Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
113s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25/11/2024, 08:52 UTC
Behavioral task
behavioral1
Sample
6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe
Resource
win10v2004-20241007-en
General
-
Target
6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe
-
Size
4.6MB
-
MD5
951ea841732871d4dd799fdf1fdf57d1
-
SHA1
70d47ead9a8e584a2b0f6b872847bb4d90c7fa62
-
SHA256
6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7
-
SHA512
57526b4da9f9172ae96bf122d635f871f8f24e653500d2c10ca6bdd6502c6db8b1b40252e0d4c4624383453aea719e34309294bd3547e45e6af08678fa2e7dc1
-
SSDEEP
98304:9nsmtk2aPOmZb0bHkeaRs4WpcF8uztWOiiROB4/Oo1sRFu:hLBmZb0bEds4XFR0OiC/GTu
Malware Config
Extracted
xred
xred.mooo.com
-
email
xredline1@gmail.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Signatures
-
Xred family
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation Synaptics.exe -
Executes dropped EXE 5 IoCs
pid Process 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 4516 Synaptics.exe 1424 ._cache_Synaptics.exe 2340 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_Synaptics.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Synaptics.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ._cache_Synaptics.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ._cache_Synaptics.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ Synaptics.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2404 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2340 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 2340 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 2632 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 1424 ._cache_Synaptics.exe 2404 EXCEL.EXE 2404 EXCEL.EXE 2404 EXCEL.EXE 2404 EXCEL.EXE 2404 EXCEL.EXE 2404 EXCEL.EXE 2404 EXCEL.EXE 2404 EXCEL.EXE -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 840 wrote to memory of 1216 840 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 83 PID 840 wrote to memory of 1216 840 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 83 PID 840 wrote to memory of 1216 840 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 83 PID 840 wrote to memory of 4516 840 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 84 PID 840 wrote to memory of 4516 840 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 84 PID 840 wrote to memory of 4516 840 6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 84 PID 4516 wrote to memory of 1424 4516 Synaptics.exe 85 PID 4516 wrote to memory of 1424 4516 Synaptics.exe 85 PID 4516 wrote to memory of 1424 4516 Synaptics.exe 85 PID 1216 wrote to memory of 2340 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 86 PID 1216 wrote to memory of 2340 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 86 PID 1216 wrote to memory of 2340 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 86 PID 1216 wrote to memory of 2632 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 87 PID 1216 wrote to memory of 2632 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 87 PID 1216 wrote to memory of 2632 1216 ._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe"C:\Users\Admin\AppData\Local\Temp\6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe"C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1216 -
C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe"C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe" --local-service3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
-
C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe"C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe" --local-control3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2632
-
-
