bazarbackdoor | bd354b3b96b0539f73b019d28c423b014942e1b450948e02633c9ebac0217c58

Resubmissions

29-03-2023 05:04

230329-fqgbeseg83 10

23-03-2023 08:50

230323-kr4wbsge8w 7

Analysis

max time kernel
336s
max time network
349s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2023 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cubebrowsersetup_x64_2_6_2.exe
Size

102.9MB
MD5

cb5d9790eb019a5b6470cbfee8bcc4e0
SHA1

9cb33dd94ec00cce858599fb35fa3787a72ea484
SHA256

bd354b3b96b0539f73b019d28c423b014942e1b450948e02633c9ebac0217c58
SHA512

e9113acb2b95420e3bfb5d4f22b02e5861de40358e084cab1bcba8756bad86ad75cf5d7946732e342219f858c3f35ba2c9db4941d990154a50f05d88b12cb5c5
SSDEEP

3145728:kzc1c12vU7Kg7ii2k4zcYr2ljsuHb+VBfAeIO+Pb:kzc1s2vUJ7JcT5u71eIO+Pb

Score

10^/10

bazarbackdoor backdoor discovery persistence

Malware Config

Signatures

BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Bazar/Team9 Backdoor payload 2 IoCs

Processes:

resource	yara_rule
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\MainPackage	BazarBackdoorVar3
C:\Windows\Installer\e591330.msi	BazarBackdoorVar3

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cubebrowsersetup_x64_2_6_2.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	cubebrowsersetup_x64_2_6_2.exe

Executes dropped EXE 3 IoCs

Processes:

cubebrowsersetup_x64_2_6_2.exeCubeBrowserSetup.exeCubeBrowser.exe

pid process

1276 cubebrowsersetup_x64_2_6_2.exe
4036 CubeBrowserSetup.exe
4688 CubeBrowser.exe
Loads dropped DLL 5 IoCs

Processes:

cubebrowsersetup_x64_2_6_2.exeMsiExec.exeMsiExec.exeMsiExec.exe

pid process

1276 cubebrowsersetup_x64_2_6_2.exe
4520 MsiExec.exe
3212 MsiExec.exe
3212 MsiExec.exe
1696 MsiExec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

CubeBrowserSetup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	CubeBrowserSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2} = "\"C:\\ProgramData\\Package Cache\\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}\\CubeBrowserSetup.exe\" /burn.runonce"	CubeBrowserSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

CubeBrowserSetup.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\M:	CubeBrowserSetup.exe
File opened (read-only)	\??\P:	CubeBrowserSetup.exe
File opened (read-only)	\??\Q:	CubeBrowserSetup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	CubeBrowserSetup.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	CubeBrowserSetup.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	CubeBrowserSetup.exe
File opened (read-only)	\??\O:	CubeBrowserSetup.exe
File opened (read-only)	\??\R:	CubeBrowserSetup.exe
File opened (read-only)	\??\X:	CubeBrowserSetup.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	CubeBrowserSetup.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	CubeBrowserSetup.exe
File opened (read-only)	\??\J:	CubeBrowserSetup.exe
File opened (read-only)	\??\T:	CubeBrowserSetup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	CubeBrowserSetup.exe
File opened (read-only)	\??\I:	CubeBrowserSetup.exe
File opened (read-only)	\??\L:	CubeBrowserSetup.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	CubeBrowserSetup.exe
File opened (read-only)	\??\N:	CubeBrowserSetup.exe
File opened (read-only)	\??\S:	CubeBrowserSetup.exe
File opened (read-only)	\??\W:	CubeBrowserSetup.exe
File opened (read-only)	\??\Y:	CubeBrowserSetup.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\K:	CubeBrowserSetup.exe
File opened (read-only)	\??\V:	CubeBrowserSetup.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	CubeBrowserSetup.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\FilterPanel\RangeDragger\rangeHandleTopX.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\vt_icon_ps.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\runtimecore.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingsmall0039.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Icons\Notification\factsheetIcon.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\lineStacked100.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\toolstripContextualButtonLeftD.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\ScrollBar\thumbEndO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Tab\tabRightO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\trianglemesh_3d_depth_ps.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Resources.Reader.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\ribbonContextualArrow.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\GroupContainer\groupContainerBottomMinimizedRight.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingSmall0008.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\modelline_3d_normal_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\vt_icon_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\customLayers_enabled.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingsmall0043.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\SearchTab\searchTabBottom.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\vt_fill_pattern_ps.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\trianglemesh_3d_draw_ps.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Diagnostics.Tools.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client64\runtimecore.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\autoZoom.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\RystadEnergy.CoreApiClientExtensions.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\sequence_point_pick_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingsmall0036.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Net.Sockets.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAnimation\right00.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\sequence_marker_normal_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Reflection.Primitives.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\re_selection_finalize_mask_ps.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\RystadEnergy.CubeBrowser.CacheManager.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Dynamic.Runtime.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\ScrollBar\arrowNegativeO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\sequence_dynamic_marker_pick_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\prefAll.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\RuntimeCoreNet100_13_1.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\GroupContainer\groupContainerTopLeft.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingsmall0022.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingSmall0014.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\chart.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.ComponentModel.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Numerics.Vectors.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_depth_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Net.Ping.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Tab\tabOverflow.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Threading.Overlapped.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.ObjectModel.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\splitButtonContextualTopRightO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\areaGroup.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\toolstripFixedButtonLeftO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\vt_fill_solid_view_translate_vs.cso	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Icons\exclamation.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Microsoft.Bcl.AsyncInterfaces.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\tabMiddleF.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\REClientFileControl.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\Ribbon\icon\prefTitle.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingSmall0002.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\ScrollBar\thumbStartO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\System.Text.Encoding.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\SearchTab\searchTabTopO.png	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Esri.ArcGISRuntime.Toolkit.dll	msiexec.exe
File created	C:\Program Files\Rystad Energy\Cube Browser\Graphics\LoadingAni\loadingSmall0015.png	msiexec.exe

Drops file in Windows directory 27 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSI24D6.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\vcruntime140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File opened for modification	C:\Windows\Installer\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\MainIcon	msiexec.exe
File created	C:\Windows\Installer\e591330.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\vccorlib140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File created	C:\Windows\Installer\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\PackageIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\PackageIcon	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\msvcp140_1.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\vcruntime140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1EF8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2022.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\concrt140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\msvcp140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File created	C:\Windows\Installer\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\MainIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\concrt140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\msvcp140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\vccorlib140.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File created	C:\Windows\Installer\e591332.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e591330.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{92FA2039-7F0B-47EB-932C-ADED4AF937DB}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9302AF29B0F7BE7439C2DADEA49F73BD\2.6.2\msvcp140_1.dll.8B02B7DE_BF28_3691_9B6A_3B4E0AC6A5A2	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI501D.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000206f4107d723b55a0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000206f41070000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900206f4107000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000206f410700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000206f410700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 64 IoCs

