Overview
overview
8Static
static
3download.exe
windows7-x64
8download.exe
windows10-2004-x64
8$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3Kryptex.exe
windows7-x64
6Kryptex.exe
windows10-2004-x64
6LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/.../7x.sh
ubuntu-18.04-amd64
3resources/.../7x.sh
debian-9-armhf
3resources/.../7x.sh
debian-9-mips
3resources/.../7x.sh
debian-9-mipsel
3resources/...dex.js
windows7-x64
3resources/...dex.js
windows10-2004-x64
3resources/...za.exe
windows7-x64
resources/...za.exe
windows10-2004-x64
resources/...za.exe
windows7-x64
1resources/...za.exe
windows10-2004-x64
1resources/...fo.exe
windows7-x64
1Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 16:05
Static task
static1
Behavioral task
behavioral1
Sample
download.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
download.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Kryptex.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
Kryptex.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
LICENSES.chromium.html
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
LICENSES.chromium.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
ffmpeg.dll
Resource
win7-20240903-en
Behavioral task
behavioral17
Sample
ffmpeg.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral18
Sample
libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
libEGL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral20
Sample
libGLESv2.dll
Resource
win7-20240708-en
Behavioral task
behavioral21
Sample
libGLESv2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/7x.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/7x.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/7x.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/7x.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/index.js
Resource
win7-20240903-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/index.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/win/arm64/7za.exe
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/win/arm64/7za.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/win/x64/7za.exe
Resource
win7-20240708-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/7zip-bin/win/x64/7za.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/kryptex-backend/node_modules/amd-binding/build/Release/adlinfo.exe
Resource
win7-20240903-en
General
-
Target
Kryptex.exe
-
Size
130.6MB
-
MD5
c46c36539912104dbed62f65d6043774
-
SHA1
4526654815356f9fb103fedf29778ba67ea477a7
-
SHA256
097aabc30e748b9ff73a47d8466bb825143e22590726f6774e92aab781a18ffd
-
SHA512
e7d45415ec3c325ec167c7328412cfe85f373ee818938fae79fe86e1c9b28681562c01def9d7662bd592476fb9649f84c5123b286a91016729d6c252aac6dc4d
-
SSDEEP
1572864:b/Q7+OQK1/uUxPhRhAlyqsCHaqVpYCRIZW:06O/s4WllwCRkW
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kryptex = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Kryptex.exe\" --from-startup" Kryptex.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation Kryptex.exe Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation Kryptex.exe Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation Kryptex.exe -
Loads dropped DLL 7 IoCs
pid Process 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe -
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Kryptex.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Kryptex.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Kryptex.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Kryptex.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Kryptex.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Kryptex.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Kryptex.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Kryptex.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Kryptex.exe -
Modifies registry key 1 TTPs 31 IoCs
pid Process 3524 reg.exe 4536 reg.exe 4876 reg.exe 2904 reg.exe 2284 reg.exe 220 reg.exe 1916 reg.exe 1616 reg.exe 4108 reg.exe 1140 reg.exe 3992 reg.exe 1020 reg.exe 3024 reg.exe 2284 reg.exe 3464 reg.exe 3212 reg.exe 1948 reg.exe 1924 reg.exe 4540 reg.exe 1580 reg.exe 3012 reg.exe 1964 reg.exe 4804 reg.exe 4328 reg.exe 4892 reg.exe 2816 reg.exe 3636 reg.exe 4836 reg.exe 1444 reg.exe 3568 reg.exe 3904 reg.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Kryptex.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Kryptex.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Kryptex.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 1124 Kryptex.exe 1124 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 1940 Kryptex.exe 1940 Kryptex.exe 4848 Kryptex.exe 4848 Kryptex.exe 4848 Kryptex.exe 4848 Kryptex.