lumma | 80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe

Resubmissions

29/01/2025, 08:13

250129-j4gqwsznaq 3

29/01/2025, 08:08

250129-j11plazmem 3

29/01/2025, 08:01

250129-jwwvvavpfy 3

29/01/2025, 07:41

250129-jjhgpavla1 10

Analysis

max time kernel
899s
max time network
625s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29/01/2025, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.0-x64.zip
Size

4.5MB
MD5

93357db14af91a53bcab556e80103c1c
SHA1

7643f56e7ceace571c7000b937275f747af659af
SHA256

80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe
SHA512

5a46cb9f2a3ce090eb44e57609dd12bff268d5df09666ec1fb71f7e9f9d170a58994c4a5a1eef3e23fd91e08f3b47b6d90954cb9477017a71f81c1e1e950f1e4
SSDEEP

98304:9ooNYRM5U7aEg/d2OWTjSQxc7p9KK2P9nHGyZEW3T7fI:9ooNYe5ebg/dVUjqOK21mGEYT7fI

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 11 IoCs

pid	Process
1020	Loader.exe
3800	Loader.exe
656	Loader.exe
2288	Loader.exe
2356	Loader.exe
4620	Loader.exe
880	Loader.exe
1964	Loader.exe
2848	Loader.exe
1348	Loader.exe
3128	Loader.exe

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	NOTEPAD.EXE
File opened (read-only)	\??\F:	OpenWith.exe
File opened (read-only)	\??\F:	NOTEPAD.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
107	camo.githubusercontent.com
117	camo.githubusercontent.com

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 1020 set thread context of 3800	1020	Loader.exe	122
PID 656 set thread context of 880	656	Loader.exe	130
PID 1964 set thread context of 2848	1964	Loader.exe	137
PID 1348 set thread context of 3128	1348	Loader.exe	146

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3884	1020	WerFault.exe	121
2796	656	WerFault.exe	126
1732	1964	WerFault.exe	136
1120	1348	WerFault.exe	145

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000dff7678b2372db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b892a38b2372db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000084dc0e8c2372db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000097f6a58b2372db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000060782b8c2372db01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006ba4d58b2372db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation"	SearchProtocolHost.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3933156042-2316999077-2687276773-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1160	taskmgr.exe
4692	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe
4692	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3852	1052	chrome.exe	97
PID 1052 wrote to memory of 3852	1052	chrome.exe	97
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 3296	1052	chrome.exe	98
PID 1052 wrote to memory of 4996	1052	chrome.exe	99
PID 1052 wrote to memory of 4996	1052	chrome.exe	99
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100
PID 1052 wrote to memory of 1188	1052	chrome.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.0-x64.zip
1⤵
PID:3484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffeb94dcc40,0x7ffeb94dcc4c,0x7ffeb94dcc58
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4368,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4656,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4036,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4948,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,5800179819801304964,14717357263485462544,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1968

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:656

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:1160

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap20473:74:7zEvent32758
1⤵
PID:4848

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Update\" -ad -an -ai#7zMap24686:74:7zEvent2594
1⤵
PID:4988

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"F:\Update\" -an -ai#7zMap19208:50:7zEvent26029
1⤵
PID:2468

F:\Update\Loader.exe
"F:\Update\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1020
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 828
  2⤵
  - Program crash
  PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1020 -ip 1020
1⤵
PID:4260

F:\Update\Loader.exe
"F:\Update\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:656
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2288
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2356
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:4620
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 816
  2⤵
  - Program crash
  PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 232 -p 656 -ip 656
1⤵
PID:1676

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4692
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" F:\Update\wwanvc.dll
  2⤵
  - Enumerates connected drives
  PID:3096

F:\Update\Loader.exe
"F:\Update\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1964
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 808
  2⤵
  - Program crash
  PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1964 -ip 1964
1⤵
PID:2944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\UpdateBlock.cmd" "
1⤵
PID:760

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" F:\Update\bin data\path.txt
1⤵
- Enumerates connected drives
PID:4552

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"F:\Update\" -an -ai#7zMap31546:50:7zEvent29418
1⤵
PID:2548

F:\Update\Loader.exe
"F:\Update\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1348
- F:\Update\Loader.exe
  "F:\Update\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 808
  2⤵
  - Program crash
  PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 1348 -ip 1348
1⤵
PID:3016

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:2556
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:692
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 820 824 832 8192 828 804
  2⤵
  - Modifies data under HKEY_USERS
  PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
71KB

MD5
6763486571c00fd766be6ff500d133d3

SHA1
aa8fa96b41f111414a9f9557039733bee55c51fe

SHA256
623a7de1acc92eb9fc59cded11d4b4d8f7fd8c32df2c1d348ba5d07f69fb352c

SHA512
d51c7b0536bacf7198c3a694f8651cb41d21c859f436ea3c158ecfd69b1172344ee9e5754cc304c091e567142d00a9f11b9023a500fa2f55ed8c3c4cc156ae37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
411KB

MD5
b27cfb561f631aa22386400ea53b3bd5

SHA1
4d1a11b58d86462c2c57be2ea9c0de7fcf398ce6

SHA256
29be8aa6ed984f9a46b5fa8f3947b272922eacf4eac5d227aa9043b6739cbe7a

SHA512
b4372acde3f975723cb0bbb137c31f34a29be37fcd3ad44d116e37f2490fff4b504029897de1ed1c691676e87e4d8bb379b79c5b1ac6cf06263a1e2d42676f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
109KB

MD5
f20601ab40bbce59759a372269ff5828

SHA1
202a1d9671ce3f0c969d3c08ef6c2cdd5eb1eb41

SHA256
6c63b54df188d911856ba25a950972217a1821837920c5c0b19338fd2612955a

SHA512
ed5aa9f5e21e137e53b571b009d68097fecc2fb5801f338b74c1dbb1a8989715266ea07dd52b56012f89c50497d41f7fcb54aa9ac2651e02352c5af5fef51e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5bc329c73f6d0752d50280ee52b75628