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4516 -
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:1424
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2404
Network
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
DNSboot.net.anydesk.com._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exeRemote address:8.8.8.8:53Requestboot.net.anydesk.comIN AResponseboot.net.anydesk.comIN A15.235.218.149
-
Remote address:8.8.8.8:53Request149.218.235.15.in-addr.arpaIN PTRResponse149.218.235.15.in-addr.arpaIN PTRns5027926 ip-15-235-218net
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.159.190.20.in-addr.arpaIN PTRResponse
-
DNSrelay-0135ac48.net.anydesk.com._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exeRemote address:8.8.8.8:53Requestrelay-0135ac48.net.anydesk.comIN AResponserelay-0135ac48.net.anydesk.comIN A57.128.141.165
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request165.141.128.57.in-addr.arpaIN PTRResponse165.141.128.57.in-addr.arpaIN PTRrelay-0135ac48netanydeskcom
-
Remote address:1.1.1.1:53RequestInjUpdateIN AResponse
-
Remote address:8.8.8.8:53Request97.32.109.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestxred.mooo.comIN AResponse
-
Remote address:8.8.8.8:53Requestfreedns.afraid.orgIN AResponsefreedns.afraid.orgIN A69.42.215.252
-
GEThttp://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978Synaptics.exeRemote address:69.42.215.252:80RequestGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
User-Agent: MyApp
Host: freedns.afraid.org
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Mon, 25 Nov 2024 08:52:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache: MISS
-
Remote address:8.8.8.8:53Request252.215.42.69.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request252.215.42.69.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request28.173.189.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.163.202.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.42.69.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestdocs.google.comIN AResponsedocs.google.comIN A142.250.187.206
-
Remote address:142.250.187.206:443RequestGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
ResponseHTTP/1.1 303 See Other
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 25 Nov 2024 08:53:22 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: script-src 'report-sample' 'nonce-oaOBhuMrT3dEGot6-GpaQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:142.250.187.206:443RequestGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=519=heqGYqOa8mH4tkMLvwyH8BUJYmfLBnZawMb5PqrqVtYPq44CpU7IslDgJn825Uie5YBZt289Q-BUE5e12cE5OmdVPK2Pan_j15s4e-5SgiBWgIIgUuQtZum0weqkLoito7ozCxlIm70b8WN7E-rjWhlsTYKnLiD-k26Ztaew3MPH3lrp
ResponseHTTP/1.1 303 See Other
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 25 Nov 2024 08:53:23 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: script-src 'report-sample' 'nonce-TDhdXFPEKE32_ConAzVc6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:142.250.187.206:443RequestGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Host: docs.google.com
Cache-Control: no-cache
Cookie: NID=519=heqGYqOa8mH4tkMLvwyH8BUJYmfLBnZawMb5PqrqVtYPq44CpU7IslDgJn825Uie5YBZt289Q-BUE5e12cE5OmdVPK2Pan_j15s4e-5SgiBWgIIgUuQtZum0weqkLoito7ozCxlIm70b8WN7E-rjWhlsTYKnLiD-k26Ztaew3MPH3lrp
ResponseHTTP/1.1 303 See Other
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 25 Nov 2024 08:53:24 GMT
Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: script-src 'report-sample' 'nonce-dyYyHYrgkcdEH0w8rq1Pog' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.200.3
-
Remote address:142.250.200.3:80RequestGET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 25 Nov 2024 08:52:04 GMT
Expires: Mon, 25 Nov 2024 09:42:04 GMT
