lumma | hxxps://www[.]mediafire[.]com/folder/90qj06387ezr8/AxoPac

Analysis

max time kernel
260s
max time network
325s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28/11/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/90qj06387ezr8/AxoPac

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://hallowed-noisy.sbs

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 18 IoCs

pid	Process
784	AxoPac.exe
2304	AxoPac.exe
2104	AxoPac.exe
2388	AxoPac.exe
1700	AxoPac.exe
3980	AxoPac.exe
1128	AxoPac.exe
3968	AxoPac.exe
4908	AxoPac.exe
4600	AxoPac.exe
3964	AxoPac.exe
3100	AxoPac.exe
2480	AxoPac.exe
3080	AxoPac.exe
4112	AxoPac.exe
1080	AxoPac.exe
2536	AxoPac.exe
1880	AxoPac.exe

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 784 set thread context of 2104	784	AxoPac.exe	107
PID 2388 set thread context of 1700	2388	AxoPac.exe	113
PID 3980 set thread context of 3968	3980	AxoPac.exe	119
PID 4908 set thread context of 3964	4908	AxoPac.exe	125
PID 3100 set thread context of 2480	3100	AxoPac.exe	130
PID 3080 set thread context of 4112	3080	AxoPac.exe	135
PID 1080 set thread context of 1880	1080	AxoPac.exe	165

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 7 IoCs

pid	pid_target	Process	procid_target
748	784	WerFault.exe	102
4244	2388	WerFault.exe	111
1296	3980	WerFault.exe	116
1344	4908	WerFault.exe	122
1904	3100	WerFault.exe	128
3200	3080	WerFault.exe	133
2204	1080	WerFault.exe	162

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AxoPac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772256470884609"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\AxoPac.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
1520	msedge.exe
1520	msedge.exe
1636	msedge.exe
1636	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3296	OpenWith.exe
1408	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
3156	OpenWith.exe
4224	OpenWith.exe
3296	OpenWith.exe
3296	OpenWith.exe
3296	OpenWith.exe
3296	OpenWith.exe
3296	OpenWith.exe
1408	OpenWith.exe
1408	OpenWith.exe
1408	OpenWith.exe
1408	OpenWith.exe
1408	OpenWith.exe
1408	OpenWith.exe
1408	OpenWith.exe
1344	AcroRd32.exe
1344	AcroRd32.exe
1344	AcroRd32.exe
1344	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 4752	4284	chrome.exe	77
PID 4284 wrote to memory of 4752	4284	chrome.exe	77
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 1916	4284	chrome.exe	78
PID 4284 wrote to memory of 3376	4284	chrome.exe	79
PID 4284 wrote to memory of 3376	4284	chrome.exe	79
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80
PID 4284 wrote to memory of 2392	4284	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/90qj06387ezr8/AxoPac
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fc69cc40,0x7ff9fc69cc4c,0x7ff9fc69cc58
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5000,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4728,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5064,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5268,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5052,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5444,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3160,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5780,i,4333447772877236465,841518846372788395,262144 --variations-seed-version=20241007-050102.714000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2568

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:752

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4196

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\AxoPac\" -spe -an -ai#7zMap26511:70:7zEvent4833
1⤵
PID:3372

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:784
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 276
  2⤵
  - Program crash
  PID:748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 784 -ip 784
1⤵
PID:3392

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2388
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1700
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
  2⤵
  - Program crash
  PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 2388 -ip 2388
1⤵
PID:552

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3980
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 160
  2⤵
  - Program crash
  PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3980 -ip 3980
1⤵
PID:3012

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4908
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 248
  2⤵
  - Program crash
  PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4908 -ip 4908
1⤵
PID:1452

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3100
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2480
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 240
  2⤵
  - Program crash
  PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3100 -ip 3100
1⤵
PID:1896

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3080
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 244
  2⤵
  - Program crash
  PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3080 -ip 3080
1⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\readme.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc243cb8,0x7ff9fc243cc8,0x7ff9fc243cd8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17727144390981434741,8006609537295341883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1408
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\AxoPac\javaws.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1344
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1500
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CDFBBA63EB6357EF8E6446DC085D46C9 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3368
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B872A8FC8214C1E254FCAA0DE072D3D1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B872A8FC8214C1E254FCAA0DE072D3D1 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:3060
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3E1DAF823260F2A807716C6AD515AC36 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4412
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AB1D6AEF745BA9A58614D597BA7AEF57 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4112
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BA51D8C2CF170FBB79AC8CE9688D5562 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
"C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1080
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Users\Admin\Desktop\AxoPac\AxoPac.exe
  "C:\Users\Admin\Desktop\AxoPac\AxoPac.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 160
  2⤵
  - Program crash
  PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 1080 -ip 1080
1⤵
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\258aca4b-4730-4ce0-8530-ef86f219586d.tmp