SHA1
ad31537253f74a6303745c0aa9fc2a12a0d865b4

SHA256
17fa0ce5a9384826a34d961b79152c22478bb7865ede08a7ccc8cd59a339df19

SHA512
4844ffbdc69492979524729b1654ec5c62daee585e70a8a52be36dffb33259ec90244b3f602ac21b5d91bbde74a2beaaef9d2ad7d2a061665bfc1ee95d21347b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4ff7cbaab2627d413c85b0cc2c7618c1

SHA1
049af7d3467dd95db6c8b4015eb3248226a9d78b

SHA256
361b3f8b96761d435c66d8ffae675e350ec82530a06554c42db8227c0a5dc37f

SHA512
181d4c8516b2f62dbaf6c9c1e933462e9fe5b12b03e896a11783d85ff7f70c980ad95b92de613473ab158ff6e9c82553017b04fc6d7822bb4bf19a4979bd6163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bbc704cd3141cc946d933d7012e1017e

SHA1
6382fa4df265b69f8e9669a6fd6404ae23e7865a

SHA256
adeff20dfcb05d831ca28b0171e221ba5fb98dc6da64152657550a1ec0ecfb61

SHA512
7e5d2ebb296b937f9a51430899e186ad7577e660cb4f9589c7a7c57080277baefb61133a978d80cf957713fed07a271b637df199c1bb9bb9bfcf1936bbb018d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d5d5e0b85fefda328ead695aec3ef024

SHA1
f9e7f463a776e69251c34fc538f40a1bfbbfc618

SHA256
d3c1a8ccc7dcc3ea0a64676d1a16b4f8714a09da5f665729bdc1e7e1839b2c2b

SHA512
6b4448a4ec6f77e231bcbb5211d189fbc25dc5fb7831319468b87730bcc21cab51ede327092c2db41b6e155b3727eb858e015ec648d84323aa0c8726b7b9c580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
689e4175a34ded07571f5c33ef571f09

SHA1
95d1a6371aca129a639880c9ff54b07be536736d

SHA256
19303a8a0fe0da1622592f4e900d04a15a6df3f7c6ae9038c47a70ebefcbf262

SHA512
d84ea4a920043088d8a193c04a9bdfc10756d713170ab07ebb4226cf2c0d45c71c8e8f76fa512526fa571f9ac58ed554bba2a08f01ebe6ec9aa95ffe0cd18951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
42ff75ff44e0ad7938ccec4c8086a369

SHA1
8015377b7d8508d8814e263893b1a5f50201e299

SHA256
42f335b98d51f33e612c498129bcb71c5f7c0a12a1b9b7cb1db665a1013bdcbb

SHA512
fbeb279a19135c19c072efce7627e5f5b5d919f7ad0d5050cdad2cfb022021e09792a5e8bd057cca572e4574b0d37e4c51ee0422102b5b4971b2bf5708e1d86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3d9e3961f4021e169d7a84642f031769

SHA1
4af54e5b361b19860f99a14f6088708069f9f212

SHA256
b7c8d00154211c887f4d8992fb4c4cba250aaff0bf9f6daa5e4e173a6274ec29

SHA512
7768a67c75f1054cfb4ca439879c9a2ad6b8318f54b0eb2b7cc73742faa64eaccbec1fdfc848665a0ce888ef89cfe9a06ad5e8a882451f858a177219e520cc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2ea77bf521cae9048461b85fce19478e

SHA1
30dad8e0814e49e018123ca93554c83a47c6dc2a

SHA256
0399cf04fc106dffc30ef7c31d49a55cc56581a465826644af1bf7d8cbca3d9e

SHA512
519f195b0337d23ebab826738ba5dfd1c1e77c442db76a29c7f923bd87a1e7d8aba638cf8e3af0c9a6983cb901d3651cefcc7eb99e0ed5cdd6aa837b31108d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
402370250f17f49aa8d9892559272e94

SHA1
ca8c3a23416b176de334aceec8f03e5efcdd2170

SHA256
1aa42df4bc3887e5b0b4df3b7e1e9bd6ab14216bd6e7d01b4bcf7facb1b77d7b

SHA512
0f84d88c712e1e7d1a8e375b947847c519043b9ad91bd0b5bec3e2ad70aa7e5de54e190cd5847580be92c3eb4e06d3d5d8b1a3f12cbcb2ece6163b1c9d907488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b134352e8df4c2bfda27463653db3c5e

SHA1
9c31eee3d7e124a613cfc2fb51780bec0391d87a

SHA256
c6aabdb485e732110e7c2270b183cd74b1bf3913bdea4ef221c4a0a83c0c9438

SHA512
eebf00b53ab1ab4b694a61dd1be60821a10c697c6593bb6779a49a2f6420a3b008ca89043626816cbfd277f33d4866a90550dc50af5479ac2856456f6803e193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9394b9a2f769a38f31f42646d0f3392e

SHA1
f5b79f961bb66724961dbc714305cd03e1c096ee

SHA256
9384e11c0a469af9104226e65e453a902ad6167cb3527dd007a2f297567918d5

SHA512
9d70ee1ae03273312e6eb44cbdd0f6bb8faa233960eafb4e042751bb0e74565e96e7ba7524b4df746ba4b05962e189384134aa86eb243155a8550afc4662f5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2fcad2d3f38bb0b9284386d4cf92dd2c

SHA1
c87ca70c718e7f7feecf31fe635a02c93fbea241

SHA256
014d487acab8b39d3a279b1dbd54b33bbc09d4f33d496ac0954cef27b1a7c77c

SHA512
ff6a850da5a6b121240155d9b75a52e57eb33f7b1726ab26ad21d39cb29804066cde4450fb8cf6b4f69ad9c25a1fb0ec70caaef73f185bd728b8b301354aa9f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf413d43232ffa51f63e3c5bb50856f0

