Analysis
-
max time kernel
300s -
max time network
291s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-11-2024 03:42
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
Signatures
-
Lumma family
-
Drops file in Windows directory 1 IoCs
Processes:
chrome.exedescription ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target Process procid_target 3060 2684 WerFault.exe 115 3528 2368 WerFault.exe 113 -
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Xeno 1.0.9.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeXeno 1.0.9.exeXeno 1.0.9.exeAcroRd32.exeRdrCEF.exeXeno 1.0.9.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Xeno 1.0.9.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Xeno 1.0.9.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Xeno 1.0.9.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Xeno 1.0.9.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Processes:
AcroRd32.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771525808469190" chrome.exe -
Modifies registry class 6 IoCs
Processes:
OpenWith.exeBackgroundTransferHost.exechrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings chrome.exe -
NTFS ADS 1 IoCs
Processes:
chrome.exedescription ioc Process File opened for modification C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release.zip:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exechrome.exepid Process 3656 chrome.exe 3656 chrome.exe 1008 chrome.exe 1008 chrome.exe 1008 chrome.exe 1008 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid Process 4804 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid Process 3656 chrome.exe 3656 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe Token: SeShutdownPrivilege 3656 chrome.exe Token: SeCreatePagefilePrivilege 3656 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exepid Process 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid Process 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe 3656 chrome.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
Processes:
OpenWith.exeAcroRd32.exepid Process 4804 OpenWith.exe 4804 OpenWith.exe 4804 OpenWith.exe 4804 OpenWith.exe 4804 OpenWith.exe 4804 OpenWith.exe 4804 OpenWith.exe 4108 AcroRd32.exe 4108 AcroRd32.exe 4108 AcroRd32.exe 4108 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 3656 wrote to memory of 4508 3656 chrome.exe 79 PID 3656 wrote to memory of 4508 3656 chrome.exe 79 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2344 3656 chrome.exe 81 PID 3656 wrote to memory of 2732 3656 chrome.exe 82 PID 3656 wrote to memory of 2732 3656 chrome.exe 82 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83 PID 3656 wrote to memory of 2620 3656 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getexpl.org/ssyl1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fbf1cc40,0x7ff9fbf1cc4c,0x7ff9fbf1cc582⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:22⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:32⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:82⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:32
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:82⤵PID:4100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4272,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:82⤵
- NTFS ADS