Filesize
10KB

MD5
2a9aececee8fe9c8aefab8cf8dd782c0

SHA1
49e718a364641e53c6f738b79c7f1a0d1e5c68fb

SHA256
63a610f010acedde99816784d6bf41854164258212185ec75ba081337bd442b3

SHA512
5eb00a34ef2e7ded565b209691c7f6654b54da2bf4b84f3b1cd9afee3d162bfbf5391f1835001d419651f57f445d8e79ccad55e9ffd242a47145a449b92a70e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\517e2aa1-7926-413f-a11f-90cec16a0ef5.tmp

Filesize
10KB

MD5
2c329a7c1111471d7251fab71a283260

SHA1
a0b8943c49ff7e453e3eedf37474fe49e27ae79e

SHA256
87c238fa918078af6ec63f07b21ce96612c735f604d7d3e67e9241154d5fbbf0

SHA512
d5f30cc942ca371ab3123890df9e92fbdc067f30371f3e304e474c23584e5bcbc21d42ebf0d2d2cc9c3fa7f3590f1c5c08182fd2202e17f7af778ef1bd55c4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
81c8e885c3a59a79363f706e43bdd4af

SHA1
b1e9f65ed57a7513378671eba6b617bf70249b23

SHA256
490dbde85ba687b04182b922c9dce67c3112fcf9048e13f1c1e8b3f7ba44a490

SHA512
bb90733e01250951e4849db78c788b515ae861862e772805d4242525e1cc463a8f8c3e2b7429f8bbe664960949605ea818a1c1ff4605d27479c052cda97ba1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ac7ebade098705a4b9ad73028400ff47

SHA1
12272962ddd6dfdbe63b8c4173334392e0d6b728

SHA256
345bd823e480008088871a550deb8e2c4220ad93047b258edcb503ba2edadded

SHA512
136a1c6d8574f8db39d431e5a7dd96e1013b5fba8c9bf745100391107b5c1395e8ac25111566188dbaceb9dbf82336fae742faa3c477b9874e5fc6ea529831f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
77ddf284f1683c19352d6c2edc87fd6c

SHA1
5d04ec2a9c104df063e21ef094288b590608a108

SHA256
9c3dddbfb94cae627e77218a028de09e79aa130c2ae1f3dcc8b22d3fd3232a43

SHA512
23e00e787b1601cb7253e4b5ccca75c106f0c194659ac04287d39c74bd4407896ae84049d33c3fac1280a0860b84815125f46fdeea90f41f9d091021ca17f576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
4973c75f3d4de54cf739a99fbd659386

SHA1
5546031a16e59c2f6a3d1e77b62df5e70f616dad

SHA256
cf48e5e70a57e2d1184b8a35e8d7153d16252503614f07dbc35978eb9d2ace6e

SHA512
7949122a425df5b7622f98bea12308757d41b8675fffe781b0ca5adfe7b778aa23a3c2c04549f20339aeb1a6bc9b33632c79cabf5e7d6d15e6414c0318242d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
7e4e2bc9e8bb0c6e33a3773e74f3b426

SHA1
2d346c738a5f8e5d6f29f6507fe489cae5db57c5

SHA256
194aab05ac90c27cf6cfc066502b9a56c409a319097141888f6d290648ac2804

SHA512
4a8ae873c4ce032e8bddfe031259333025d51a439ded91846ccf1b625e30cca9db0e5f9744473b2665d93f78a460610323d46f6c1cc74552aae5f3de3df6fa1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e9bad8b62841a2c584fddebe5d331c4

SHA1
f9b0f999f54d99feac854d059643d01b304c8320

SHA256
3b5eeb3474def45b5485be9605edfa42cb8f1f58aacaf2a5af8f436f483fc15d

SHA512
f5c0433f7a3cf661ef0b678f2e5648ee4df8d4974034f34f4813c76fda4504997de0782b39c1a4175340671f81dfa985e0c5f7c804873420bcf255392b5ff607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6696dd8a6ed169be698634d3ee48fd4b