SHA1
66daedcc9576187a8ccc500bc6fba805ae331178

SHA256
f181ac4d3e3942c032a18abae1cfbda576cdb4a4496c27ed30b3296a689d88be

SHA512
4063c7fbdba3d18728f1fd1bca6929a5209c8f6292a5994cd0c2ded4c835d2029b41576e3d2606fc3b488715ced9d1fd4379dca1ff7c9a660c0951e250a8985e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a6a50f5d68f4600f59d5187662627e2

SHA1
56d7fae4f30b103b2e0591308212325995beda55

SHA256
f482c0c9ddd019901d08e2a640b9624d3c9166afe11c20bc00dac58849492b21

SHA512
5b0a7b28194ec0d3987e90fd8c8aa7550b26abbc70b7a92d6ee657e6702066ac9cfd2d41e5b44752ea813b0d03366500079de3564bb597d21970a5976f312e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e31d1b1e31bf333188f2664ef7a188d0

SHA1
36463eec6cf7a665676efc9046073f6d542eba81

SHA256
ff4ab433064ac56964e71cc68ac03441e412194e1db950b9546281277bed1a2c

SHA512
adf229dbd2affaa9dfb229e60c589b0e0092cab46039e86fab818f027dec2ba6805b12420eac745d896f65f98707ca22192eeb7ad045259798cd9c1d3675ab6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c84547d86064826b9eb2ed30a09a7084

SHA1
9f56ba419b813ce34c559f800eabccb7516822d9

SHA256
7155c8adcf2bd5b9f378a82f25a618555b25d1fee2c1fdebda53bf3782210220

SHA512
5131c2f28d9849e898f4ea6f5e89c87b92e1770c03a40c217c545dc5b872b007d7e5efce93cf4dc1e2947e84ddb6dcae72748e2a0d3a5745a6686796974cbef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
361c7fd9bed73d3d14e5f93630be7c77

SHA1
c19590c778ef9131d1a0bac228d133a626f0fc0b

SHA256
067b8c57023b648663de9d9af49c3cd610d90ca4f02d34daeacfeb7c9a848b84

SHA512
d00610cf5a4c7edb83b788111b2ce7938edc7ed62e83e3e6f174cc18871cc2a38274e3f1bd76fd9e25c9a49610a3d577706647260e8dfe82eaf29e8858f07e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f9ed8a3eec08e668e385739cb78109d

SHA1
f6f1d5c88f1c52a044fcc97a2f1833d59909f633

SHA256
44dd0e9315a3fbfdaca79350ab638f33b59e2990bc12104b31276de420cc3c36

SHA512
5f9b3db3f92095c9ec519f4f2f58925d466db2fb7353da718a854e49ee54618f9ff082e0211d2785c61b7029b9f8eb2b50e6daf63734604fed9e8cdf32b41732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5af0499449e58373882b5ad7878a5b0

SHA1
9344b4018d8ec8057c9e35359c1c3103cc54d328

SHA256
737129fd26746e0d4c01ad9ecaee52f4e62d737325c8c25d7eed92cfaec7bac5

SHA512
af9cc5ad85e786025168e0ab7b63c1fdd8681299fd1811f08ad0842c431fde6e2bc783aab6a4bb80ca7c42ba02eccb73c7d8a49028f86a7dd572a1d659bf66ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b45c3c0b1fb0eee11042e23553a4fdc3

SHA1
44f2afa74ea1a7ae726f2fa1ebe6bb95216d7165

SHA256
19c847971f7386d4125407f6a67ee68f82fa4fbd2cbcb46637971d570962d1c2

SHA512
9935ddaeb1306a28a7e5b72b2f75323cb4197f24e43281f86985908fe7f08e93abb937df88d86e626aa8a88a4127ce0b40d0a9ab2e81eea51c54b35ea6ad8473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
330a8dd1ce73dc030733a16505a37d4f

SHA1
a46a75ea62d9637aa5e7258c225b4c622ba9bd04

SHA256
c4a93d27691c7f8f07230033172db0d265e5bfa1662f75066b72932776447319

SHA512
658aaa293b50b59dfd571cce57148d664c89c94c60ade7c16889e7d9d7e132d46c3148f698b41c9146565011035df9b1ff9d2756f506e9f19650085f2c2820cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5fa66b85ccf2f2e4b64907ca5fff56c4

SHA1
868eaf334660051d788eec2b6658b19327827fd1

SHA256
016d605d6a2398c04e9d15b17627c55382119843ae755f48face069137eb7296

SHA512
fca857a3527fab69b0605f90f58f8b7e74a81adc6631233e3f357fade1b88eb92b88d33098c3ae779c2880f06e44b32ed56a4bfe3f23b495475aa60905b6ad5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dba3cd655bfa06a38c27da4e1de52146

SHA1
ea507401aeb1da827d8b36a9bd5af385ec91c059

SHA256
118b501a483fc440a3e9285b948f816688fb2258861629a79c2d34c53a9893d7

SHA512
36ba770b42966249206f34a28edb44c84d9b8c1b507ed65929eeacf0ffd3ed210b07cdea5fad6f95bea900dbd3eb8a0f20391844fa0f145a4c7d2349ad7bc299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
beaf7cd5fe114001e7e16bcca21aa8ce

SHA1
ec9e36b88a8cc31f90f0115fceb1dceba64ab0d1

SHA256
c7e7ab14876012f886661e7fc8ea5d480b607685a79ad63a2c13cf4689ee7472

SHA512
6fb7ef41027f102c433c58347a13e973f86a16252f97a3081a62e0f143100395c6fa07e0d664e6d60d3bea8222de4761a2f58b16ef8eda978b16854538bca17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df856c2919dbd1f272a1e0809834bdbf