Processes:

msiexec.exemsedge.exeCubeBrowserSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.rep\ = "Cube browser"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\PackageCode = "D7D7F56C663195145BDBF823171DB6F6"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}\Dependents	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CubeBrowser.rep	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\cubebrowser	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.rep	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\cubebrowser\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\Dependents\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.ret	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CubeBrowser.ret	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\shell\open\command\ = "\"C:\\Program Files\\Rystad Energy\\Cube Browser\\CubeBrowser.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9302AF29B0F7BE7439C2DADEA49F73BD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\Version = "2.6.2"	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.ret\shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.ret\shell\open\ = "Open"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ret\Content Type = "application/cb"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.ret\ = "Cube browser"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\URL Protocol	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D81E8D834396EFA479B2A41169006212\9302AF29B0F7BE7439C2DADEA49F73BD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.rep\shell\open\ = "Open"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.rep\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\ = "{92FA2039-7F0B-47EB-932C-ADED4AF937DB}"	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.rep	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rep\Content Type = "application/cb"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\shell\open\command	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9302AF29B0F7BE7439C2DADEA49F73BD\ConfigurationFeature = "ProductFeature"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\Dependents	CubeBrowserSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}\Version = "2.6.2.0"	CubeBrowserSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9302AF29B0F7BE7439C2DADEA49F73BD\UpdateFeature = "ProductFeature"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\ProductIcon = "C:\\Windows\\Installer\\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\\PackageIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\DefaultIcon\ = "CubeBrowser.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.rep\shell\open\command\ = "\"C:\\Program Files\\Rystad Energy\\Cube Browser\\CubeBrowser.exe\" \"%1\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.ret\shell\open\command\ = "\"C:\\Program Files\\Rystad Energy\\Cube Browser\\CubeBrowser.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\cubebrowser\DefaultIcon	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D81E8D834396EFA479B2A41169006212	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.rep\shell	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CubeBrowser.rep\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.ret	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CubeBrowser.ret\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\ProductName = "Cube Browser (64 bit)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\Version = "33947650"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}	CubeBrowserSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\SourceList\PackageName = "CubeBrowserSetup.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}\DisplayName = "Cube Browser (64 bit)"	CubeBrowserSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ret\ = "CubeBrowser.ret"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9302AF29B0F7BE7439C2DADEA49F73BD\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}v2.6.2\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CubeBrowser.rep\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CubeBrowser.ret\shell\open\command	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\ = "URL:Cube Browser"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{92FA2039-7F0B-47EB-932C-ADED4AF937DB}\DisplayName = "Cube Browser (64 bit)"	CubeBrowserSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}\ = "{0d95d1e5-71b6-47ef-9c04-19c7c18635b2}"	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CubeBrowser.ret\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cubebrowser\shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9302AF29B0F7BE7439C2DADEA49F73BD\ProductFeature	msiexec.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

CubeBrowserSetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B\Blob = 0f00000001000000200000003560e45b41e46b8f36537025d1d5bc02d9652a10645b0eff69e8b6a52191f335090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005200000047006f00200044006100640064007900200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020001320200047003200000053000000010000002500000030233021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c062000000010000002000000045140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda1400000001000000140000003a9a8507106728b6eff6bd05416e20c194da0fde1d000000010000001000000070253fbcbde32a014d38c1993098ad9903000000010000001400000047beabc922eae80e78783462a79f45c254fde68b2000000001000000c9030000308203c5308202ada003020102020100300d06092a864886f70d01010b0500308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf716208f1fa5934f71bc918a3f7804958e9228313a6c52043013b84f1e685499f27eaf6841b4ea0b4db7098c73201b1053e074eeef4fa4f2f593022e7ab19566be28007fcf316758039517be5f935b6744ea98d8213e4b63fa90383faa2be8a156a7fde0bc3b6191405caeac3a804943b467c320df3006622c88d696d368c1118b7d3b21c60b438fa028cced3dd4607de0a3eeb5d7cc87cfbb02b53a4926269512505611a44818c2ca9439623dfac3a819a0e29c51ca9e95d1eb69e9e300a39cef18880fb4b5dcc32ec85624325340256270191b43b702a3f6eb1e89c88017d9fd4f9db536d609dbf2ce758abb85f46fccec41b033c09eb49315c6946b3e0470203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604143a9a8507106728b6eff6bd05416e20c194da0fde300d06092a864886f70d01010b0500038201010099db5d79d5f99759670361f17e3b0631752da1208e4f6587b4f7a69cbcd8e92fd0db5aeecf748c73b43842da057bf80275b8fda5b1d7aef6d7de13cb53107e8a46d197fab72e2b11ab90b02780f9e89f5ae9379fabe4df6cb385179d3dd9244f799135d65f04eb8083ab9a022db510f4d890c7047340ed7225a0a99fec9eab68129957c68f123a09a4bd44fd061537c19be432a3ed38e8d864f32c7e14fc02ea9fcdff076817db2290382d7a8dd154f169e35f33ca7a3d7b0ae3ca7f5f39e5e275bac5761833ce2cf02f4cadf7b1e7ce4fa8c49b4a5406c57f7dd5080fe21cfe7e17b8ac5ef6d416b243090c4df6a76bb4998465ca7a88e2e244be5cf7ea1cf5	CubeBrowserSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B\Blob = 19000000010000001000000021d008b47b7a2a81c8435903ded424c90f00000001000000200000003560e45b41e46b8f36537025d1d5bc02d9652a10645b0eff69e8b6a52191f335090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005200000047006f00200044006100640064007900200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020001320200047003200000053000000010000002500000030233021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c062000000010000002000000045140b3247eb9cc8c5b4f0d7b53091f73292089e6e5a63e2749dd3aca9198eda1400000001000000140000003a9a8507106728b6eff6bd05416e20c194da0fde1d000000010000001000000070253fbcbde32a014d38c1993098ad9903000000010000001400000047beabc922eae80e78783462a79f45c254fde68b2000000001000000c9030000308203c5308202ada003020102020100300d06092a864886f70d01010b0500308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf716208f1fa5934f71bc918a3f7804958e9228313a6c52043013b84f1e685499f27eaf6841b4ea0b4db7098c73201b1053e074eeef4fa4f2f593022e7ab19566be28007fcf316758039517be5f935b6744ea98d8213e4b63fa90383faa2be8a156a7fde0bc3b6191405caeac3a804943b467c320df3006622c88d696d368c1118b7d3b21c60b438fa028cced3dd4607de0a3eeb5d7cc87cfbb02b53a4926269512505611a44818c2ca9439623dfac3a819a0e29c51ca9e95d1eb69e9e300a39cef18880fb4b5dcc32ec85624325340256270191b43b702a3f6eb1e89c88017d9fd4f9db536d609dbf2ce758abb85f46fccec41b033c09eb49315c6946b3e0470203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604143a9a8507106728b6eff6bd05416e20c194da0fde300d06092a864886f70d01010b0500038201010099db5d79d5f99759670361f17e3b0631752da1208e4f6587b4f7a69cbcd8e92fd0db5aeecf748c73b43842da057bf80275b8fda5b1d7aef6d7de13cb53107e8a46d197fab72e2b11ab90b02780f9e89f5ae9379fabe4df6cb385179d3dd9244f799135d65f04eb8083ab9a022db510f4d890c7047340ed7225a0a99fec9eab68129957c68f123a09a4bd44fd061537c19be432a3ed38e8d864f32c7e14fc02ea9fcdff076817db2290382d7a8dd154f169e35f33ca7a3d7b0ae3ca7f5f39e5e275bac5761833ce2cf02f4cadf7b1e7ce4fa8c49b4a5406c57f7dd5080fe21cfe7e17b8ac5ef6d416b243090c4df6a76bb4998465ca7a88e2e244be5cf7ea1cf5	CubeBrowserSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	CubeBrowserSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	CubeBrowserSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	CubeBrowserSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B	CubeBrowserSetup.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msiexec.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1948	msiexec.exe
1948	msiexec.exe
1124	msedge.exe
1124	msedge.exe
2280	msedge.exe
2280	msedge.exe
4256	identity_helper.exe
4256	identity_helper.exe
3804	msedge.exe
3804	msedge.exe
1860	msedge.exe
1860	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