SHA1
09182e1265b885dbf1e8ea3b5fd677288c87b8d2

SHA256
fbb565b7265aa25803d3db944fedfc195eef9a9e3ffb43593d7479f7b0d55b34

SHA512
4536b5a8f0ea96c85d46785842d6c24b9d20153e9accc3211428b67653e99e2ab4cb8582bcac07eb6e49b753928a0b1822cdb9a74be36fec62cc366a7b997e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83a9c5000d705aeb9172184f146d22f6

SHA1
cf9074c37b76b739a892e8712e5f51ad43c95b93

SHA256
bd10ba11871a9e2e42f06a4973f57aa85373fbc4cc34fa0d80461196bdf1f942

SHA512
28c934e408a6793d263af317c0552d9b7bff43cba340d0317a084e7eeb7c46e5df88e451c5254b90376bc7a4b9760aa7355e5b73f5b9bb850d0ed1430e3ebdfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74c402473fffea1e4d4881d85409d564

SHA1
a508c6e7e45c9013fe3a442c05e540f1d08c70b0

SHA256
33d6eaebedc99990cd35d2bf8e8a47692b6cefffdb0c0eceb14afdfa1ecd55a1

SHA512
f57347672015b0fd16b8af2f00f75dc60475099ee259f841699d05c546f62db3bbd06363a0892df9c8e8878b8e3c22e2ba7d392c24c0d6c36dfa1190f75d07b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7ab9d363b21bcda2f2365ec6ed457e4

SHA1
b18c882e9709cdfb593258560509e384859e86d2

SHA256
b86239ed3c56a6785afcc180354a5800ed080032c4493773d206d96f9dd91ba1

SHA512
032111e06b6c4f2a1b5a2680b0c005c1b261bb6c13bc4bebb2c82d37a90faa971051a2f8c465a4e7c9bc406a6efa13a1955ff6da01b2b0e1a470c702a2f990d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3036083265df9a12fc9d97f3061fec4

SHA1
4e6ac4d255d50ca81e73341f3b860996eb7671ed

SHA256
eaaa29b23968c4f60706bcb50c2f11a6686121cdb989e61698b009b66aecabf2

SHA512
868e355d111f7205b45ab1a06d1c9669fbf1fa48910177a91f9b174080bd1eeb1340cfc1d85a5a0ad866c8fba12cd8ec0fb9c2ac8d3c28530662953a3f59c183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2e3b9561ce0db21c5b0e4f8971bfa177

SHA1
10870044e6dcfb2f2f0815c401bb8e0fe9a5afe6

SHA256
be51d254c89ea4d860b30e85d39a3945866408c8c22a7346fbfbd029a4d40463

SHA512
dd16bd4d46c1fedceb59d57a1769be6cbe58820724d4ec79f1d20dd925a67a954d82d5d06d46467180f0f93826eba8c2ad41efd06aa73db3c5ee28a00dc15611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
af1228f479eae3c32f6a8edb22f5f9fc

SHA1
4b66a19da4185d8e0b5d426351445f2721fcbbad

SHA256
bc37c4dfc312224d51c2b7cf73161a1d381c996ac44dde0b91765b308edea292

SHA512
f97f9badfb1d90dded8a575ac0475f0bf0f94e26a8278944ad6f7ebc5922fc58827f3ddc51d93696809d00266e1cdc10456ef6fab3e017129403e167abe226a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a23005a47b87efcdd320050c9c231be7

SHA1
6a357f1edb5f19707a6babd58af351193493a3a3

SHA256
df88dd8d8e00b7ac8b2e69fe97d1d1d9fec9566d98cf8c048443f6938a3c4b67

SHA512
4db02e0967044142d33080e6d0efa65bce6d007718986d50cd8d945c63184462b6302a84bc2892f63dff4b8b43b5f159deb4bf934cfba57b2ac0a8be0f6b5b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
0bf57ef202d91a861b2e290a779b2ee8

SHA1
bef57d51139118f0ce26b57833d6cde5c3d91632

SHA256
18fcc18e81c81ffa4a99cec74c268ca7fbc7b36fe5ffc2aedce6ed92879fa555

SHA512
a8fcd3f5cf3b6295eeb5335515eb42265722a6391fed3fa7fb6a2c68f8df929a87d93c85842bda17d58f0b70517ae91ca52a7f89740ea8a1401d1772ec8a0ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dde629431ab9bd1a0b956bc3f3e6b53e

SHA1
d9d2be833c653a6c6e65b510e42955a4d1f75a59

SHA256
8b3a9e270bf39ab81a084ad4f2604642e75cfbf603ec206beb6b878db9d74548

SHA512
1acddb21c1dd78cc1419559da3bbfefc681628bcde3be695a21987e8d110b074469a5ac67a854a144e1845e7aca54a2e7c707484fde53585725a2f91057fba38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
582B