Cache-Control: public, max-age=3000
Age: 78
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Requesto.pki.googIN AResponseo.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.200.3
-
GEThttp://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEGoFYJ0C3qQCbRh5xcgwPQ%3DSynaptics.exeRemote address:142.250.200.3:80RequestGET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEGoFYJ0C3qQCbRh5xcgwPQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 25 Nov 2024 08:11:49 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2493
-
GEThttp://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDHA1yyGqTiRQmAB36tPEBHSynaptics.exeRemote address:142.250.200.3:80RequestGET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDHA1yyGqTiRQmAB36tPEBH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 25 Nov 2024 08:30:31 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 1372
-
Remote address:8.8.8.8:53Request206.187.250.142.in-addr.arpaIN PTRResponse206.187.250.142.in-addr.arpaIN PTRlhr25s33-in-f141e100net
-
Remote address:8.8.8.8:53Requestdrive.usercontent.google.comIN AResponsedrive.usercontent.google.comIN A142.250.179.225
-
GEThttps://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSynaptics.exeRemote address:142.250.179.225:443RequestGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Cache-Control: no-cache
Host: drive.usercontent.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 25 Nov 2024 08:53:23 GMT
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Security-Policy: script-src 'report-sample' 'nonce-QkDgIba27SCks32_gzPzoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Content-Length: 1652
X-GUploader-UploadID: AFiumC5UwiFuqEbpft9pm6XcS_0gkVsRlLJJNbjC_ajO0b7i5g715i8pOdipfLVIfkzLc3ywtsU
Server: UploadServer
Set-Cookie: NID=519=heqGYqOa8mH4tkMLvwyH8BUJYmfLBnZawMb5PqrqVtYPq44CpU7IslDgJn825Uie5YBZt289Q-BUE5e12cE5OmdVPK2Pan_j15s4e-5SgiBWgIIgUuQtZum0weqkLoito7ozCxlIm70b8WN7E-rjWhlsTYKnLiD-k26Ztaew3MPH3lrp; expires=Tue, 27-May-2025 08:53:23 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
-
GEThttps://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSynaptics.exeRemote address:142.250.179.225:443RequestGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Cache-Control: no-cache
Host: drive.usercontent.google.com
Connection: Keep-Alive
Cookie: NID=519=heqGYqOa8mH4tkMLvwyH8BUJYmfLBnZawMb5PqrqVtYPq44CpU7IslDgJn825Uie5YBZt289Q-BUE5e12cE5OmdVPK2Pan_j15s4e-5SgiBWgIIgUuQtZum0weqkLoito7ozCxlIm70b8WN7E-rjWhlsTYKnLiD-k26Ztaew3MPH3lrp
ResponseHTTP/1.1 404 Not Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 25 Nov 2024 08:53:23 GMT
Content-Security-Policy: script-src 'report-sample' 'nonce-FWnv2yAzjGHjlgSycEMKlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Cross-Origin-Opener-Policy: same-origin
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Content-Length: 1652
X-GUploader-UploadID: AFiumC6P8aqYHkb_05sjd8ZBc80e-fjyjcxvIgjXlHRap9R1kAcg4iqicMVtIHx6XBF84iJWQh4Nms6HJQ
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
-
GEThttps://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSynaptics.exeRemote address:142.250.179.225:443RequestGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
User-Agent: Synaptics.exe
Cache-Control: no-cache
Host: drive.usercontent.google.com
Connection: Keep-Alive
Cookie: NID=519=heqGYqOa8mH4tkMLvwyH8BUJYmfLBnZawMb5PqrqVtYPq44CpU7IslDgJn825Uie5YBZt289Q-BUE5e12cE5OmdVPK2Pan_j15s4e-5SgiBWgIIgUuQtZum0weqkLoito7ozCxlIm70b8WN7E-rjWhlsTYKnLiD-k26Ztaew3MPH3lrp
ResponseHTTP/1.1 404 Not Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 25 Nov 2024 08:53:24 GMT
Content-Security-Policy: script-src 'report-sample' 'nonce-mEkJYGmqDdd6Qo1uSm7t_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