SHA1
d3b98ad238fdf4c2b1f1a57672bf09c7f8a9e98d

SHA256
7fea67a8549345ed8f7859f6c2090061b3354f59aeddf0d76ee9f47bd2dec84a

SHA512
d335cfeac05f27a44131b4c84bec69e8df25eb55deb793c2a5002b1891baf938cf30680c2ed6821b12de7a03b8d9da058d41c82b21b7bf001e9c9d12c3c8cb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ab620a294617cd3f7beb5f3297db29c

SHA1
3c70fdbfa0a30b0b45ed58971df9cf074897736d

SHA256
bf50c1a8d38b69b7dbf4dc2003080a7425b2368478dbf963a6b8ed7a35d88158

SHA512
5f5841f86bd55b2d0f1c49bc2c2517bd069b63c4e8a1582a03e2a770982334e5b4d68da18e076c7ffa2ab57463d243b25c7ebfd400359beb7dd514546cab8c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a387a46b8cdb587756b315c7386ab7aa

SHA1
ac8dda86d1714d1c86231a3d3e88ff8217adad1c

SHA256
c139040938405eeb7d2477e36018d4ceed5a2a3a8a7ad9a822902928decf5774

SHA512
67f708783d92e17a84ae296900971ebc9724dbb65866aeec4195447137aee66a4a17737645136e9efe5e3fde240967e05bd7d9c1da4b919345e41554fb45b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ede941857c3097681254b019478b8d6b

SHA1
6516e475f6a303d44f52f45bbd887e0a9cf9104d

SHA256
005f4b7f866a583665eba60443d7e3b372f5ca33c295c4a5a507bf0fa4d7b87c

SHA512
3c4ee1b161cd8f162dc1efd93b7f067a1465c7111b3bca79a32aeeeb6150157d346dab0e256c9c27d3d2643d5fbde52e793a3d733d52a9493b3a5eae80edf383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05c9cf33c3bca85187ed9431da143f66

SHA1
a5cfdcd81457400401ec409bd2328af4f0e3870c

SHA256
a02369927492701563b9a4a1e96a7cd13228db2b519a46dd5c80834cbdaf0660

SHA512
d8d499066de1ca62fbe84753a400b7dc272d1e007a1fb218f11d9e62174f637fdfdedce385dfbf63890ec87ad5f84d7affa142c893271ace9d4c77868e656d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
994d92139efbd0d9a4b30a8b2e3409f3

SHA1
d70940e66b92fe5bb3458a7a096a3a00e6f6a760

SHA256
54cce1c9053266cc92fe12b07dbf027744a570b5381208dc720aee0b08bfb236

SHA512
6e22dac3dc38b6c598354296cd8d136a51ffa794795318e0b4a458d316288db167d24d7c4767209a9444fc7ca2124bd5bb7d8644749e06a32f9d7c12d93b90c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
88f5806bbb24d665e9e2c194beb6f314

SHA1
652fe17cb20e87db3e9ee514df0e534184613c14

SHA256
67450ae7d8a607d8c9bd64321da6626088e1cdcf87aa5b2634041b8c746edf42

SHA512
3b7f706169d383540c1583ec8719fd99b38f5d4894a6c29afebc4df39595537efc225dbf588d97a3aca6537aa93f1e0351231d0c9c49fbbe2bed8532eae17173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
be5d9cad3249b2a0e9efae9be7b120fb

SHA1
da9d5cc97c98f4ca79b6e4f5731904c00512d71e

SHA256
cafbbae8021f6eff4ccf320c3870edae1c2dd4e0733699cb0acb9b9f99ce6abb

SHA512
42978c71f911ced76f28b0e98af087880f85a155a74637f29482d216d4d20ee3355ea7c043ce334061e7e29b2b32fc733690765cbbd8eaed2e0f056eea735720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9115aeffed1263a64de694ea24603da

SHA1
b4e04c3adc1abf5a09d747159bdece04cdec7d34

SHA256
3e3a9d2128985033e62591ea28f8dd3265fb81648ef4734e5a7d778372e0bbad

SHA512
fc1778b3f721dd7f7811211c253f9afd5dc3baf2437ff62fd7e50373950b480db54be257294902190bf2ff317999c6ddfe4bc86e4dd1b5f1ae1febe39f2b3885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c5d1a1cf12f818c38e275a98004bdaf

SHA1
7bd5568710c9c5d23eb3f03928f9516bf431d9cd

SHA256
a77cb060d26b02bcba76ed8a2624b216ae7f739c1575cd5b55c93c6e0f7c9312

SHA512
4288f641eef7231bb5e58ffe220b6778a20263ffe2aff7104562bbeffdd059d10ace545f37f9d3ea984b522fa4636016c1a6055ed3a154ef64e213ce4b5ffba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6aef17d6c38089f08d2a0418efda2dca

SHA1
b8de78f5016e7a38f96ff8ebdc71c16e1d6b1de3

SHA256
b93e1431ac325c769cb4caa5416833c9e998847a533693aab769a6c5de839ea5

SHA512
01f6f757e0e9bcd9af5dd259712bb1d03fb5da0d79475c8e1c0ecf9d2f47958238db2ca2242b3993e513f4a2e9baf82ac81994211989f08f6a9ec78dc0e2d517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75c8c6c5e0f87b682d278061c9e9f9a3

SHA1
fd6e87f99e4508937aaa2313bac020e5ccb4cc6f

SHA256
5322c26bfa3f0ed73abae5e85a7a074ca87dfc08e5a528d18e84cea2a8467fb6

SHA512
ad9dcc504a8e459dafcf95235dc29d97b5f86342653e9992c3701df8fc7ce8d8f0546c83341d80b8352eb7fe0ef160a2cf7704263f0cfb9b5ba437e5b745215f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27442436ad4c368cca18e5fb11f9c2a9