MD5
f27aa4d9b73f0718b3f714d159181a9c

SHA1
7b312050cfa329c2f149b20c77756f94421fa9c9

SHA256
b6457353b2ac0687fb83fda6b339dd6e8adfc6329fa7be95596dd97a48874a44

SHA512
8d6c0cecd41bf88dbb7b1cc2e56a063e74696efb863d89389a96239bc8b885ec62d6cab73f3cb399b2399d6001db40ad7524a3cde926bdf805017e73feea2c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fdfa4404ce8388b84a7c95859ca3208f

SHA1
a7efee1ac0048cf0d51b2f49159853beac3f4ccc

SHA256
b6e623af4e5e4e598642d2e63906d66a4f0d2a955f86670b4e1a2cf093e49f1d

SHA512
7024ddebdcab0835ec2a1678b7a770506b2e4892bae5ebbb413b5d24c00aa5e54f4f983eb30aa3b2fa1b111b8af8113d4e2a8a5babe7a8b8bd1740b5d475af1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fef75e4d744f11b2ec5b835da7e23c7

SHA1
5a0717928f1edf7512b3a33caa83a06a8a2ef64f

SHA256
11bb643f2fcd92e2734daf9d65488dc3af7b45e74118e51903069e743bc545bb

SHA512
e2c1b229f37728d2aba134dc8f97b4876615effaa1e260b6d49a33253d5b2a237a00fa2fe91e64715928c986b8b27324a3c72a1a2e9c75ab5fa9c1823b3cfd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8f3bc51ef64d921b7211acc921bb4bb8

SHA1
2a38c1d4d4578437231c9b4b5c70b90dbe29e7be

SHA256
dbdd775d4c260a57cb53e95ed686aef8c835f277f3e727d48007821bf04f96ec

SHA512
1898b5292ad474b767378f387031b07aeeaa479bb479c87ea02a08af72d978ff4982e92f4ba5c09264cf40cedd5e7af70e7ce485a2741cde67db35ac80abd6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b3254f2e5a7ee06ab5387b169ad70ca2

SHA1
42418442f3d400a2e643dd74b763732c765eb08b

SHA256
6740ba7fb417a2f540b6985e647346da761d86431a9b7b8c78f65377263b90bc

SHA512
e20a7f4fdd6604fe9ae962248f2d162fa17b6fab4866179fe3f9e496e46806be96bca6d39927e412ae9f93c96b97da564ff306f2dc5e94d6cb7ab7329304ea95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
19e1de9bd2943799568c3fa194c10433

SHA1
f2555aebb763c3bc1539c26a41eb876057170d0e

SHA256
38d3050dec148679278394a897636f57163cc1db6710beb3de13e2e386aa1140

SHA512
5e795f861663d907d331e7f6ae4526dea19879e5a17628c28207944e4456147c06a8a0064aae83f9aa620e6a42aeab3b04b12c90ebf92bd245b85dc8d0199cad

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\Microsoft.AspNet.Razor.ru.1.0.20105.408\lib\net40\ru\system.web.razor.xml

Filesize
88KB

MD5
398dc059ac7b960a31bba803c6d4b7a3

SHA1
dfac62f6e4ac50a0029031244fc5a1469ffe90e8

SHA256
943feccacef5fe23b3daf662594e3b45fcb8bc1caf25ea1c474721921caa9488

SHA512
f3bb82690b39dad744be9c403f7efcf2c40c903f85be013fff4b1a2ac77e8d59e77bc1eb9989134f800fba3d9bcb987485a92b719386750c70dd7fa1acb533e0

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\Microsoft.AspNet.WebPages.ru.1.0.20105.408\lib\net40\system.web.webpages.razor.xml

Filesize
6KB

MD5
9c8531c1d5f692cd921c8a56d85bc85d

SHA1
801b699bec07e93fdd05469f15cf80be4178e409

SHA256
16953fbbff24c3d927e5640060948da47c15a32918ecb2fc4f922a82b3fcfa9c

SHA512
3e7fbce84ca7bc96d46ffc3b4fc7acf21d962d379589125a6515178693c379eb6b5833e428ec11f106e9b807147c698e898840a20a8189a01baf76ace9a1f719