Cross-Origin-Opener-Policy: same-origin
Content-Length: 1652
X-GUploader-UploadID: AFiumC53SnmJkaJxetC1PD1adLnI59f7D8Zp8P-sK1s6YkwJ1w5wNOUmamzmDHLzNm8E-PQnQh4sfjPowA
Server: UploadServer
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Security-Policy: sandbox allow-scripts
-
Remote address:8.8.8.8:53Request225.179.250.142.in-addr.arpaIN PTRResponse225.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f11e100net
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
15.235.218.149:443boot.net.anydesk.comtls._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe1.8kB 1.9kB 8 8
-
57.128.141.165:443relay-0135ac48.net.anydesk.comtls._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe33.6kB 823.2kB 593 663
-
69.42.215.252:80http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978httpSynaptics.exe430 B 415 B 6 4
HTTP Request
GET http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978HTTP Response
200 -
142.250.187.206:443https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtls, httpSynaptics.exe1.9kB 11.3kB 16 14
HTTP Request
GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTTP Response
303HTTP Request
GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTTP Response
303HTTP Request
GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTTP Response
303 -
303 B 1.7kB 4 4
HTTP Request
GET http://c.pki.goog/r/r1.crlHTTP Response
200 -
142.250.200.3:80http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDHA1yyGqTiRQmAB36tPEBHhttpSynaptics.exe738 B 1.6kB 6 4
HTTP Request
GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEEGoFYJ0C3qQCbRh5xcgwPQ%3DHTTP Response
200HTTP Request
GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDHA1yyGqTiRQmAB36tPEBHHTTP Response
200 -
142.250.179.225:443https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtls, httpSynaptics.exe2.4kB 14.7kB 23 21
HTTP Request
GET https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTTP Response
404HTTP Request
GET https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTTP Response
404HTTP Request
GET https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHTTP Response
404
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
8.8.8.8:53boot.net.anydesk.comdns._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe66 B 82 B 1 1
DNS Request
boot.net.anydesk.com
DNS Response
15.235.218.149
-
73 B 114 B 1 1
DNS Request
149.218.235.15.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
75.159.190.20.in-addr.arpa
-
8.8.8.8:53relay-0135ac48.net.anydesk.comdns._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe76 B 92 B 1 1
DNS Request
relay-0135ac48.net.anydesk.com
DNS Response
57.128.141.165
-
358 B 6
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
73 B 117 B 1 1
DNS Request
165.141.128.57.in-addr.arpa
-
1.1.1.1:53InjUpdatedns._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe55 B 130 B 1 1
DNS Request
InjUpdate
-
71 B 145 B 1 1
DNS Request
97.32.109.52.in-addr.arpa
-
59 B 118 B 1 1
DNS Request
xred.mooo.com
-
64 B 80 B 1 1
DNS Request
freedns.afraid.org
DNS Response
69.42.215.252
-
144 B 144 B 2 2
DNS Request
252.215.42.69.in-addr.arpa
DNS Request
252.215.42.69.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
28.173.189.20.in-addr.arpa
-
74 B 160 B 1 1
DNS Request
200.163.202.172.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
241.42.69.40.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
217.135.221.88.in-addr.arpa
-
61 B 77 B 1 1
DNS Request
docs.google.com
DNS Response
142.250.187.206
-
56 B 107 B 1 1
DNS Request
c.pki.goog
DNS Response
142.250.200.3
-
56 B 107 B 1 1
DNS Request
o.pki.goog
DNS Response
142.250.200.3
-
74 B 113 B 1 1
DNS Request
206.187.250.142.in-addr.arpa
-
74 B 90 B 1 1
DNS Request
drive.usercontent.google.com