SHA1
ec5a8a0dd658ecc5fc434c0a3e6be13e47296b33

SHA256
e7cbd3f6266c42cdf93e7496d61d12feda3a0f171a240998e95a721225dc2985

SHA512
b88f5afc1cedc8ce3c3e70ba2fdc8e3457c3bef7529ac22b942c50eb5220d2dacab69dc1456bec2583348b66fbe531dd93b92e32ba4264ec552d6a86951cec31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
339773734b907372b06290ce095541a4

SHA1
cf49e3c98363dcc9bc8a4d1826adba2f787cee88

SHA256
e91e25edc3121bc7a2a53d89a1bc5f6c42b1eb83090bb5dc13edf66ab41472bc

SHA512
6d6940509b119c246bc6ec0fef44728d46999042f125fd03eae02ad1fc2e2da63f9b804cec3eb813f7e89019c2265fb742ae270bc3d9a68605babeaf9e8a6f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
e0d874c2b65c8d53b13da951f89d344e

SHA1
2282270c951ce88583ce8f94c02fa2c0c4eb80b2

SHA256
97badf827f7827b425738598322f099c07c8ac7145c127b5cea0a7243dc53a76

SHA512
c1eacba9422c6af0147502085560f8db199fb7e76d63821f40f4e392a403fa027c2529fd97050ded237b75f68c4bf4a68e60f9cb3691a0a41344bacb72f5f52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
3ff4666f92ba8b20dae70bb709f29427

SHA1
65aebc13d978b33ce54bed2c7b2894b8ebc0e9d4

SHA256
676a449085b7010e5a6324269834fd4999a66188737cfcc5145d5992d3569517

SHA512
873c56eb84aa8c571bddf6c022721a2e764f8259898b9fd38fce36a02d22a965ee6fd511c7b1fe9e3f5e467bb59311015eaf67749a1c341425162de39947fbf8

Download Submit
F:\Update\Loader.exe

Filesize
478KB

MD5
0599bfa9b57711a7dfb53ccadbdb5218

SHA1
b32d3f099a7208f0e2caa4e423bf819d7059826b

SHA256
5e249fbe07e9510069a99b132ec3ed7c4ff0f73a64d673a5ae07528cb621a6a2

SHA512
a2e6f6bda693cbb1e1879bf96025f785188a135e57210c98cabc5752c0d7e8f39802b73acef23cc646bc605779ed6ad44884b4e19239c394fffa8c1f21ee8944

Download Submit
F:\Update\bin data\version.txt

Filesize
4B

MD5
f316c11a8ed434c596323ec515ff4779

SHA1
69823e56dbf7cb19d94117035ea3b25f5481c2be

SHA256
00cf137bb82661b4e73df6ee0163b78f993cbdb3534788e9ecbef30850a53033

SHA512
59edd78cc2881749a0b71b69a5eed7900f0af7685506159570306660b2ca12b380a3cb4dee01ec0f1904bcd69184f45065a836ed1dfe4a980ce9e47d098c9b1b

Download Submit
F:\Update\lang_DCP\MEmu_ai.qm.qm

Filesize
30.4MB

MD5
1a42669fa935813ef84edd9d67c4c884

SHA1
270261187b431f29fdd0271e4103e80c752a21e8

SHA256
30b05e0b0710de3772e5d95dba6f30b49575f8f30951a30f5a7204540392ac11

SHA512
ff32b09cfebd684dd58320b827851678544c0cae9b14d0451d97d674d09d2249e0873bd55c91dfa487be58de6fd72f9210dbcedf4042920d9f1549b6a0e484aa

Download Submit
F:\Update\script\combined.html

Filesize
21KB

MD5
aa2ca4c253c6d910b5b82d45511278a6

SHA1
cd5e18320e28471deb4d5df82e3991946b7694a6

SHA256
497433c79b98e15bef1f21f53858396347341796daabba408df2d703d45602e9

SHA512
a4475d3df5d84b5b456a5f35323512fe26ad9e63398a4e6d8fd08295a53bd57498418a5a3d15bf5ebff8441b00506d3b3f73f383edc9b44311c9370c59322efe

Download Submit
F:\Update\script\fileaccess\index.js

Filesize
6KB

MD5
0e709bfb5675ff0531c925b909b58008

SHA1
25a8634dd21c082d74a7dead157568b6a8fc9825

SHA256
ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

SHA512
35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

Download Submit
F:\Update\script\fileaccess\node_modules\accepts\index.js

Filesize
5KB

MD5
4fe4d2c90a2fd19d6e97443a7d24f815

SHA1
282263f45f6bf80fbf43f4097d53b5b60ff1a05f

SHA256
be2decbd50610e8f995c1e312ee4dd6d7c1244cfdf03ee4c4a3da68e572dada1

SHA512
c795b7285cc92616a46fd1ad2d00ce65fb4b269e6b6fc35315891d119b7c25b7f4573540be0627d577123201d9cfe119c8a53f0e75a8b6ea870f8d89a130c213

Download Submit
F:\Update\script\fileaccess\node_modules\accepts\package.json

Filesize
1KB

MD5
32a15d6909fcae63e52d8664593d32d5

SHA1
131ba4d63747e6663a9c19409e43ac034bd532cf

SHA256
e5716d5d939db08c5c28ec6ae86ed67be5320f91089e2673fca1c5b876e57aa3

SHA512
6f0e9fe3d034640b8b2f902a5e336b39d818cec504a9c52767f5f08d71bb1903b182771625c110f768a8cc540b071a54afb7810270a09f4edfe5e35dba22fe37

Download Submit
F:\Update\script\fileaccess\node_modules\array-flatten\array-flatten.js