vssvc.exeCubeBrowserSetup.exemsiexec.exesrtasks.exe

description	pid	process
Token: SeBackupPrivilege	4468	vssvc.exe
Token: SeRestorePrivilege	4468	vssvc.exe
Token: SeAuditPrivilege	4468	vssvc.exe
Token: SeShutdownPrivilege	4036	CubeBrowserSetup.exe
Token: SeIncreaseQuotaPrivilege	4036	CubeBrowserSetup.exe
Token: SeSecurityPrivilege	1948	msiexec.exe
Token: SeCreateTokenPrivilege	4036	CubeBrowserSetup.exe
Token: SeAssignPrimaryTokenPrivilege	4036	CubeBrowserSetup.exe
Token: SeLockMemoryPrivilege	4036	CubeBrowserSetup.exe
Token: SeIncreaseQuotaPrivilege	4036	CubeBrowserSetup.exe
Token: SeMachineAccountPrivilege	4036	CubeBrowserSetup.exe
Token: SeTcbPrivilege	4036	CubeBrowserSetup.exe
Token: SeSecurityPrivilege	4036	CubeBrowserSetup.exe
Token: SeTakeOwnershipPrivilege	4036	CubeBrowserSetup.exe
Token: SeLoadDriverPrivilege	4036	CubeBrowserSetup.exe
Token: SeSystemProfilePrivilege	4036	CubeBrowserSetup.exe
Token: SeSystemtimePrivilege	4036	CubeBrowserSetup.exe
Token: SeProfSingleProcessPrivilege	4036	CubeBrowserSetup.exe
Token: SeIncBasePriorityPrivilege	4036	CubeBrowserSetup.exe
Token: SeCreatePagefilePrivilege	4036	CubeBrowserSetup.exe
Token: SeCreatePermanentPrivilege	4036	CubeBrowserSetup.exe
Token: SeBackupPrivilege	4036	CubeBrowserSetup.exe
Token: SeRestorePrivilege	4036	CubeBrowserSetup.exe
Token: SeShutdownPrivilege	4036	CubeBrowserSetup.exe
Token: SeDebugPrivilege	4036	CubeBrowserSetup.exe
Token: SeAuditPrivilege	4036	CubeBrowserSetup.exe
Token: SeSystemEnvironmentPrivilege	4036	CubeBrowserSetup.exe
Token: SeChangeNotifyPrivilege	4036	CubeBrowserSetup.exe
Token: SeRemoteShutdownPrivilege	4036	CubeBrowserSetup.exe
Token: SeUndockPrivilege	4036	CubeBrowserSetup.exe
Token: SeSyncAgentPrivilege	4036	CubeBrowserSetup.exe
Token: SeEnableDelegationPrivilege	4036	CubeBrowserSetup.exe
Token: SeManageVolumePrivilege	4036	CubeBrowserSetup.exe
Token: SeImpersonatePrivilege	4036	CubeBrowserSetup.exe
Token: SeCreateGlobalPrivilege	4036	CubeBrowserSetup.exe
Token: SeBackupPrivilege	2780	srtasks.exe
Token: SeRestorePrivilege	2780	srtasks.exe
Token: SeSecurityPrivilege	2780	srtasks.exe
Token: SeTakeOwnershipPrivilege	2780	srtasks.exe
Token: SeBackupPrivilege	2780	srtasks.exe
Token: SeRestorePrivilege	2780	srtasks.exe
Token: SeSecurityPrivilege	2780	srtasks.exe
Token: SeTakeOwnershipPrivilege	2780	srtasks.exe
Token: SeCreateTokenPrivilege	4036	CubeBrowserSetup.exe
Token: SeAssignPrimaryTokenPrivilege	4036	CubeBrowserSetup.exe
Token: SeLockMemoryPrivilege	4036	CubeBrowserSetup.exe
Token: SeIncreaseQuotaPrivilege	4036	CubeBrowserSetup.exe
Token: SeMachineAccountPrivilege	4036	CubeBrowserSetup.exe
Token: SeTcbPrivilege	4036	CubeBrowserSetup.exe
Token: SeSecurityPrivilege	4036	CubeBrowserSetup.exe
Token: SeTakeOwnershipPrivilege	4036	CubeBrowserSetup.exe
Token: SeLoadDriverPrivilege	4036	CubeBrowserSetup.exe
Token: SeSystemProfilePrivilege	4036	CubeBrowserSetup.exe
Token: SeSystemtimePrivilege	4036	CubeBrowserSetup.exe
Token: SeProfSingleProcessPrivilege	4036	CubeBrowserSetup.exe
Token: SeIncBasePriorityPrivilege	4036	CubeBrowserSetup.exe
Token: SeCreatePagefilePrivilege	4036	CubeBrowserSetup.exe
Token: SeCreatePermanentPrivilege	4036	CubeBrowserSetup.exe
Token: SeBackupPrivilege	4036	CubeBrowserSetup.exe
Token: SeRestorePrivilege	4036	CubeBrowserSetup.exe
Token: SeShutdownPrivilege	4036	CubeBrowserSetup.exe
Token: SeDebugPrivilege	4036	CubeBrowserSetup.exe
Token: SeAuditPrivilege	4036	CubeBrowserSetup.exe
Token: SeSystemEnvironmentPrivilege	4036	CubeBrowserSetup.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

cubebrowsersetup_x64_2_6_2.exeCubeBrowserSetup.exemsedge.exemsedge.exe

pid	process
1276	cubebrowsersetup_x64_2_6_2.exe
4036	CubeBrowserSetup.exe
4036	CubeBrowserSetup.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cubebrowsersetup_x64_2_6_2.execubebrowsersetup_x64_2_6_2.exemsiexec.exeCubeBrowser.exemsedge.exe