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll

Filesize
44KB

MD5
969d6caf273394f064475292d549516e

SHA1
91f688c235388c8bcee03ff20d0c8a90dbdd4e3e

SHA256
fe18f4259c947c1fd6d74f1827370e72d7ad09aefb4b720af227333583e0169f

SHA512
b4f6a614e5fc52850e3d02ebf7e85abf1ebe3fb4ebd6b4f03ec9dc4989cce88e44714ca2198dd7e632f5ed0f15225a68b31052da33e5ac3ce48a1c91c3c04446

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\Visual Studio 2012\thirdpartynotices.rtf

Filesize
87KB

MD5
b0ac92e72b07a4b37d66f0264e3373c0

SHA1
769dec94ed0bfcb47e68026aa01e80a26943ff38

SHA256
5a0792c375031840221f1737ba389b0d6dac373b118a107e50fbe78fe5f4ba69

SHA512
716c37b16c577de53b7f6e3934e09ae329e138a8a1725d60e9d8907c43c4400918a31b12ae173644efc25ccc9bf7cb332a3042c17386a3724320ab977a7ded52

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\WebConfig\System.Web.WebPages.Deployment.dll

Filesize
25KB

MD5
f9efab153915541f6cbdd147f85f9842

SHA1
5d923740f2377298ad917eb9f5bfb45e0b1465fb

SHA256
130fe2b8282263c77d9bee89d636166848291432696c449d708c819b17bf053a

SHA512
74890a53f2b0b73816e5155fb2b48580fa1dbf3e35077e7915d96ae57516c5da2bbf968978ae134e12754039a5ada6f8dfbcdc121cab9b887a6d4d259b68f3ba

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\readme.htm

Filesize
109B

MD5
31ecdc0c4df4a3ac6b11c69a40f4933c

SHA1
009a38f655493847a4a7394b10072c95552c8e6f

SHA256
c1b654e033bee5331e6a77c5a58d77e9a5a0f5795cb104a1cde1d3f85b0cbb6e

SHA512
a7bdea58a072202edf4232fdb1de9e88b0064c6a9936a7b54159c9a98bbce2600fa34920060f5eac5dd1b7fd059160b8d962bc7930b8a585db80869d7e67ceda

Download Submit
C:\Users\Admin\Desktop\AxoPac\ASP.NET Web Pages\v1.0\ru\shakl\eula.rtf

Filesize
184KB

MD5
603a6395c1881c3e74b52335110ddf64

SHA1
950bc1a18abdf857d2e4d1bf336545a6fe853369

SHA256
e393a89d83a4b1b9110954c03c17ebfe8360e3fc68ce09af1e3ac7a69d16af2e

SHA512
52c6498f29cb4dd04adcda7d3691ada743678584805c1c0ee7375a0620459a4be06531117a3322362793a12b67e5bb3fee0806a03ef3fcbd0123b171a6c424d3

Download Submit
C:\Users\Admin\Desktop\AxoPac\AxoPac.exe

Filesize
808KB

MD5
7d53fee4995e8e0f6b0885b4b6c05527

SHA1
433837d1a35ba8b256cbd4708e09b48011279b68

SHA256
d434622afd49b2500ad7febf4e03bfbf5113b62d4b7b69fe9ad5416c0b6c05da

SHA512
583e3db868cf055d619329d37050a17d7f6db2eb679851b4ada1f1504c1d0c4e158397917253435180ebad4274dc3aa159a847da8ed17c4be0979805b6eb2702

Download Submit
C:\Users\Admin\Desktop\AxoPac\javaws.dll

Filesize
934KB

MD5
0ecc963e01f7d51aea3d6c402d72c3f3

SHA1
57a3b4965d8bade0e2325905ef7adb9b29e02ea6

SHA256
bb6404ed83bd863b74899a40817f72c860c3ac76c8ba315e159e652b38abb521

SHA512
4abd39159f8ba162cb46cdcccbe09963f8b618cb4e8ad6518615d66725316384cefd939887099e6011454b3d15bdee0f9ac2b50b11a91e63bfa3bde2cdd76c7e

Download Submit
C:\Users\Admin\Downloads\AxoPac.rar

Filesize
20.8MB

MD5
1151c08ecebf08af974d19b63ecee701

SHA1
406d57759d9d5b8eb087b7a630179e1a7fb41bc4

SHA256
dfe86f12cb28d72b88db91b80516ec6f5870e598d7fc3a3534bf543d112dd110

SHA512
0515b9eea4714ceac230f696fce43c94cfa3dfcf6d8f00020168b73994a8bb94b364dfb433dbe88defc8d42d93d1ff45ae02151c30a68535298a9edd37342a92

Download Submit
memory/2104-1451-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/2104-1449-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download