PID:2624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5148,i,7127744697074425391,14324178376624880690,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1844
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4884
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5080
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\README.txt1⤵PID:1612
-
C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"1⤵
- System Location Discovery: System Language Discovery
PID:3528 -
C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"2⤵
- System Location Discovery: System Language Discovery
PID:2368 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 14603⤵
- Program crash
PID:3528
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4804 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\locales\libGLESv2.dll"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4108 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:2276 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F5DC34AE92D5ED692783305F3B365D5 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:2420
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AF0E706CC32B3E3729143981A2AA29F9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AF0E706CC32B3E3729143981A2AA29F9 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:4984
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=864AB4FF1E80C84890820D57BFAA9E69 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:3404
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2C06EDE557B2AD54F3CFD3ABB8E664A --mojo-platform-channel-handle=2500 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:2452
-
-
-
-
C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4804 -
C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"2⤵PID:1700
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4320
-
C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"C:\Users\Admin\Downloads\[1.0.9]-Хеno-App-x64-Release\Release\Release\Xeno 1.0.9.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2684 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 14362⤵
- Program crash
PID:3060
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2684 -ip 26841⤵PID:1472
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2368 -ip 23681⤵PID:3968
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:2796
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
649B
MD54044e054995ebf96fc6d84aed07e22a1
SHA1fe671b66d087de6eea52a9866dc669a05e5626ab
SHA25675ce6f1d11e8315c50fbb565f5daf6f116d89caf510bdef7e3872d6927367523
SHA5121a75dc813fe006bb67502f5734682338492c2d3107ba803f3f99c8f70ce9463e04a5fe4e8ea63b735b3e0f2927a3bd878a9a2dfc8b94c42ca232ad9e1e77ecee
-
Filesize
1KB
MD5bf65d7539f1ecdb6a6d0821c4c67226b
SHA1fc61763ac9e1aebf44fac8c310550e34775ec1b9
SHA256e6225f1d52a4a4cb944ffd950817b55f6e8cd9b57b9629a8071158d0cb320705
SHA51210d47ca5b389162b2a1c6a46865237f11e4f34b4ea2a342394a1750139bcf97ee6f0f999e2597cadf9910b89e7e71369dd21dd405f7da8723e11ce6e67a927f1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5051525f29a6eabbf0f8ed55181462bc5
SHA1bb4a038c93f845940adbdc3abf2e6b03c3173854
SHA256b16bac4c0f8032c1a2fcf7142fb6dbc1b20a17080d7f353aaf411ab6a8ed9ad2
SHA5126bd68ed8ba97fc1ce8a6d14e44de7d9c7605577ca84578c526bf8eb4d58c9ebd7dd22328df9f58ae44497a8fca5b98dc283bc50646d816fc953d3afd17f6a64f
-
Filesize
9KB
MD5ab20dc48536fe82bf15bad4f597e9ad1
SHA1464a43f1dd4971db9d1ad5533bebd73824f8d22f