DNS Response
142.250.179.225
-
74 B 112 B 1 1
DNS Request
225.179.250.142.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.6MB
MD5951ea841732871d4dd799fdf1fdf57d1
SHA170d47ead9a8e584a2b0f6b872847bb4d90c7fa62
SHA2566f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7
SHA51257526b4da9f9172ae96bf122d635f871f8f24e653500d2c10ca6bdd6502c6db8b1b40252e0d4c4624383453aea719e34309294bd3547e45e6af08678fa2e7dc1
-
C:\Users\Admin\AppData\Local\Temp\._cache_6f2eab739a2daf67221a8b4f99201f2265bb4f1d39343f3be58454dbba5665c7.exe
Filesize3.9MB
MD530c9c57aa570088d745fac7bfd05b805
SHA1d579d18848859614e219afa6332d410e0ca71fc3
SHA2568cd552392bb25546ba58e73d63c4b7c290188ca1060f96c8abf641ae9f5a8383
SHA512182dc736cf09e8b4e063b29c839999ab28506a71e22173484f9dbc9bf9472456406aa0c8de542d85436200317175f9e32d65f1bb1e567b8c717860348fd3b52c
-
Filesize
21KB
MD5269fb3e43f092f1e35044aedec7f4adc
SHA1e6a1160582ba583babc3df8503042e0ce6b3a3bb
SHA2560f96f3541b7d05beccfe48cfc9f0ec09f30830c7b2d00db6251c5aec1b8c8cc4
SHA512052e0b72da5db8b208b7fcccf22f1b9f13ede291f472c0fc8cdf9961335be21ddfe089146be751227c72372e2775c88c3267db87a143cf29fad5683fdfb42a64
-
Filesize
385KB
MD51ce7d5a1566c8c449d0f6772a8c27900
SHA160854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA25673170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA5127e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753
-
Filesize
6KB
MD50e22f6afdce420cf2ad67d5b901da154
SHA1dddbece61e799554d90328ba244327e36ed1c1f3
SHA256fcaefa99b6eaacf1981d6ff7826ab605b67d90436526c454b9bc9222dd0420a1
SHA512dc791dd0de7b5badd52acf97d18ef54c9ecd950355d4b4836529bdd0b67ad6714632e021f55a7c8440d472dd3cbd81d09c79df0bcdb370cca21fe31b3218af77
-
Filesize
9KB
MD566b5caa202ec2349c1f83f2b7a921dd6
SHA1ee9d60c55862fb46dde5ac2c9f156bfec44c466f
SHA256c8367fb19a3ef05ce60b7d725af3a194ad47caf51801e16cdcd8639f5933e0f3
SHA512a7d82b4600229fcf5dde263fc320b45edb16097c6b4d7cfca509061a9d13a81264089a9f17d4c072435c07095da48d2689b27189f1b4eef0eafe05cc1341cf73
-
Filesize
12KB
MD56de7837b137d60c4ea92ada98816abf5
SHA1863bc674c3d60354d38d28bc198c9d4387df313d
SHA256ffd36f0f345df577700c6720dad3ac2adcdddb977b4cdf5ad4c2a983047b384a
SHA5120ee984a845feaa4feb15f15bd649843ce79395ad7c18e68b67cb164f99f9ee3bf51a41da3e3ceb010119f703a9b0072924243eb31c864c5dab811746b7952b3c
-
Filesize
2KB
MD5588ea4d70a4cb9a04d8ded06b75a657f
SHA1ba2a409f0727198ce65b1da7f4a9f4281ec4c3a3
SHA2562cb75e9fe8a566eb596688d6531c19a3f94ec21fb0ba3a0f73b7da4a0e1225d2
SHA512b30f44fde0913b239169f1abeccadabb7f70fc9fcbb4ac514cb107cec3a69896b81a30960d82771f2ece85d5f55d365067613c6bb90bfa52dad693731dd3c0e1
-
Filesize
2KB
MD536d9caff928c3cba31e56305a41df02d
SHA10972acc9cdc53d0ed4a7e9bd583d6b8bd11d0b8d
SHA256716750aa0f041f83851fd4711b93d7afc476320954991b17d6cc23708d8759d3
SHA512ffae657d3146f7943970600b6c257ef4fd2c4d09d2ebd3a801ebe21cdb460eea91a02b5ebc19fa0b56f25a6bb9c105306b7ae4cd54fefd8147f8d60db972dcfb
-
Filesize
312B
MD50c04ad1083dc5c7c45e3ee2cd344ae38
SHA1f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA2566452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA5126c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492
-
Filesize
424B
MD511d8e1bb0e697349bd09f3d3912e9075
SHA114e4b668eb1ca0a9fac57ba5909247cc4d2bd011
SHA25603c7109286e84f8e03933197a97a4b4a66228b1c64f8319a6b4b1b3308e77630
SHA51235154f1f0653a8dd59950056bc4fb1108750aeb90c1ef10ec06945695270211ae863f5b10dff74916ced91b01d3e4d6f47ed122464699eaaa88952198f438069
-
Filesize
681B
MD55cd400d09b0462cf0a73416279776440
SHA1f3d4573bdb83b55598b29437662667b5235c546a
SHA2568c9a0943c071ea09bc9bff353e2627a9d54f340d18149246b9274fd0b4aa2cf0
SHA512651cd59928f255443c8a03c04a22b547d7dd6a2a22584ff91b557b527e4f6c49b11de62b6acccf638e7b76b04dba5d01ac7dd9d412718d38b06290ea9fb67108