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 3612 wmic.exe Token: SeSecurityPrivilege 3612 wmic.exe Token: SeTakeOwnershipPrivilege 3612 wmic.exe Token: SeLoadDriverPrivilege 3612 wmic.exe Token: SeSystemProfilePrivilege 3612 wmic.exe Token: SeSystemtimePrivilege 3612 wmic.exe Token: SeProfSingleProcessPrivilege 3612 wmic.exe Token: SeIncBasePriorityPrivilege 3612 wmic.exe Token: SeCreatePagefilePrivilege 3612 wmic.exe Token: SeBackupPrivilege 3612 wmic.exe Token: SeRestorePrivilege 3612 wmic.exe Token: SeShutdownPrivilege 3612 wmic.exe Token: SeDebugPrivilege 3612 wmic.exe Token: SeSystemEnvironmentPrivilege 3612 wmic.exe Token: SeRemoteShutdownPrivilege 3612 wmic.exe Token: SeUndockPrivilege 3612 wmic.exe Token: SeManageVolumePrivilege 3612 wmic.exe Token: 33 3612 wmic.exe Token: 34 3612 wmic.exe Token: 35 3612 wmic.exe Token: 36 3612 wmic.exe Token: SeIncreaseQuotaPrivilege 3612 wmic.exe Token: SeSecurityPrivilege 3612 wmic.exe Token: SeTakeOwnershipPrivilege 3612 wmic.exe Token: SeLoadDriverPrivilege 3612 wmic.exe Token: SeSystemProfilePrivilege 3612 wmic.exe Token: SeSystemtimePrivilege 3612 wmic.exe Token: SeProfSingleProcessPrivilege 3612 wmic.exe Token: SeIncBasePriorityPrivilege 3612 wmic.exe Token: SeCreatePagefilePrivilege 3612 wmic.exe Token: SeBackupPrivilege 3612 wmic.exe Token: SeRestorePrivilege 3612 wmic.exe Token: SeShutdownPrivilege 3612 wmic.exe Token: SeDebugPrivilege 3612 wmic.exe Token: SeSystemEnvironmentPrivilege 3612 wmic.exe Token: SeRemoteShutdownPrivilege 3612 wmic.exe Token: SeUndockPrivilege 3612 wmic.exe Token: SeManageVolumePrivilege 3612 wmic.exe Token: 33 3612 wmic.exe Token: 34 3612 wmic.exe Token: 35 3612 wmic.exe Token: 36 3612 wmic.exe Token: SeIncreaseQuotaPrivilege 1640 wmic.exe Token: SeSecurityPrivilege 1640 wmic.exe Token: SeTakeOwnershipPrivilege 1640 wmic.exe Token: SeLoadDriverPrivilege 1640 wmic.exe Token: SeSystemProfilePrivilege 1640 wmic.exe Token: SeSystemtimePrivilege 1640 wmic.exe Token: SeProfSingleProcessPrivilege 1640 wmic.exe Token: SeIncBasePriorityPrivilege 1640 wmic.exe Token: SeCreatePagefilePrivilege 1640 wmic.exe Token: SeBackupPrivilege 1640 wmic.exe Token: SeRestorePrivilege 1640 wmic.exe Token: SeShutdownPrivilege 1640 wmic.exe Token: SeDebugPrivilege 1640 wmic.exe Token: SeSystemEnvironmentPrivilege 1640 wmic.exe Token: SeRemoteShutdownPrivilege 1640 wmic.exe Token: SeUndockPrivilege 1640 wmic.exe Token: SeManageVolumePrivilege 1640 wmic.exe Token: 33 1640 wmic.exe Token: 34 1640 wmic.exe Token: 35 1640 wmic.exe Token: 36 1640 wmic.exe Token: SeIncreaseQuotaPrivilege 1640 wmic.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 4404 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe 1468 Kryptex.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4404 wrote to memory of 2736 4404 Kryptex.exe 83 PID 4404 wrote to memory of 2736 4404 Kryptex.exe 83 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 5056 4404 Kryptex.exe 84 PID 4404 wrote to memory of 1124 4404 Kryptex.exe 85 PID 4404 wrote to memory of 1124 4404 Kryptex.exe 85 PID 4404 wrote to memory of 1468 4404 Kryptex.exe 86 PID 4404 wrote to memory of 1468 4404 Kryptex.exe 86 PID 1468 wrote to memory of 3612 1468 Kryptex.exe 90 PID 1468 wrote to memory of 3612 1468 Kryptex.exe 90 PID 1468 wrote to memory of 4108 1468 Kryptex.exe 92 PID 1468 wrote to memory of 4108 1468 Kryptex.exe 92 PID 4404 wrote to memory of 1940 4404 Kryptex.exe 94 PID 4404 wrote to memory of 1940 4404 Kryptex.exe 94 PID 1468 wrote to memory of 3636 1468 Kryptex.exe 95 PID 1468 wrote to memory of 3636 1468 Kryptex.exe 95 PID 1468 wrote to memory of 2764 1468 Kryptex.exe 97 PID 1468 wrote to memory of 2764 1468 Kryptex.exe 97 PID 1468 wrote to memory of 1752 1468 Kryptex.exe 99 PID 1468 wrote to memory of 1752 1468 Kryptex.exe 99 PID 1468 wrote to memory of 1640 1468 Kryptex.exe 100 PID 1468 wrote to memory of 1640 1468 Kryptex.exe 100 PID 1752 wrote to memory of 4812 1752 cmd.exe 103 PID 1752 wrote to memory of 4812 1752 cmd.exe 103 PID 1468 wrote to memory of 4672 1468 Kryptex.exe 104 PID 1468 wrote to memory of 4672 1468 Kryptex.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"1⤵
- Checks computer location settings
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404 -
C:\Users\Admin\AppData\Local\Temp\Kryptex.exeC:\Users\Admin\AppData\Local\Temp\Kryptex.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Kryptex /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Kryptex\Crashpad --url=https://f.a.k/e --annotation=_productName=Kryptex --annotation=_version=4.44.2 --annotation=prod=Electron --annotation=ver=14.2.9 --initial-client-data=0x454,0x458,0x45c,0x450,0x460,0x7ff663468a38,0x7ff663468a48,0x7ff663468a582⤵PID:2736
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=gpu-process --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1648 /prefetch:22⤵PID:5056
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1124
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:12⤵
- Adds Run key to start application
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Windows\System32\Wbem\wmic.exewmic os get locale3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3612
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4108
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3636
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2764
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "chcp"3⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Windows\system32\chcp.comchcp4⤵PID:4812
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get SerialNumber /value3⤵PID:4672
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get TotalVirtualMemorySize /value3⤵PID:1492
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵PID:2908
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵PID:4680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵PID:384
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵PID:1916
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic pagefile get AllocatedBaseSize /value3⤵PID:4344
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe setPageSize 23⤵PID:1424
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDelay /t REG_DWORD /d 0x14 /f"3⤵PID:1788
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDelay /t REG_DWORD /d 0x14 /f4⤵PID:2504
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f"3⤵PID:4120
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers /v TdrDdiDelay /t REG_DWORD /d 0xa /f4⤵PID:1684
-
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:1868
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:2780
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1964
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1948
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2816
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:3612
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Caption /value3⤵PID:4724
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get SerialNumber /value3⤵PID:3908
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get TotalVirtualMemorySize /value3⤵PID:2016
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵PID:1752
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵PID:1864
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress"3⤵PID:2232
-
C:\Windows\System32\Wbem\WMIC.exewmic path Win32_NetworkAdapter where "PNPDeviceID like '%%%%PCI%%%%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress4⤵PID:3412
-
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:3508
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3904
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:3996
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:3088
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4804
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4400
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:828
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3024
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4792
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:2036
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1924
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:1640
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:232
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1916
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4512
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:2884
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1616
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4164
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:3588
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4328
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4080
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:724
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4108
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4792
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:2036
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:2284
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4124
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4728
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4892
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4336
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:1936
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1140
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:1032
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:2276
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3992
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:3720
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4400
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:2816
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:856
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4016
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4836
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:3040
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:5064
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:2904
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2096
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4320
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3464
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2280
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:5008
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3524
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4976
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:1400
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4540
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:1828
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:1496
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3568
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:3276
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4552
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4536
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4068
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4724
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1580
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:3608
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:1836