Filesize
1KB

MD5
4b17fa06c54846b686b8b799e9dd253a

SHA1
fc6cc30e8b8ec09eeba62bac076ed627aa3ee8d1

SHA256
766ca145b6d25e3d60f352a716e8fa1876bcdf362c0767c360cf24f335bc281e

SHA512
72df1668f464f6942c484155b667086bb6f83f77e826ffcd146ee045079db3334aba270bffb66cdd796d4c9308121ec2a67a404289f19914c45d9a6c15435e71

Download Submit
F:\Update\script\fileaccess\node_modules\array-flatten\package.json

Filesize
879B

MD5
cb1aa7f817100a03395dd0163bf6ebe9

SHA1
fc51b89d0fb7cc640a0495baa4005364e83718c3

SHA256
5c5e0e10cfa23f163d1fe68aa57a881d09cac39d720e1361c697b86c4d33e0f5

SHA512
81ffee7b54b11b42aaeeaf1b6fb13ac64e8900e94ffd249fe075c183c3adf8e8451529d82f6a13216c73e5d1a1f57d703d9fcf1e61674020d93b15066d37dc75

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\index.js

Filesize
2KB

MD5
b9e991c0e57c4d5adde68a2f4f063bc7

SHA1
0cb6b9eb7b310c37e5950bbcaf672943657c94b5

SHA256
9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241

SHA512
3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\lib\read.js

Filesize
4KB

MD5
c148bb38c59ce266e271c96ab1f2d192

SHA1
027f3fbd8a5370ddec744d33ec9d594db41f6293

SHA256
1e9e274755366c39ae70e8b9a7a42fc12219566e67efaf9b7ebc2a8b337f5b6b

SHA512
bc4779cda1a3b130eb8cf76bb40676046ceb514ddc5c1891d7324776e6188e5d5ceb4c0799cf2fbc007786849ed07903cb59f61ffcac407300eef0a16cb7c498

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\lib\types\json.js

Filesize
5KB

MD5
6b036408f968978bf9668496db9953ba

SHA1
af1f14428152576f1c047c3462d26a7feb98635a

SHA256
44f8b529333004e2aaff6db3a1dbe7068f1ac5fa1173e9634686a78c2262af35

SHA512
89bef97d3d5d0c8da0f3aa1e178fee1d04eee5200c2f037bd55761a61e6c6a251f7314e82343761ef227a997909f4a0237a3ff5f79a1a7bb9e879a465ab84f86

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\lib\types\raw.js

Filesize
1KB

MD5
acb38e4fe575afaf8d1a257e47c6e362

SHA1
ea7411ff5a71df8d426322d07103e5894630e29b

SHA256
4e9cc80a7ee8bd667c68c264b4c374b28e731246ddb6ec22c3968daf837e30a2

SHA512
157427ad25390339b045b9bb81753709498b69b2cc8b9c918c19d52d1cb4f6bbe5b6b07885d0a7f66ef359b7080dc9a42216f71911b08ade04c1a112192bff50

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\lib\types\text.js

Filesize
2KB

MD5
beb4ada09306f8d6435566d9e88076d3

SHA1
eda9bc036c9d10f1400cd2e4a8832949671cadc7

SHA256
54a6e8ef720b06a300b21f6c60387805dec743a64154784a609dfe8c6860776a

SHA512
5d9c9c6837b9599d29db9b1eb54cd2a4e215feeb028137f31c20f2b02e38f600aa8c02721444dc41d7bfc206ad39a810076853d09fa1e3113b5708a75443131e

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\lib\types\urlencoded.js

Filesize
5KB

MD5
906a833480ce8841bfa5aeb95b5c085f

SHA1
8f74a7d616bf363b78844d3bcc2f554d7c76a952

SHA256
752717d87aad57451638af2073b04eba964f348910c0bcf0070c43e732de5eb2

SHA512
7676871dd3012dad0472be51698d9d1677622ba3d392417a41d22ef7f6d7df6c8085516bb9bdc45d4f125815161899aa889d756d18cd41f11e2402e659f7934d

Download Submit
F:\Update\script\fileaccess\node_modules\body-parser\package.json

Filesize
1KB

MD5
826bd4315438573ba1a6d88ae2a2aa65

SHA1
3e27986a947e7d10488739c9afb75f96b646c4c5

SHA256
0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956

SHA512
2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d

Download Submit
F:\Update\script\fileaccess\node_modules\bytes\index.js

Filesize
3KB

MD5
83cf8fe86424252c5a9a3e2fe90dbd57

SHA1
bd46529e5637ff1a659f1d4af2598925b12741e0

SHA256
893fcbbbe962dc00e40dc2e4b20e76e92d874dd257345003c6575d940e91a37f

SHA512
f0630152a247cf51dfc677c22323afccc667350a11db093b59b93f403481deba1d44cd78cd53f4c4a3e2df297c35fe54cdc841c10c4667ebb81d3a54fbf56d43

Download Submit
F:\Update\script\fileaccess\node_modules\bytes\package.json

Filesize
959B

MD5
5e3137feec27c5d88693e0cb2ff95d3c

SHA1
d8fe3e70eb4ecf4bf58385e4b27f89b7ce656a28

SHA256
99b21c09ce812dc76a06cd87c4753247cb9615c6a8501c5a5a9d9caa22ea2d12

SHA512
4b4d89317e1a1caae6924f234b75e15bd2f8bd026d316152e6cf3ffac53553bea2995076a8a365f26a96730f36170d115ac35aae6d0888f621f536d795b89a2d

