackageManifests\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ja-jp\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\sv-se\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Windows Media Player\wmlaunch.exe 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Google\Update\1.3.36.151\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\cs-cz\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pt-br\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-sl\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\da-dk\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ja-jp\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\Microsoft Office\root\fre\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-ae\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\es-es\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.37\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ar-ae\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\it-it\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\_desktop.ini 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\rundl132.exe 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe File created C:\Windows\Dll.dll 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 60 IoCs
pid Process 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 4132 wrote to memory of 1560 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 83 PID 4132 wrote to memory of 1560 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 83 PID 4132 wrote to memory of 1560 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 83 PID 1560 wrote to memory of 3980 1560 net.exe 85 PID 1560 wrote to memory of 3980 1560 net.exe 85 PID 1560 wrote to memory of 3980 1560 net.exe 85 PID 4132 wrote to memory of 3136 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 89 PID 4132 wrote to memory of 3136 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 89 PID 4132 wrote to memory of 3136 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 89 PID 3136 wrote to memory of 1820 3136 net.exe 91 PID 3136 wrote to memory of 1820 3136 net.exe 91 PID 3136 wrote to memory of 1820 3136 net.exe 91 PID 4132 wrote to memory of 3436 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 56 PID 4132 wrote to memory of 3436 4132 06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3436
-
C:\Users\Admin\AppData\Local\Temp\06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe"C:\Users\Admin\AppData\Local\Temp\06b195b9184ba7b73594976c2580f69fd7761a18904e9006dd76a950a6215ee1.exe"2⤵
- Drops startup file
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4132 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:1560 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:3980
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:1820
-
-
-
Network
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request144.107.17.2.in-addr.arpaIN PTRResponse144.107.17.2.in-addr.arpaIN PTRa2-17-107-144deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=00376DAD89B067D3047B79228850664A; domain=.bing.com; expires=Tue, 24-Jun-2025 14:33:02 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B508D52CF98F4190ABAD0E123B115AAC Ref B: LON04EDGE1216 Ref C: 2024-05-30T14:33:02Z
date: Thu, 30 May 2024 14:33:01 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=00376DAD89B067D3047B79228850664A; _EDGE_S=SID=0DB13F7C1CE66600225D2BF31D4C674B
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=QhT48LKf3olWCKQO4Fb1ek_LSbezE2ipVpL6sBSLIrY; domain=.bing.com; expires=Tue, 24-Jun-2025 14:33:02 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C0056D4AF13B4F12937D123BA8EF28D8 Ref B: LON04EDGE1216 Ref C: 2024-05-30T14:33:02Z
date: Thu, 30 May 2024 14:33:01 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981Remote address:23.62.61.170:443RequestGET /aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=00376DAD89B067D3047B79228850664A
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 409F553CAC3845329451EA439B7BE8EA Ref B: DUS30EDGE0712 Ref C: 2024-05-30T14:33:02Z
content-length: 0
date: Thu, 30 May 2024 14:33:02 GMT
set-cookie: _EDGE_S=SID=0DB13F7C1CE66600225D2BF31D4C674B; path=/; httponly; domain=bing.com
set-cookie: MUIDB=00376DAD89B067D3047B79228850664A; path=/; httponly; expires=Tue, 24-Jun-2025 14:33:02 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.363d3e17.1717079582.43525be
-
Remote address:8.8.8.8:53Request22.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request170.61.62.23.in-addr.arpaIN PTRResponse170.61.62.23.in-addr.arpaIN PTRa23-62-61-170deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request216.131.50.23.in-addr.arpaIN PTRResponse216.131.50.23.in-addr.arpaIN PTRa23-50-131-216deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBtls, http22.5kB 9.0kB 20 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBHTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8L_FPr0SW5GJrtDtjBdSakzVUCUz6EGM19I2MzuobIOWv1JQ4yhw9OXGhiSrnzipVBbnwiSkW5h7_558bLuOc8zsuPVuvI64uIUzwTeywL4ow235gDVbaCRoIGCWuIG9KHXasxcP3bpb6iZQm4_JmrFOrTihx7soiihcnpkjS7d690z5-%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D374a0f3f1df71576bd2f69047f62e593&TIME=20240508T113234Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBHTTP Response
204 -
23.62.61.170:443https://www.bing.com/aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981tls, http21.4kB 5.4kB 16 12
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=cc55513055fc4b5fa5b31d29c578b761&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113234Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981HTTP Response
200
-
72 B 158 B 1 1
DNS Request
241.150.49.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
144.107.17.2.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
22.160.190.20.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
170.61.62.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
216.131.50.23.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
88.156.103.20.in-addr.arpa
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
177KB
MD5f2751b0158447769335cebe34c2d82d9
SHA19d413b52a50071f39ef72635f1365fd237d44d84
SHA2567525f335f9b13f85df57c421fca09cd644fdbba67a79916e784417f30de15f5c
SHA512b0c3b79073ff4f5ef88c48b026ad396f476daf5d51291ce9932bf7005cec3d2d52d38f9b17f956ee42a731f964b3bd400549a8be2b1760bec82e61c0a6b5aa0b
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
Filesize643KB
MD5b489893e2a89eb1682d618b8824fb7c3
SHA18f929e84ce714a7247920ec3902292e977ebb26d
SHA256720afba2de160448f339c299f4607089254ec8f82168694d7808273128822e81
SHA512a6f03b3cd792ad476e69854adc6280898882379bba50bab0af36d718d5b6806b585f172024f99a4f282785b9759ad3383643c9283daaa5947b79e8102d2c90c1
-
Filesize
9B
MD5588b2065b2adfd8dfd688104d02aad5a
SHA1263f0ca294d728a13f51220aea8123aa257cc6e2
SHA256f9ab49edf14c6bda17287f7caa63d3b3bb20a65215f1462cf05577a5c1c472e6
SHA51299106035ac4547c81fd737f5f79ddd32ea10fde9e3ea97102472c871aa9f94ee3f68823bcc4bb308e92265a9c3cacd4b1f5c9f52f8d3e630cdf6bdcd3c737e2d