description	pid	process	target process
PID 444 wrote to memory of 1276	444	cubebrowsersetup_x64_2_6_2.exe	cubebrowsersetup_x64_2_6_2.exe
PID 444 wrote to memory of 1276	444	cubebrowsersetup_x64_2_6_2.exe	cubebrowsersetup_x64_2_6_2.exe
PID 444 wrote to memory of 1276	444	cubebrowsersetup_x64_2_6_2.exe	cubebrowsersetup_x64_2_6_2.exe
PID 1276 wrote to memory of 4036	1276	cubebrowsersetup_x64_2_6_2.exe	CubeBrowserSetup.exe
PID 1276 wrote to memory of 4036	1276	cubebrowsersetup_x64_2_6_2.exe	CubeBrowserSetup.exe
PID 1276 wrote to memory of 4036	1276	cubebrowsersetup_x64_2_6_2.exe	CubeBrowserSetup.exe
PID 1948 wrote to memory of 4520	1948	msiexec.exe	MsiExec.exe
PID 1948 wrote to memory of 4520	1948	msiexec.exe	MsiExec.exe
PID 1948 wrote to memory of 4520	1948	msiexec.exe	MsiExec.exe
PID 1948 wrote to memory of 3212	1948	msiexec.exe	MsiExec.exe
PID 1948 wrote to memory of 3212	1948	msiexec.exe	MsiExec.exe
PID 1948 wrote to memory of 1696	1948	msiexec.exe	MsiExec.exe
PID 1948 wrote to memory of 1696	1948	msiexec.exe	MsiExec.exe
PID 4688 wrote to memory of 2280	4688	CubeBrowser.exe	msedge.exe
PID 4688 wrote to memory of 2280	4688	CubeBrowser.exe	msedge.exe
PID 2280 wrote to memory of 232	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 232	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 3184	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 1124	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 1124	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 336	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 336	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 336	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 336	2280	msedge.exe	msedge.exe
PID 2280 wrote to memory of 336	2280	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\cubebrowsersetup_x64_2_6_2.exe
"C:\Users\Admin\AppData\Local\Temp\cubebrowsersetup_x64_2_6_2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:444
- C:\Windows\Temp\{5AC7FBD5-FC2D-4129-8B22-D8FCB78E51D8}\.cr\cubebrowsersetup_x64_2_6_2.exe
  "C:\Windows\Temp\{5AC7FBD5-FC2D-4129-8B22-D8FCB78E51D8}\.cr\cubebrowsersetup_x64_2_6_2.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\cubebrowsersetup_x64_2_6_2.exe" -burn.filehandle.attached=544 -burn.filehandle.self=556
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.be\CubeBrowserSetup.exe
    "C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.be\CubeBrowserSetup.exe" -q -burn.elevated BurnPipe.{ADCC58E6-B8A8-4532-AA6F-362CDA797FBA} {CFD52E5F-9AE9-466A-8EC2-10F36826FD01} 1276
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Enumerates connected drives
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:4036

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4468

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2780

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 403CC3025CF63AFC4F6EC8E191DF4695 C
  2⤵
  - Loads dropped DLL
  PID:4520
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding B27E600F3D516E01D7E2D4695A9FC1E0
  2⤵
  - Loads dropped DLL
  PID:3212
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding CFF4B3EED3D408AF6FC56FF7C793FDB7 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:1696

C:\Program Files\Rystad Energy\Cube Browser\CubeBrowser.exe
"C:\Program Files\Rystad Energy\Cube Browser\CubeBrowser.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://auth.rystadenergy.com/connect/authorize?response_type=code&nonce=pz-kRSkv26lpBZT9WwE8JA&state=LyMHu7rtwmc4w63FL9m6bg&code_challenge=Iyv2YOdbcmQMsQVTa-5ir0VU-8efpo7jWs_hbgS2lKk&code_challenge_method=S256&client_id=CubeBrowser&scope=openid%20profile%20REapi.read%20offline_access&redirect_uri=http%3A%2F%2F127.0.0.1%3A50751%2F
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8945146f8,0x7ff894514708,0x7ff894514718
    3⤵
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2352 /prefetch:8
    3⤵
    PID:336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
    3⤵
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff65d445460,0x7ff65d445470,0x7ff65d445480
      4⤵
      PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    PID:4560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
    3⤵
    PID:4752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
    3⤵
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:1584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
    3⤵
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
    3⤵
    PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
    3⤵
    PID:2492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
    3⤵
    PID:484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
    3⤵
    PID:5736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
    3⤵
    PID:5720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
    3⤵
    PID:6076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
    3⤵
    PID:6140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
    3⤵
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
    3⤵
    PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
    3⤵
    PID:5576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
    3⤵
    PID:5468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
    3⤵
    PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
    3⤵
    PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:1
    3⤵
    PID:5548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10336 /prefetch:1
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10656 /prefetch:1
    3⤵
    PID:6244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1
    3⤵
    PID:6332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1
    3⤵
    PID:6368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10512 /prefetch:1
    3⤵
    PID:6432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9782549410548050951,14453014708749653822,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10808 /prefetch:1
    3⤵
    PID:6496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://auth.rystadenergy.com/connect/authorize?response_type=code&nonce=u6KIVYQyb3j22KAQ6fvrgQ&state=f-9wfnif5BZlqyQCDA8j3A&code_challenge=XGzm8f8Y_fFrj1tsOdp4QzYGLHq8uBs_6ikUIE5KNG8&code_challenge_method=S256&client_id=CubeBrowser&scope=openid%20profile%20REapi.read%20offline_access&redirect_uri=http%3A%2F%2F127.0.0.1%3A56209%2F
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8945146f8,0x7ff894514708,0x7ff894514718
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
    3⤵
    PID:5560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:7144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
    3⤵
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7588511920826477371,15082423955065387205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7128

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e591331.rbs

Filesize
220KB

MD5
1446a22cfb82c22c2801b81030c149f1

SHA1
53438403d552f1d6dfa735373dbe77b7601cc3f1

SHA256
b0a581df8b458df328f8e916ad16cd36706dd5385d32966ca50ba7dc28c70196

SHA512
4a300c74e066601e28765154ed711de2b651b44c65d03075432d8d594029c36dcf79f7055c47db41d4fdcdf9e6fa6c69e5c088f810d92ce9741a0115b831803e

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client32\RuntimeCoreNet100_13_1.WPF.dll

Filesize
59KB

MD5
2f169f61c05f4d01a9449bdb218c9fd3

SHA1
222b07c362a813156a1230640ee29af57580b46b

SHA256
11d68a8c8d2cdce038418e24479858e81d9abec427af438d9377520942634e89

SHA512
c9151485aadb9b9cfc55387c319b5ac6043655ee17dd2c7343b2169f4fb52d323e85532193b5e13dfe3b4cd60430ee095327acf57324d8384cf9049fa3cb742b

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client32\RuntimeCoreNet100_13_1.dll

Filesize
1.4MB

MD5
6df47e7c25db3bf77b0f9154c3a0f7e4

SHA1
eeefc52ff8c42a45a4d0342f5bbf7d31f2afd602

SHA256
572995f4503aba5e35ed0464e58088b15936f093dff8c5f89917b165b6e4416c

SHA512
31d4bedd964fb9815a116bb9af95971276285e61e071d0812a20e76fa31021c84f500c071db80a502e5cbdc29e96d8e6a033cb989f3681fa8057919a51a12dd6

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client32\runtimecore.dll

Filesize
73.8MB

MD5
8163b8e389d8805bf18675444bdc418c

SHA1
773241b12ecd21beda0cd41dff900686c7fc607b

SHA256
4397ed5cfb10ce81180ac633dc1837749e37041f7091166371e5549a25192d13

SHA512
bc1fa6da0e12ed4b0a8aefb8f1912702495d9f74446694079c32959b9a04f3c2acaf0ed4cf2e8ef076abdd5bf07aa7d506106b29e01efee56f5774b62bcadf5e

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client32\runtimecoreAssembly.manifest