Download Submit
F:\Update\script\fileaccess\node_modules\call-bind\callBound.js

Filesize
413B

MD5
fda064fefaeb89252271922954d69a4f

SHA1
7bac1561b456a282abe97cb9bc4e5e0d8a10e769

SHA256
2b2fce7622fdd680256d28bcd59c30913546a825bf69d754d21a1d21ccc2928c

SHA512
b0746c9dc90bb513e7d6190470ce0acbb0c2059b97184b9391f581e9a490729669c8479ba8eaafc1980f4e058a396bad11031d048387b5223a7b4b9e6a4b1dae

Download Submit
F:\Update\script\fileaccess\node_modules\call-bind\index.js

Filesize
1KB

MD5
40109fa1aade9c89c9587e77011f7301

SHA1
91f8eaf2fba5ee5c36e33207feeceee846c3e04a

SHA256
6b4ea26f8ca351cee55da416500ffca72fdb14eb5909f1512ce8ca68e47d7621

SHA512
d308a91b496c9fbd2db7d8b907d660142172342e990755093d892cf2b8382504119593bb83882f37db71e925803c37b9b098edc748f09eb6dc3f84b8dcc28f9b

Download Submit
F:\Update\script\fileaccess\node_modules\call-bind\package.json

Filesize
2KB

MD5
7327c5e04c116460b3c73ee92292269a

SHA1
106489d54a0669a5271c89f87f2072cfb8e66c4f

SHA256
e8fc7600526cc041bfcd3a562e6cfdb53952a7f7fb4fcc899949e4c51c586155

SHA512
93f2327154e59b1f6fa2f55659fd5a8bae1da6cb4dc2ea5ef736ed6abbcbb2840286be9346bea22a3dd52371ac842870bd388dcc1e5b673696bc0cad868422d8

Download Submit
F:\Update\script\fileaccess\node_modules\content-disposition\index.js

Filesize
10KB

MD5
43a307ff7de26dbec523ec966c434f94

SHA1
ed7f187b72a7b1f81d113bad5aa9347c242120d5

SHA256
e86a88a5d1a9dd74faa753ca4e47a78e38ae930f3206e5e887cf6cb0ad70cbf8

SHA512
79c073d3f0dea6c1606029b9a476cdce30ebbfb7b6ca95935a2e3f2cc97e70f3f00dbe8b7067beea78dae120f4941e60a7aa26592cff18e5cdf56f335127092d

Download Submit
F:\Update\script\fileaccess\node_modules\content-disposition\package.json

Filesize
1KB

MD5
5b285d4db057e7e72225e8e928d2ffa3

SHA1
1b871ffaefe2a1fd69aa9b1538b4003bf0eae9ab

SHA256
2459c0e8fbeb5716ab06e9ef73747bba46ed2bc52e310bd4e9f0ef1f102da61f

SHA512
dfe71ab6bcf40f32a26273a94f11439cbe3066bc3216061ee6ea9737d57b1cabf03a0e45b2fc50c4d0097a27e09197c7fd2b60090a91876671d2c709f31a29a4

Download Submit
F:\Update\script\fileaccess\node_modules\content-type\index.js

Filesize
4KB

MD5
4781c7ea0309edac61c3a36e3ea9da10

SHA1
1b6e7e8d1963ce958cf0f225223fadb5ef12f86d

SHA256
7d76ae0f8ecc0a8c053de97b0f695f3fa3df33f692d1bd241307995304e5f63d

SHA512
d458f8962f44ec30bf519a54aef063960d9cac2a954493383fc2ef46781c3244740f18c7daf1821b4e0babbd56b356228f7247ce40de9f3276de91a71c66c78c

Download Submit
F:\Update\script\fileaccess\node_modules\content-type\package.json

Filesize
1KB

MD5
0de0482c40698c075e13e4d54ff34466

SHA1
1545c6d8538d7e59f375d4ae4b0e0d10471a6c1c

SHA256
bd78a5427ffca1966621301edc6cac2146c8c1e137f122161ba90dca7ec89f77

SHA512
9f32408067afa748af8d23b4bbbe2657e566017435d4ead1e63b6d12f8bebb671ea82353a302340bb6f1ccd4852a3cb8ed340a3a8af9cd058bd36653b3cd4bcb

Download Submit
F:\Update\script\fileaccess\node_modules\cookie-signature\index.js

Filesize
1KB

MD5
a9634aa95d321b9a6d90bec5d3d23937

SHA1
bb5c2c0a463aa10074caf991f67681231b1f0c21

SHA256
8d762862020064468b4af17e561ee1ee29d9d55311a1c19d958c4ff2be912963

SHA512
214e27edb4367aa2ef322c4d857a918ebd57bc825646184f90fa6911f830b3755fce1fdff30a5d231ea11ba4ddd82b4f2afc36451289f0b4334c445e9a26dc48

Download Submit
F:\Update\script\fileaccess\node_modules\cookie-signature\package.json

Filesize
492B

MD5
076c53814237236a9d1aa999f33ee501

SHA1
eb071423205fc35573e714baa755e3a9e900a979

SHA256
ab66777a673ae096d6b5aa51b5edb46b84e6fcd85dc03358c35576e3df0464f5

SHA512
d5feee2e6c8af31560a3141ebe4254ce66972da9b9e3463eafcea214f49131e325136503de3f0fa76b454f63ebfdbf5d599caf558978aaca5a1656c2c7c8eec1

Download Submit
F:\Update\script\fileaccess\node_modules\cookie\index.js

Filesize
5KB

MD5
db5deda6183845891fe9b5667cde042d

SHA1
ee23ab87c951b0d3e3cdf1d6072a126a84491335

SHA256
9fd02358eabdf6c27b388dfdff94061655620a352253bfc5b01ee4cc30ca36b5

SHA512
1b6957f2ef28c5d4e14e02e8d6fea08d7210c0f2eb9de4788799fcc57d806998448622145ca45f0f605db447d97be982c62211535bf421d8c02d9e384e7db339