SHA2564bc9eb6fd0f68d93716ac4396fab920597570e2639daba8caf1a0c4d29a73347
SHA512682787f5a146bde85232273e8b81a0d8011ec3f9cc3d743505f538539c4caf4a97edd207c46b2c942fa578d84eb52b66cfb853abf1563cf4db580018365810a0
-
Filesize
9KB
MD5bfe9ef30a7bba8b673fd0cf863567a29
SHA1c9b159a5d77689b611b394eb2139c32be12ef716
SHA256e398180cb94e31ab3302b48a95d06c6f428b57e5fc44a5615a363da9962f963e
SHA5125cf391a9e568935e83e15e2661600ae9ffcc0c30fd8054a58ec3627474541988ab8300b762b538e2de0af646a7ec769a4c1540d881e9365b9fb423ff24688285
-
Filesize
9KB
MD561487cf4de65026eb250efe53729626d
SHA18de3c68f53b340e71098d40c9f641014fce7cc9c
SHA25600f50d5c18f2bdea593cf6c6fc11eff73b4880eac74349ef6f061ed46c49b33f
SHA51230da682f3817fcfcd39a4fa40cb4fdac26c70f02ed6d959625814a18e36dd3eb7d36265bcd42847c425d2d4152166964c852ec93597638861bc228b4837f030e
-
Filesize
9KB
MD54a04b8078f81a1a2e38ab04834390c7c
SHA11a4540d18eb0454ba437b495aa2c285246d13a59
SHA25651013f2c86156e89d7977277d0fa37be7f934e1a23d378d4f75a5e5d7263181a
SHA512727c09e868e6a05ac46181a40a3520d9c32cb9e6fd0c2a6810b33c728b4e67318abc758f46df12a2cb148a3a86803d6139bfa3432b15328b874e0ed01f6197c1
-
Filesize
9KB
MD568703df67b50e875f1268f587512a44e
SHA1dcb6327d8f8fa3597e54f090c7010bc97174cf54
SHA256151253309e8608c463620bc38cf13e3953c716b0c37b89711627fefb6cbd5fbe
SHA51263b67f6d5d0d3dc637e26c81369bc4ab9871d84fdd89f81129aa9986f4baf062e42915a4e0bcedacc97fdf06b08648eb4d6c7592d04fbc7a85ef0b876f9eb8d0
-
Filesize
9KB
MD571355a329db52860338e685d9790c924
SHA1712e0296c03131a327ca4d201d6621b8c394fdac
SHA2567119b5b98e6a4b2fe7483acca30a1881e9bfd8ff404a883be2560f954effc94e
SHA512ce89cc57d1e2aebbcb88f42f492146b9942d81f6086a913c7b064fd0e196f8468bdd9aa71f7e398bdea9d98b5ba43f5169f7601753036c6709f13d5a315d229c
-
Filesize
9KB
MD5e86a356060b54986e03091a80317a176
SHA19bfe6065036d2c0d1bd5a1ca229c5a9346a7f96a
SHA25614c2d9c1e48c339bb89f82ea87eb3ea92ef356263099061c58c3130fc4d8a3f2
SHA5126771c5a3a2d50a23c435f4ae81b35d15fc17ca958d93f0a8e42501df371fe6e4c0c5d857721ba593e2a5eaa4370486c7cb143f81dedca4bdf7596ffb888e5ae4
-
Filesize
9KB
MD5f1a664d0dceded88c761fd80cdbc421d
SHA1b3f37c525b9cce3639b1f91223d82278a4e5abbe
SHA256d2d3d236bfd3795fcdf158ab86456ef2c1947c1b664c384c02eb25897334d56a
SHA512296cb4276c6637b15510d594ff528ce2c24aef3e12e1ec95daa37eda7e6d38f78b5ba06ee21b21a07fc9c78c0ff5e78007c7bb6416551527d033d37646aaef20
-
Filesize
9KB
MD570ca0b1f92e1838f9b5b51b81c0bd61e
SHA1286d5cf5612f22e0d423837e0f6196ffa7227f3d
SHA2563028ac293601ea044e14925635bed02dbc5271b747db45e91a506a67208d5fac
SHA512dddc132ad638e45d21228131df9cff1f11e9761c89c23425ab3b82bf6319b4e63f5e00cdec5369019b490eb995854522614c9dae16a7e30d6d04477a2864590e
-
Filesize
9KB
MD5f281322a6f68939017bd920ff362a6b0
SHA16d3e4aed2507d1891a8447d92d8a0df47ce06919
SHA2567f04fd2e31fced44dac7e193c65e16be02f8cc376398c7fbb353488ed3ed1d1f
SHA512c3f9c1cd87428a5615397f4351b443712caf755ddb17fa1fbfeec83c5301d0e6f8cb52b79af05183f999e2fa0def905670dca45527097628db976474116231bf
-
Filesize
9KB
MD5ef89edc9899909b3fc271356475a8ba3
SHA1caf676b4d9a261126263bdd29bb43fb127c44db0
SHA256a5b501acc6b4140b4bf40f210430d6003425bca443466d07f03e4a3577f6c847
SHA512ab89b70d4dedd6295ddf939060eb7300c00ead79349e510536be7ea0bc087b02513521c927a19647cf159623862f068d8fe1ad8adf76b0bc69963370e8513d15
-
Filesize
9KB
MD56ac7bfaf5c395542215b787af7e095c5
SHA1a3d17d4f5c0a83b0dc8f5454eefa754660e7b0ce
SHA2564b07204fee77e5ceed44ab89a7991c7fa5561fb3cf9510d39300461a62991ad1