Filesize
263B

MD5
494955c5b42a42d0d27d2d507098a280

SHA1
71ce0a0e3ac0dcc7a696900b943561f2ed874ecf

SHA256
b27e52e326e2f07da9ed429745392c2adaf6f3a0182f1a80f834ffeafbc29e7a

SHA512
0b88fac8681ff395f7a87179b5fca165eec1d542284a0ec132fc755bfd841cf21146de49bbf5d4b2260d8ef9d0d96a3135a5beb73e1b01ed8883571e876bdb14

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client64\RuntimeCoreNet100_13_1.WPF.dll

Filesize
63KB

MD5
3f7853666dcea097a681ff5da3e824cd

SHA1
2375cdd7bec8001011d4d7a1499406f5d81b09fb

SHA256
562fffee55ea361d839cdb8eb9713926955a2fe54689566f65464a4c66286506

SHA512
6f93303d1f3e9831d70e2da9c36724e132a815ae682d29df37ebc276f296e7101777f78002299ac512f771eadf6b53aabd5e13118c7520a4a38a8f6884299422

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client64\RuntimeCoreNet100_13_1.dll

Filesize
1.4MB

MD5
a5c7b769d06f22417e43c6b7094d41f2

SHA1
726ab814373b4bf690dfe5629fd9ab34468e44a5

SHA256
68aa558de54a054d850dc5c05b2865d4db5c2198aafd81f9cf8a4dca4bec7e6f

SHA512
f4930c00b6d74d68c33181f4c290d8fcb5bdd29d3cbbd6deec394fb54e83d0bd6503ef758e479b9a652a4549b1f0f1c4f8db5f59f587c2205dd54ed5748de57f

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client64\runtimecore.dll

Filesize
84.2MB

MD5
6dc553234cc026e9b9469f69e0a3d793

SHA1
976781793104448a8bbe13d1a0f1388f7949c00f

SHA256
00d14107f127aacf475a9019b5a8408d60dc7fb9b844484cbcd341111717ad93

SHA512
e30eb97149c371fdd579a5cbf7fa8e8aa0715b4ef9408e4d78a9ec3b2979e43757c8de254ac95035db82536a1108a7297b5c70cfd9a59d8af152c554ee8ace86

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\client64\runtimecoreAssembly.manifest

Filesize
263B

MD5
494955c5b42a42d0d27d2d507098a280

SHA1
71ce0a0e3ac0dcc7a696900b943561f2ed874ecf

SHA256
b27e52e326e2f07da9ed429745392c2adaf6f3a0182f1a80f834ffeafbc29e7a

SHA512
0b88fac8681ff395f7a87179b5fca165eec1d542284a0ec132fc755bfd841cf21146de49bbf5d4b2260d8ef9d0d96a3135a5beb73e1b01ed8883571e876bdb14

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\network_analyst\strings.bin

Filesize
6.9MB

MD5
f28e81672c39aed76dbbba6b6def75e9

SHA1
6a164b2700a5488a10da05bc0ffa41e1ba5d2ab3

SHA256
3dd8821bcd98f2a9352de3d414d5cb844d87e46ebf678ff710052670a14ffde9

SHA512
4429d840e2f9fc1b7da65686bb26a8565c2ec6b15933005802a58f84dc5018d70f3f134cf6b384f9541695c9e70cb44d8dbc4014804493b88fb9e8796837e860

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\atmosphere_accurate_3d_ps.cso

Filesize
1KB

MD5
c3689ca8c55a5400eadab9d8d4befd23

SHA1
c66787e43817dccef2cbd9a0f0e8510caf6c4815

SHA256
0957d125576d1205f5884594d466b33455ba5acfd3711b477f34d1954de76875

SHA512
30b2644076284f8a38c8c901d933bfd658a1a6e4e37f702867939a239c09a8e6e765596d2f2f9e6bba151947978d93f520d6cdb187b46f7b5688bedb46f3c1b6

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\atmosphere_accurate_3d_vs.cso

Filesize
5KB

MD5
dd14a9a569a2b2e1adfd37d9d1340f0b

SHA1
d9d9fa8a9ec579e48d5b4897425929240a504a86

SHA256
8933c482576c5546365accacd274b3aa59c93432d0b6f653ec945e1c056dcdf4

SHA512
d15c58221f132ab09bdf0ff56da53531a217257e0c1c8ea47d1f959b1a1dfec00a9f19c145204f4c4f7df0435bc48738fd360cd262a4939b4782b8e23220d995

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\atmosphere_textured_3d_ps.cso

Filesize
680B

MD5
a14763c8265f633c1f67024b56f38da0

SHA1
06c4e7bf06e8f8ef9f8aa31e966dd561e7b76d0b

SHA256
58e09672d16a8b62168d713491d58b2f277de33e66daa89738179d1fde824121

SHA512
2cdef5d90a832ab4f3015c244f0ebc9f9c153bced66b38f70ba7b7ed2853b3f237a7f631e258cde8a1d4bce3d93becf4899f1dcc1322030e37bd6df8ae902438

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\atmosphere_textured_3d_vs.cso

Filesize
2KB

MD5
8ad69942c3924aac0ad57277f87e9ef2

SHA1
9b410be2fe72d3984ce94e859fc980b2ccf9f46a

SHA256
95bdf03162502f7781379d6e2468dcf87c0076f51a92c0877e76a52fa5039a26

SHA512
76eb7193f20ed5381cb2a85657cbbb0dc9e73a5b7313d27ff261d1912168f06457c3cf31f19a1992fe8f5239565c88cded9f9030b2e02aba55e48a85cdec665b

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\basic_draw_ps.cso

Filesize
476B

MD5
e2e8b6e6e83111f6cbb73c511ab398ce

SHA1
e78ac9c5a097eeb6167f46f2726f703c05e6694a

SHA256
deae70a2cacd593c00ad4a0d98e27fc87f158cf0f07c1196187652e12e7d5f5e

SHA512
2a39dfdfbb23052313ffe9e55ae2d3c06f3cc4a6ac7970f820015b558d726d5b8d0ee9c3908a922a9b9dc712e746b28149bf76e0aefe3de44ee3771f98c561c4

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\basic_draw_vs.cso

Filesize
772B

MD5
e414ff92be733ec39e54da97ef200464

SHA1
4310cc7217f19c2ef6093afe303c5e6e643df1be

SHA256
28c5332f3443181e76a603efb66a55e0d8f981582af319c30194089ea0deed73

SHA512
4c25d16b0ca907ff720fb9736f73fefc5a0dbc85118e47f72956befa3e4828cbe12bd8e6c8334ba0bb0152a1c80b85cc1006287672d3741e55c095590770e260

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\basic_usage_3d_depth_ps.cso

Filesize
1KB

MD5
6b2bd02f6150a0fb2f2087228c76fbc4

SHA1
fd794b42ed031b0f88b939e7179f4de76f934a8e

SHA256
75eec469dd5e3f761852e13ac5307104fe9f9de9e501794263da780609966405

SHA512
075a1b6cc128d7713476cdea96e109ab74c84a342730a525ae80353e4c71a60893390903dd067118c8225c60f998d94f79c6ca252ec19e02285538599202b9e1