Download Submit
F:\Update\script\fileaccess\node_modules\cookie\package.json

Filesize
1KB

MD5
d55aa6bd2733ca1031186952d1485f43

SHA1
dd82a1cea772234696f0489aecacfe9aa8ff943e

SHA256
e740b0e5656b2029fb858bc93b10312dff16374283a2ecd9caa90848190dff88

SHA512
e4324126170c2a6d4e01f7bd8774a26babc5abff86692f283bf691e2b435f6b6f2823179e080aabde20d368bb26707a726d54c8d64e7838e215cef074c499598

Download Submit
F:\Update\script\fileaccess\node_modules\debug\package.json

Filesize
1KB

MD5
71a7656944ffe50cc27ebe02491ae49b

SHA1
8ebf0f80660d982fc68f00f82855696157e74b10

SHA256
6c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee

SHA512
5b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320

Download Submit
F:\Update\script\fileaccess\node_modules\debug\src\debug.js

Filesize
4KB

MD5
74bdccf347345d27fe8a4ac3add99c60

SHA1
a2b8a915c86fc750f56a7137860f19ec1182ee21

SHA256
d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a

SHA512
c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99

Download Submit
F:\Update\script\fileaccess\node_modules\debug\src\index.js

Filesize
263B

MD5
dd13897ea2eed92695bb7e4e744a9148

SHA1
182314d32e789e4f9c29e3150ae392f1630f171c

SHA256
9a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe

SHA512
0b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32

Download Submit
F:\Update\script\fileaccess\node_modules\debug\src\node.js

Filesize
5KB

MD5
25807a97fbb1fcc42a013abc7d7768c4

SHA1
f24d52cbc9144b011def218234ff7b50e7ddcb19

SHA256
a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0

SHA512
8d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24

Download Submit
F:\Update\script\fileaccess\node_modules\define-data-property\index.js

Filesize
2KB

MD5
92d50385cb04e9bba48103d21a4a08dd

SHA1
137bb6b7b4e8aede40825f23805cb8b8dc3eab4e

SHA256
e34746e8c69bbf6ba2182b7362e9c4dc5fb3c19cace48091781ae967370bc065

SHA512
dc291a9457cffc5f6eb39694fd91c72877502829bef01b07dad5df47a11751b2910e1807d52842fad38d8b8309eb6d8207c042ce705a211866717695b6d6d1be

Download Submit
F:\Update\script\fileaccess\node_modules\define-data-property\package.json

Filesize
2KB

MD5
05b9ba4536b59b74c4b3c95327787004

SHA1
c9384aa894159ee96e107cdd3002915849fc91fc

SHA256
bde7f1465b344a24da2b10d2ee99f87edf8e0ecd177c28370b60ad9595de730e

SHA512
4b81bbd31fd5ddce528fb0ebcefbbda77891f124f7fab9019c5ff1bddddafbb679b5e3d131a94c02b495e47327985fa5ecc613f7a2a109e58f5994b358fc3b0e

Download Submit
F:\Update\script\fileaccess\node_modules\depd\index.js

Filesize
10KB

MD5
002a1f3e813cc05d9e3cc011f6601628

SHA1
1690c27457637ec234d6b7658f1b96e547a0eb99

SHA256
4d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91

SHA512
ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54

Download Submit
F:\Update\script\fileaccess\node_modules\depd\package.json

Filesize
1KB

MD5
7f0a9d228c79f0ee4b89fc6117f1c687

SHA1
3c10082c1464a6f589aa10cda88285e780ebf857

SHA256
5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99

SHA512
7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2

Download Submit
F:\Update\script\fileaccess\node_modules\destroy\index.js

Filesize
4KB

MD5
35723299a9b5b96d111cbf94c56c898f

SHA1
6547e9c6dbfb287cb22819955726efc01a29950f

SHA256
b54f50db059987726ce2bdadca5d66a1e3ceef183aa5f43ce61aa53f05c36cb7

SHA512
d68622a50b1efa8c3ba52fbf8f1a036cffafe608dc0788013f9b7347c7077f3167cb2504d54815750225dad601c376a485357906f3c0cb6493bbac67d4ac9579

Download Submit
F:\Update\wwanvc.dll

Filesize
5KB

MD5
df17ef2c1f83ce89f433eac86da18ae8

SHA1
0363e8c1c4e6d307e2d592f92e3e8dddf7600f32

SHA256
8faae8f38c201b7cd5fa4171839cdb6d53218ca0f40168ee4cab81f72064915d

SHA512
35737e7b1d289adbbce0dc092f14c5b745526d701685196b1284699a48f40d08108340f06009cc86b33a4416f96c184ebeed306609da566b2723762920c813bc

Download Submit
memory/1020-1446-0x0000000000CA0000-0x0000000000D20000-memory.dmp

Filesize
512KB

Download
memory/1020-1447-0x0000000005BD0000-0x0000000006176000-memory.dmp

Filesize
5.6MB

Download
memory/1160-780-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-778-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-777-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-781-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-782-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-783-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-771-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-772-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-773-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/1160-779-0x0000015B847A0000-0x0000015B847A1000-memory.dmp

Filesize
4KB

Download
memory/2556-2030-0x0000027B6CE80000-0x0000027B6CE90000-memory.dmp

Filesize
64KB

Download
memory/2556-2046-0x0000027B71330000-0x0000027B71338000-memory.dmp

Filesize
32KB

Download
memory/2556-2014-0x0000027B6CD80000-0x0000027B6CD90000-memory.dmp

Filesize
64KB

Download
memory/3264-2055-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2054-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2050-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2051-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2052-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2053-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2056-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2057-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2061-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2060-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2062-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2059-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3264-2058-0x000001FD5BE90000-0x000001FD5BEA0000-memory.dmp

Filesize
64KB

Download
memory/3800-1449-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3800-1451-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download