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:2284
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2904
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:5060
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:220
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2972
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:224
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1020
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2532
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:2160
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3012
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:636
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:3416
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:1444
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:772
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4428
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:4876
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:2140
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager" /v DisplayVersion3⤵PID:4172
-
-
C:\Windows\system32\reg.exereg query HKLM\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 /v RadeonSoftwareVersion3⤵
- Modifies registry key
PID:3212
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exeC:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release\adlinfo.exe3⤵PID:4412
-
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:12⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1940
-
-
C:\Users\Admin\AppData\Local\Temp\Kryptex.exe"C:\Users\Admin\AppData\Local\Temp\Kryptex.exe" --type=gpu-process --field-trial-handle=1636,10151295428059321526,15186107060061848524,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Kryptex" --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2416 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
275KB
MD563a7fb96a3d09b74a0cc73aff7c48f5b
SHA15385ae620cc0edf178e270d924d01dea591cafdf
SHA256f00d85eb45b70e6b4456d4916793162dcacac87a49678ea3dc376912bc7392bb
SHA512d5af761a4e158defb2d9a804ca1f8ea8cc2b99b8e2d7329dfe09f9f1596f265155d93f39dc2feef5d3d0b60615b2707d787266d603d135dfd3d3a964eea998cf
-
Filesize
1.5MB
MD51f45de1aba2eb5820440183939e6107f
SHA1c08e9af17578469a1692ee86e2d94ecdac5542b0
SHA2560b8ec764bc98bc2fe44b0e3e3b398ddc9e82670663bd14c9e4a0cafec9c2713c
SHA512bceebc835173eb542466b1a4f6f21c1eabd492ac9a86413e0b61194ef7b97f1310a54710dd4ae828b8ba7a52dc8db8caf95bdd7a8d0aa1348d9f83b97a04f25b
-
Filesize
147KB
MD55cb6b3762df753d84e4ffd4afe1a7e1c
SHA1ae2b1c4652aec7315607fc413a4c258f11b69544
SHA25648b7275f47cd44a05d349eb4fdb6cfc451ccbf609a4a56fa34452bcf231c1208
SHA5125723c10ea9c26524f7866b9c749d9887b10c1514bf0cc893ba2a6e9c5d9690015cbcbe024653956af3fb842de3290b4c6c4beb051b67480bdae543d8fd3981cc
-
Filesize
588KB
MD5fb77ddacd7282df95c318beac7a594f1
SHA17e509adc033b26abbde4ed0059181ccec991d269
SHA256fdd47610abb3f3d04837e70e5f5b4603270786e73aba7f619d8a15df5444569a
SHA5125c183b0e7c6584af7530dc2cc4aaf4538160d24faf98bb615fd2a55494e7f45d5f05e5332d00bda4e945d53c1fb951207983eb11b2923e2e8afc62bda4be2dc6
-
Filesize
761KB
MD5dc2791bf78b39ef568ba7bb495dedb98
SHA12d80d8c47096b8eec1945094797c9466762f3c1f
SHA256eb1a2a0903c456db115ac01742afb3fbd4af8598e809c8f52e5b1fde2d5fe36a
SHA51221780f4198695410fa87237d0d2c60ae2fae109ef0c66606b959072de7cc7216b3825af1c6f4797e1748b22b8bfecf33f24d16ad76a4e2501b1ba8dcdecf1407
-
Filesize
148KB
MD54dc971c52b14a3843564fb0ce8a6a0c1
SHA15b19af49368e4f067cbc73af7b2b54bf2dc8efee
SHA25627ec96008c48052d5f493683297c26b9136f1d6a9e73c3722e243bc959d7cc93
SHA51252510b4c20146e635656814e7088464399cd4ca2d64ca67ee2b116ab4631918e092d90462fc450d610154b3284579cb8b7d0ca7bbc3a6eae6b0a348ccffd04dc
-
Filesize
187KB
MD51bdfa25647f9eef3f5bdaa031367116f
SHA1f03a35891737b80899b052060709e3b877cc0a85
SHA256c6fae5dfe840301ad481ecde333b693d374f17351a2fb206ec46e7257aea16dd
SHA5123f4284d95db9c1d9205355fc5f5f0ecdbddaedbb1e7c8a4f9c003225da442330f7924da1be143af7720d8b71cc5e94177f548202170c0425a727625e24c76c00
-
Filesize
40B
MD52441232957f17517d3f5ff1db101c906
SHA1129762ec06a0a9c2af39c3118d025d6e09b569a2
SHA2567486dc0d1c3f374135c7df8ee60dfbc55bfcad9d1c81e4adbdd9fd21b3481020
SHA5122f84ae35bd776573988bdd573fa8ae36c4c86ef34e2589b517cf22d0065d394c153a9c47f6984e7ab79beee81ac326dafd27ac7fb47a231ebb3b13d6cfa51be0
-
Filesize
190B
MD5144b52099522740457fb7554fc115877
SHA1f8f27104c8c63d9f8d15b0dbfc69bd56074e222d
SHA2567c403f84d980c75ea64d984e09e536e54869b80ccba91cec24d739238aacf984
SHA5122e891bf8e7bfab586793d51ba520fb1e1f0d0100b76e76054f176873cf4353569e4165836dce4438af950561f0cf181ea6ee4635b1ceb1f4a45a919c0b68db8e
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
8KB
MD5c9434743dee92cdf0aa5d0a75881c104
SHA1524f55589d1477adbcbd7ca13ae17d784d0c9268
SHA256cc19f5ae4bceae5d8cf01bc2f8b87eca7ba59e12daf8047f9dfe4b910ea2879d
SHA512ce8dd7d17eea17f9dbb500559ddc8eada1bd323401dd05f80aa84b8cb76d495aafe11efd6536b4ce15f6b8bac7b27a93a125f5cbbd862baa052e92d1468aa42c
-
Filesize
7KB
MD5cb262b24437d2bd944b36de351e73087
SHA1686f60d14174b5f445ef0c9b3b6ecbdf4e4a2b44
SHA2565651e928207b19cebb059eaef9a1ff1bdecf68c8321e8921b21b0e06473f5846
SHA51208e29979119d0a568f17db9def2abf406c1f455f0ce33fcb255560cba6c839f1676d89a0ac6f5361ed69928638afa7605e7ccaf550b006487b78d28df5ec6447
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84