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\color_draw_ps.cso

Filesize
500B

MD5
0c8cc1ee76b5cdd3560173e209125824

SHA1
fa4dee9d0495c2216d8f426db620984ad3bb72a1

SHA256
4fa78cc06ae9e148305955654679547b0095a1f5ebbb87fc5674a373b473fccf

SHA512
bd13fb6123918edce826802f2e62a10a79e220ac4d8d21f8f43c32731d6d1d1b55248e36061401e9d9078fed1acafedd1e1a15cacbbee2613dbfaa3bbea0ce25

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\color_draw_vs.cso

Filesize
900B

MD5
574c97d1d38518216a927ae3c58b53c7

SHA1
b870c56e60f7b60673178e835611af0d34310a2e

SHA256
c9cde65793a09c91bdb8710fb3f528b764a433c7ae35be03367dabbd38fb3488

SHA512
a4257b2812e6522547c1defdfe2f7239c41b0529a622473be75ba9724d83368d015987170d54d69510c4493f0d638d113b9f42163a6e816377e7e7421c016763

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\common_3d_rem_depth_ps.cso

Filesize
1KB

MD5
6b2bd02f6150a0fb2f2087228c76fbc4

SHA1
fd794b42ed031b0f88b939e7179f4de76f934a8e

SHA256
75eec469dd5e3f761852e13ac5307104fe9f9de9e501794263da780609966405

SHA512
075a1b6cc128d7713476cdea96e109ab74c84a342730a525ae80353e4c71a60893390903dd067118c8225c60f998d94f79c6ca252ec19e02285538599202b9e1

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\deferred_full_screen_rem_ps.cso

Filesize
2KB

MD5
2a031bad0fcd7b9512cec92e228fd357

SHA1
85ba94f1e1adb5cdc534ca6e810572d68b2656df

SHA256
8baf658af92a348b49ca4fbab161ff5f1ec8eadcbe2241d5ec4cef231ca7a93e

SHA512
119a13610f5b29f783182b7677cb0e098045f789186794509bacda0b8388738464e0b4b7683ad773262a76a6ed834c973a7b5a7f163503789089eb4dfae8d51c

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\full_screen_quad_vs.cso

Filesize
712B

MD5
d86fcb972da98206f505dcfa0b45153c

SHA1
076bc9d1cdf656f541507e932e4ceeafa7513ec2

SHA256
3c8c42721e9c536e743accae6217bf0f6bb91f5b87db30c8b2c4394c1eedf4e0

SHA512
72b18ce65ed57e7c2913db89ab42a9993d956c02cefcc575866d026970d2d2c766b825bfdc099fb6cffbf944dcb09367bbc2340d53a42eaf260da98c8846c1c0

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\magnifier_draw_ps.cso

Filesize
1KB

MD5
45815a039128ac5af295f1581337a696

SHA1
52f057f997a8db1d2e8bf3d8ef0a5c4dcbfeab70

SHA256
b7472f05e0f9d5e5f8bc70ff6b4d0ba964096a84883d233d622c2ba6ee2a4578

SHA512
e1b76145868d0dbb1de821040dad53c1b70bc045dfa023900ebdc085e1656de0a744a0fa618bc65b0b41b3ff1cd8b9e17b74b759685e24d217e0ce5ed19b61f2

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\magnifier_draw_vs.cso

Filesize
832B

MD5
1e2648dddffac849fda02abd51cd78bc

SHA1
3cc4648bc6b2e45622584f195a75ff66bdeee2ec

SHA256
66b4f7e58a20d0ee8c37502b0fe7867a3a7dc1ca4dfe622de301ae8c5c7c1389

SHA512
beb02399842e3d65eef4f8514abeeeaaf52c98e35ed56875af66626fbbf2df81b84140d0c9db9a3fbda397609d539829a5b00aa7a4914d19f88f3b6761ab0b97

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\measure_line_depth_ps.cso

Filesize
1KB

MD5
c22bbec80b16e14b53f6503b0712b092

SHA1
1fb1ebcedad00a713e6b9b10f1fce76d2e2a30e4

SHA256
1cbef499d712530fc0c4313f3363a053a67d406d8d029f8a50b6032e4aaa57e0

SHA512
c35f49ba808f9d7e96b5874d9b4846b9512d09525e7e3c138e67b6a317e55e9b439095974ad69a913b2cd2b3e9710e88901b2cc709b5fc9046902cc6881016ba

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\measure_line_draw_ps.cso

Filesize
2KB

MD5
7aa1f1140ed5f32b4373085e45d44404

SHA1
c39cab18eff8f908f992770f9360c5f66c716d02

SHA256
00c447a822f613a66684a55c4286002bbb3f7d010495f3831cfe42a16a3caa83

SHA512
728b08f52a16d90884a385241e968a81dec8bba99da620b983c78ac414cb6dda560bcc6963f582c822e2e5571214141e98f46eb4f7cc203d028667dcf7046ce1

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\measure_line_draw_vs.cso

Filesize
2KB

MD5
a107b4533f475acd4fdbbe98ca9f7d5a

SHA1
167989179fbab9d772e91777ae1fbe9a7f0986f1

SHA256
0c95414d36fc752ba99636ea48ff7fb353c3b13349f47d3e8b88e31ee221075f

SHA512
391a5220ef964673b8fe87b635a933d52c3bcb6c3aef5e7fc913ffe7062051251824041d0129c5ee63f2dd11b69f7c7825e7bcfb94890796cf220885a7b36430

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\modelline_3d_depth_vs.cso

Filesize
9KB

MD5
5d905274de739390e201b55e86effff3

SHA1
816abf973fd04f044e27c2c354bd88131b1d858f

SHA256
ff852536f391268a2017c302f962bab26ea85738db1055e0bca3d0859c644f79

SHA512
bb82639283bb18969daa4a447f437bdaaa726bda737501c966231f47818a05f05a31654fd4ae471947ac2ab19e7cdfad5c11c9dca62296356ed2ddaca982a575

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\modelline_3d_normal_vs.cso

Filesize
10KB

MD5
40661033fd1dc3d3143cdf994b07e472

SHA1
7eba9ecf5aacf28efddba579a412bb025d211386

SHA256
76a32d4729d0ac4c8a928635657fa56af243871224f0ffe4995c59846a5096f7

SHA512
026e9ca244a15caceb3bfcd2467b388e5da4eea32bc12018970c46e68e742903df467a41af58710b4671ab407230d50a65920c41a6439df98dd0a351740722f0

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_billboard_ps.cso

Filesize
1KB

MD5
9082376bf7bc577f1c42128cd4aff238

SHA1
1a21639de445b8f6cb2e3dbfa356319f90cedf0f

SHA256
e74948208eabd3d982104829984b11ef2447b3a26c91d8a84bf4242cddbf1375

SHA512
61d42c8daf1d2c328f5d86bd80349e7d6da384fc7319fd82f2a910f313e39b0b9ef684aac2526b58265e114376e115887d3a52e01b41dfa6a57f565282086e89

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_billboard_sdf_draw_ps.cso

Filesize
2KB

MD5
fc6fffe55d9574f6f85f231a61ce4d38

SHA1
5bc83ffc4eca69db921d972072b05188dfb4b21e

SHA256
bdba5ea35feac29084935077ad1c89be8e07736b4405efd668c1ba2fb7e5a1ce

SHA512
deb6527d85a4410dd37ebffe190b82be0887447c6d36a7b3bdd1e064fd0d449557e6e0171f7bc42811a33a0f222efacb053d788edaec5d131e63a94591bf744b