-
Filesize
738B
MD5b7a5c23ab905401ca4be8c44aa281724
SHA11940d7b970b1b1839447867e6384cc715d5c8535
SHA2560c807eef8f493b781bc006b9d1562cc6b407c2a4adbceb85844daa39ccc64028
SHA512e8bf0c2d1ace5e6d8c808a8e5dc88bdfed42e2bc42ece474dbf7cda33efefb6c938e6639cf6a325dbed46a5ad4a31f372c5d121b4da2561db4856070917a6972
-
Filesize
785B
MD5bce6f2ceb7bd5b5c96599e01ebc31d21
SHA10e46e6c1283b698f2e661a581a469b27e61e7b13
SHA256891929a211cec397e0d22a0c3d470634769fb779396f8941678fbc40b17a4035
SHA5126d108744ba2899b90bd3ea0d6d8ccb79d0997a6df5db332d1753f37c52297e0e1273ebb3867db89fb792b414775b2e5bc740529d84cd9475317d9ce039a92fd8
-
Filesize
1003B
MD5a3b44a0d2827d1799870b20d5c452767
SHA19a4d5ea58ecb4afe014b1fbebab057efe31ca050
SHA256efbbd1f823b37dd6fe7c9c90e71237426a8abe0a4833bd18d07ae2c995a34d3c
SHA512042542d6c53d8bd0ab01bb4675b147929aaa1d6463e15b9b2dff89dfd585972f49053b36eeba68a5f9fc97fe46194139a886370e671992ffede39f80a3ce1fdd
-
Filesize
1KB
MD52dadc817ba70aebae93b5b8bd881ad29
SHA1ddab43f7307c9af94f054e84ac40074fe2b0145b
SHA2565056eea27357d38a0392c256c63985f02ed685c5074cfafacec4cb8c80255ccf
SHA512be41e8928e7579b05c510d7e82e23dc2ab7953a3be80172cdc3406e62793d93f804aa922d0fc0bcf636d2f6a4ac956d1e4bbc166e46648591375bb4740c1ed04
-
Filesize
1KB
MD5e5c8862f8702caf6594c107f9ea8552a
SHA116229fd4b2e9007bcb40d01563389f8f8c9fe0e5
SHA256cfe362235f276ae6467ea5f23d4ecbec17c870aec1909e51e4ab949f45de2ca1
SHA51217cde7c1a33516f164b77b7757c690eb5f598834e655cc673c21b9c4fe992f4700cb201f9e539251ca4eebb338f3de948b992a35f65045263be02477ba35bf24
-
Filesize
1KB
MD5af011606af8edc7d6c79f8e372640e7c
SHA1fcf12243be52274f281780968640b2bbc1b7d52b
SHA256209d04e2c2ccf9a3c845a0ab76c0b81997e5c7bda75ebdec4b4113539d242f0e
SHA51282392d043eeb0a453c653e54540566194e0440b2d10558e981018836066303a00f088f08a4ba35c13547c82527d346c85f3d9814348dd457e0f7ebd87f625703
-
Filesize
6KB
MD589b0d888049c74519f3d47b945f7c096
SHA1dbcfbeb4cb1a1b0f5fe13bd5f6dfee255b5e03fb
SHA256834bba5b8679cced44c29f19bb1058d32469d8bd4a80209ea054877d83eec10f
SHA512a52e7862701a6fc43053a723ddd6e66f5a376d29ac8ca34db1c855661ba034527617f11802ad32a67e06be288d0f39d481a06b847428ddba6f2cc9a6bae14df7
-
Filesize
6KB
MD51320215729b776d28a9dd683609ff2a7
SHA184c77a8ab68a39783617e720ac525701e894ec75
SHA2568eea2233282271376065d7cd6881167c1aa59ce4e54feaeb22c87736e2e9b15b
SHA51249d1d730b4c96f1c9aaab0b397a4f2b8d39122110a54a2210b0958299d53342e3f521f6a3e09bf3c255a9fc731c38884173912265445a1e4a7f062fb31183007
-
Filesize
6KB
MD57aecb866efa84cc793822c1a06ee725e
SHA1084d2aa78abe0a284c89f71060c1528f2f05ad32
SHA25689ae88d48ba8f66e884a0e76abc27c3be9546e86e4f73d3b10e84b8f672d7d6f
SHA5128c7c28780b2923f888cb590d4bdb2ad192baf3dc85733f1188ead582d9a46248f6f61c67cc1f436bdcc90ca45f3378e0a4b57e3d0525152385c37a20fa68959f
-
Filesize
6KB
MD52138a7554d6f3b6f85685f33e3eac635
SHA15c0a4d57e274f5864f59f705d75ce627081e7179
SHA256eba65898febe7024b15cc7dada2ac486600c4f276d7a546c64c89772c9543099
SHA512db43b77fd928afb4af68d6cb1e52d1a5a3ad7891308e0a651d77a57d306331482e4f6e2f5c661734a1f9705ef82e2e2286b8670aac52c6f54f4db8e0337d9161
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize4KB
MD55720108bb36d5c9029ef2f88e652e373
SHA1fcc35ff9fcfc52876869a31dcbb5a0e286f7f1b1
SHA2565ce4601ea7d8dfe030048af8ccf96b8d06ef95f7e4ab074ef13c421977c3332d
SHA512c080b9b732b8da6198bb94b4e534dd680235c05b840488f1836ec5477fd1c93c9fa5d002a935ae736fe7df4a18a4d3abf679c9d3b2c030e81c7f92eef6be7d25
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
Filesize3KB
MD57e48019b4cd30a1d9c477609b7f1576d
SHA12668dc75c9c1bddf6773f94fbd943eb90bbef8d1
SHA256f62c45d5950194592f8b8891fba403a3aa06c8bb87e7c7317afcb428de00c53d
SHA512b7c3225c609b6240cc0fa7ccc36f43f440ae138338b16c10cf089627a752be738b1e07fa33c162f0ad27ea50a923e1be9c9847a82ed95d60ca64a57dbc3019a4