SHA512002014589cd23d875d0a241346aa995f873fedb65f3fe6abfd2125daa03d222aefda22ec63628ae77edec7dc5649f9c7cfee93a706123f5ad71f988245271cd5
-
Filesize
9KB
MD5e8b33d592b7302210f00caa158d77721
SHA1419e444544a363661ccd3755b7a3ca0038e1b7e6
SHA256a5981be805b4f624cdd71169c7f2dda5f5b90c21c4e89e8020cda32b04bc542d
SHA51235306dbef6139bb527ba48b9493c0c5c6cabf6f9b6297b4ae4955f937e2def8a6a21b519bc22e9060ecf384d3c58024eef2038b5494b0ea792dba045c05ab0ee
-
Filesize
9KB
MD5d1fd5a7fed7f031c23ce3f92a7a602f8
SHA1fbdc9d3969aec90435f27908c6426425fe65d1d4
SHA25624c1ce4da923a8a4dd6210fa34a47bdecb6c43a564f92d4eafd715784615302a
SHA512fa703b97b75b527733b2830928bb8762ac2a24df2b20a85f1b45092b75eef5f22db8dbb89cba92b0d3d784072367aa6863b5bdd001eeb3b7288ca624c742dc1d
-
Filesize
9KB
MD5a0a14d39369896499f769de9fc577b44
SHA1eac353ac26534aa86e075757e846b51d62109d1a
SHA2567cfc52dc03abaa0f03c2cef40d8bf1d0e6d7cee8bb9707c7d6d5447b5f8da503
SHA5127e7442f0473802828e5e80b0153d07d0d49ead095d1ca0d5963d22cfd17cfd72b7eef219af8f77ef2726513c469ca37c02181024d0336cc53e619de5459fff6f
-
Filesize
9KB
MD51365524dfeee5f6c874b9fb65aeb0abe
SHA1fb47ba626c96aaf1891853e8e3f006ce308b15cc
SHA256e50cd04070631a4016e459c14e22b42e688f9785ee8f306f3124e99cf997e6aa
SHA512105fa577fa68dfbd169890c0b5d8e766f3ce402d1a9adda5a3610d7916d9373e4610ad38dd78b1b4fbaf10ff737443df65690f05398a35f73609d3b078a8da47
-
Filesize
9KB
MD5932397c82643145f0ded40a6d69f1d09
SHA1a840c092adb0d015b1abef793528a6bfb1f954b3
SHA25610fff57ea65dfd4ec10158cb494eecce24d873a629219662b785cac108c63ff2
SHA512b9da3ef33228e92f5da0b8700622ac15e8db3d05c382fd67ba03c1326d9234807fe2cd25e055673ec917383b19fa8cf3ebe104a37308975c6b5cd18ed743d433
-
Filesize
9KB
MD530d0cc84fb51b2ca2979f7641423d644
SHA18b5802f920f769dcd44daa5e1b96c0100961c614
SHA25670504c288a49beecb176eaf410ea5d9cb186156a913da129651111ce8afc6fdf
SHA512fa196199a0248f78188e1e25a5e772f9cb4e204ea51d8784e88266ea953f0d89b5c61fae25337b433af4c6457c808e104e47d694ea3f92d20af0f6dd27508b80
-
Filesize
9KB
MD5d05ca8c2cf708d61fd4a99f0b2b9ad4e
SHA1170f419586a77ab594cf2ea5a2efe0b54224b8c9
SHA2562ed616bb62f08d8124acf9258238e49d1fd838ecd7629de2b00167d7bf44369c
SHA512f1483b6a8a0ec127464e1d7d2f570fe72820834db57fac29ddef4107e996550bb2242e5ade794b1266244e8af1a83082c495f7aed10728f968862fac0bbf03ff
-
Filesize
9KB
MD520a9caf1c66235cc93f492e420cf3ea0
SHA1203f39f2d6997e0ee1628caf96360137031d641b
SHA2567fd73712541bd965c65e9551c602f274bda6beb389b600ec76fecc851c02ae32
SHA51226d8c81bb9cfc31affdba3a1170c46f6810768d4811dd665d64749ec3d8e13e080efdfa32d93581521a8124a50c47eb3a801413279ad4dcaf09d90ac1d8ce32e
-
Filesize
228KB
MD5ad567f5152272fc0de980bb97c5f5f5f
SHA18f10dea26a5d50da7477cf02e463a7fd10b479a1
SHA256fb8563a75dd9927c9f55876600ece9a2961123df88bbea7f13816f725e098c22
SHA512cca5f9c6fa4ea90bcd8f697d7b5285241ff2220bb190c799c17815bc22b6d7b71be1a7e1e1754b445099a0f260ab27b460f46be701b08d0af279bb97887df004
-
Filesize
228KB
MD55da6c4d784cf3d9433a4a3cb492bd4dd
SHA1d6d8acb652339402e0552b5b0a34081531b80383
SHA256c32bf85b8e5772156bfb009a5f3036568dac0844ec1ef9e00bdc84e6fa429672
SHA5126a44443372602ea998525a6a8cdab2402872a7f9ac22a39e64e60e8b104d3971d6fd79d16f359dc8890a238caf01c74fc3b04230779ea318c85c8bd9ab2b9821
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\69a78841-938d-4660-b13a-b1da72c3d751.down_data
Filesize555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e