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_billboard_sdf_draw_vs.cso

Filesize
6KB

MD5
e841ec50841b675864a6f5e66b03712b

SHA1
3affc23be226a2aa14fb3f01a2e2cae9242a2c2b

SHA256
b2c1158d7b5b6e0591dc73e63728c4af75e0d8dad8c9eacfb6b8d9821ecc68bc

SHA512
7c0039e0de441303d9acac5fc4d820ca5ef9c07a1664f6791ca8df04e669533dac729cc7c04e7753be37a9593fee1d8650c969e69eb71654681a6c33ea68b32e

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_billboard_vs.cso

Filesize
5KB

MD5
0e09dcf475b9e479716248036b680a1c

SHA1
cb56ea0a65e8f06b1312e3e90fcd92a0ac90143d

SHA256
9edb78d0e4b1dfd5aea4f79877975474634485780d5de9f5b0ff88712bdd90ef

SHA512
c8bd939152307ca9b1165f87d58ca79567ac13fe62550285729661b383d6832837a8d6aee6ed1ea772fe4f41138e90c7b8f29761d38b48f0994c319a9618a34f

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_depth_vs.cso

Filesize
5KB

MD5
13b7a5661f9f9f7f1d1ec57945f9c9f0

SHA1
f64353371e5815f93a69bb0140d4c733e03be9fd

SHA256
81aabdb5e3f6369d284e77277a14ffd709cfbcd15a15c4de2f5d5f9485f227bc

SHA512
c3f24229f60b459087b209c0be8f75db8af21a148476b9037376e76ee904893b97f671c54eb24c42fb8acef31a5e1ee5e9cb453aa65cdb38fe20952d727eaf74

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_overlay_ps.cso

Filesize
1KB

MD5
45c2f2d50326655f54ef73c4e41ed48e

SHA1
75c5ec3e4c952f3c2744009f2928fd45c1532bf4

SHA256
15e2163b2af61afae0e48f6d140f826ab5262b8a0a1a5e97e8a8a35807349ae6

SHA512
626d316c3781eaba5649465926837131ee9136cb86c13804734e9ba565198859e8a88a9d6ee466be9bdcec1c6d91d937a8d251076176814b994140e190570003

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_overlay_vs.cso

Filesize
2KB

MD5
8a0f130f64c45962a1b7b2bd29d52602

SHA1
b690f1876d827719b565ca65788ef179ef841008

SHA256
c41c8c575a8f2649d4844214b73b066320591a43fcaaea980654dac6d9f9b51e

SHA512
cc850da29d5009232023ffad79e33a8798ef89b28656887849fb0cab3dda0af61c0e14c2dce22c5b84f4528581f2472d40367ec0ba4a67657bb2ace0fb1a8b02

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_3d_rem_billboard_vs.cso

Filesize
5KB

MD5
b056b0950a3628cae3154271a7584a59

SHA1
b68df536413d69939f1128e7f7f6b30ad4f1a6e0

SHA256
3390378de3338ace0efbbab55e2418ef15a1822608990f9356a18626c4d616a7

SHA512
2a3e2809bea7c0f5e2d2ffcd656b81f298be84344ea52f6fc602d527470528b973f914dbe5588dcb186048cbe6e40c5b9c4ebed04aad07d3d0b77e9626b616f6

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_cloud_3d_depth_ps.cso

Filesize
1KB

MD5
1714dcf161db57a81bbff028ea3c7a20

SHA1
a7840fcfcb9d8aca0df1eec14c138e6e0cc0ac29

SHA256
e636ca1ab84c48f62fcafa088c51b73cb1265e72e66e8a665d0393a40b9e8c03

SHA512
6880dfbf8de4c16baa1ecd72a05839764df7127d65ad32d298768382b30d8e9da3642b8007787a783ed31b2d67d67ad22b652dfc584869dc69b21f7f959b95ca

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_cloud_3d_depth_vs.cso

Filesize
3KB

MD5
87106c219ec38a8f228ae770f32ab0c5

SHA1
3bf94aa9061b6dbea7536df566ac82be6781cb5c

SHA256
fd047606369ef5b264b486caff5aae192133cf7aff240f05c2b5a987f808f1be

SHA512
a7dc6d49ac78f17fea4b75a4d1bcad23f845ef7a209cceb7e76aa8eec27e1b167a164fc992439197b03a001b62899c9c11614fcffa4a23ffe207aa02707e758b

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_cloud_3d_draw_ps.cso

Filesize
2KB

MD5
a3684bfa770ada2b38f5ba61430b4056

SHA1
e0312cec43d0faa1b7af45688d86355fae009ae9

SHA256
3ebc2a3a0441f3ce56301a95ddfa81b55f9cef9e14b0da6b8712cfdad6483537

SHA512
13dd9d14fbe573664d9bfc80cd22ee412b5d41db48416c432f099959b2152daeceabf9a363c9bcd8b49cdf513fc7c34b8464a56396bd89d847b8fc404e0ccbac

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\point_cloud_3d_draw_vs.cso

Filesize
4KB

MD5
37597da675f4a08ae794ce8eccc1e3fb

SHA1
a35e475c62e1d0cf0cf4eb84faadeca289dc1991

SHA256
a7a4d4cdad96b93681448c0d5bc944929d755b72045639dbaae1b1329598f378

SHA512
b95304e6295abbac36471eb40e0d736031d373f4bc7880275e061013ef83beb9e34f406d17c61b1cfb820f72856c49149cd17a4e31260e6ef2faebff7b3a405a

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\polygon_3d_depth_vs.cso

Filesize
2KB

MD5
c7b24da128f6a75b09da985c59371427

SHA1
d4dc6e30265562aeced61854e9510a854cab5048

SHA256
7a62fe3badb2af7c9797f89bc966e5c1ae3279184f9a4f6bcb192b9aa7ec1f51

SHA512
0386b7cbcab4ef7e5c978aa57ed990f017607e65dd621b5fd7b71df7a5dfce7ed2ea3a2fd25b0278f739ec187e5b2d1aa1b4036e20b5b1d67d7475639bb1e06a

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\polygon_3d_normal_ps.cso

Filesize
2KB

MD5
32868f71b68c8eadc6af025913d485be

SHA1
73b1e45b416274f64246e144e6df13d24edbbc06

SHA256
8b502b53e9e309d8bd9a1fc92f6b0f15b2444b5147189de234f929822366e24c

SHA512
6bc1664debac9fd51f521cc1d4195ef87659272b0f6c56a73545211237102e940b0fcd8d8d30e45da7cf046d04d2c1db4d64f159bbd3b18b1e69ea066d8b44f4

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\polygon_3d_overlay_ps.cso

Filesize
1KB

MD5
dcca185885e6ab5fa48cd3b61d1d1665

SHA1
6f11e2a7f75d538f5106dfb4d36c4692bc20d061

SHA256
7eb070be9cf555bbd6d961d2105e9a730703af47ef8785aa84c45db4af22c60a

SHA512
62b7fef828e50290cf7b181670f02ddb19b2935744f268ca061c8210ad1a1283fbeb7edd0ba18c0d34c33c8edc555e235f7f677d9f87437584b275e1f0d70155

Download Submit
C:\Program Files\Rystad Energy\Cube Browser\ArcGISRuntime100.13\resources\shaders\polygon_3d_vs.cso

Filesize
2KB

MD5
657ef098cf9ecb2d428427c2180cb87a

SHA1
41a5c082420bd2385b230be9273e9e7b31079e51

SHA256
4ff362035855bd196cc8b462f2b8ad29a9e432e0cec7c09129032bdd43abd85b

SHA512
367bc2ae75738a306bb5170ac735d6330a938e09b96c51f6ce59a5c13538d8e909c8307d74dfb4ca094fa968defd5e2e80d9be2b4d4399c1bb24535d1e7cf513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
e90f88a0535aacb346ef8ab65eab8438

SHA1
c8c9a5bc6f836d2276b7e002cceb507e5ebfe033

SHA256
5ebccf7e85f0222046a4a4e17ffbcc044ed124b34fa086766887ca92c7f3ecec

SHA512
9b793a40e493dbf0e7d0a1a23e3707a8572d4355f631b05694915c6412b3d2e102c974b3d416ddba3d400f7179fb8fa1387754c92b08bfefba3d9b95f4016980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B6DDA6EB7A1EEDFB8F9E8B8BF596627E_1844E22CD73DE2BC539A6EB606468AE7

Filesize
1KB

MD5
f5edffbd40700bf6d39443c33faf8d5c

SHA1
e6420fd4b63aeb1509010abc6c577e82c87bffed

SHA256
ab9e7ae256abc92c81c525691c59a1ef7e5308a4d4bbf0a47a1b9b481c4a70b6

SHA512
e297870a4197141056cbeddadcec459e140d9e6d78537c759e0c2e3ce3ac0a9d4e04280e1a3e9de2492d2b1c16283dce7522042e1ce39a3e1aa8c8aaed3dcea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
9f3b14c4754fb8088c9fc018bcb2364b

SHA1
057c21e772adda6e56e960482fbba83f5aa3b5ee

SHA256
64c0f920f6552f905375500797451f204b9b17ad76940735629b588e3d14dec6

SHA512
e3b2de362be1080d1abb392b4a370ef65fc2251f6209caa2a4bb1378f5376b6062bf33e87e7a2328d3e1641cbd7c9241c5af5e669d396999fa2096b844e0eb09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B6DDA6EB7A1EEDFB8F9E8B8BF596627E_1844E22CD73DE2BC539A6EB606468AE7

Filesize
458B

MD5
63182e5ad7e712026509555c6d40a90b

SHA1
3dcc367c83c4b5d347450d2504795a4aa6d55d3f

SHA256
b657ea1a2adfe8a39cb93b3eb2dcba029bcf50f35507ebeaaa5621021498be43

SHA512
40265e8edcf05c06c3f75ad7683618fe1676e6f4e3bc05cdedd4b7d3baab995b314a1adf01976466a76a09dddefce4453c8b80cb36ebf2d14143f338dc1245f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8eb4a32d11bf304c9cd71bc39c76e0c

SHA1
791d23d41f396d8368bfdc015591b8f672bd2fdc

SHA256
c4d335ca026b44a9683b4c7eb2d31b1df5a31299fe0d4a8c15591e94fd0e2d46

SHA512
9695f61c6aa4f68a4eb5d91f0a3d4bb6daf7bd0632e41ee1930dacc0dd6dc5ad93b15cef06ba087a5bbf15931dd7da62d353c67d7b9ab9c7a1d5d1cebe73f713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
79f17cbb6d6bc59f4f10e176eda4da5e

SHA1
918ef5dc4d4a90cb7ab573eae92e19a0c1d89113

SHA256
30619ada4d797612a709fbc6867f4cdc3f5274fa3aa65c75c569b02589245328

SHA512
4c8afe732b55b801ba09d1debef72a53144f95485f2388b90adee7a903f133694e4bdb340ef70eca59b410fdcbc75b83f40068bd262293bbc392749cab5512e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
23KB

MD5
8dcf47fb635c14c62840dda3ee6ae67f

SHA1
e71e267c6cce3f540a70879d5bd435e469c763eb

SHA256
4580d7ad7b872796d24bd5b254b84a51be1430efaaf37eb37ff48d66339e30f1

SHA512
a602d70c34d1f5bb191a0ab0e00c883dbdf7bfef0c30b785171417a8c6812cb45a68e8c5254fd7d8ec899fe3813503177fa3e515fb7bc7db96538f20c50eb13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8c8246a2ec1cb212ee9a1f15d19d8b7e

SHA1
522d3c986f97a2e8f92224e2d8278b43621a8417

SHA256
31408a24a295b557a23f9ffa8268fdd5707c81c490b59b9352108a6e62a3af91

SHA512
3b8c716ec66a8370616cc683c0c8f14e35eaf32f8563a501abf3458d790cc177b8fdb2df8dbfedfac04366421f6188c604af584afacfccde4612aec588553584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f3ca5ec0d902ecec78f821417646c101

SHA1
1f03fd71ec82b44b1002d6d4fe2766c21938857b

SHA256
26fc1059c063ee18d63e4d3105e7c3cd1dcbe204521b563493f518d97c2d6b91

SHA512
2cd230e232206da3f4311ddbf3a3918b80ef53b8329117d18ebad067ce1c4379db6d7ca5fd3f6b403970f961672620814f61a5d229925217aec6fc6391280050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
85eb4a027520e9465071a3094b8916b4

SHA1
0d158969206dd3f30e166bbeb712e2071e176402

SHA256
1707a39e0a95e149e2ee623364c3f6325bd5a73ddca5ffea04c132a88177f7fa

SHA512
fd0987a32e6aa0ce2b4b3e24341ae877a9bd04bb395d924588df77f8c585505239fa348403ac204f22b18e2a5970b2a66f91f141f754f162e7c09f5a9e9cb18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
08fd7e7987ecd898e16627ad4c2ef633

SHA1
803b342ef43609568e84d45b5fabd47c5c6754d9

SHA256
f9cb70c410e08eac4e2302e0a3bf3028ba71e7da963a34031aac2ddaaf818821

SHA512
bf00f1b7ced5de6fdeef5df46eba33d4ee4471b357b1caef5951c6124fd7b7ca2838b5d4e22e05f886a7baebe850f96c1cbc8ca7718e3639f5b67ce5c490658d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
f7e33c4a2fb954bfab8bef4ce4bdca31

SHA1
a7184de2ffa5f40739a9895ce267733aa992c2a6

SHA256
643faa648b5a187cc8631bdfb6915ce780f058b9d5bc7c940628a983cdc01043

SHA512
d85f7552f0645e767d2119c919f7f4641d8936bd54d4fc30cdde0a91a5f62a37518b6ab28d69d1c0addd53eab023aa5a01b5d572aea6e327811cb5af97834ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
7ff6ff6632e2ab5a0d5763ea15dfae74

SHA1
4c2af232c04e06e5e2d352f0bab906615311c9a6

SHA256
a7192e8c64979915ff697ed420d500d4aafcafbb91aa980a0060ccaeb06c4111

SHA512
2ce1fed074d3e88ed53d513c3f691a2253e58c8e17cb9619a7632e422cc414145ef8ef068b370f53692616867096c4441545b25fe5b2886f232fdc014f939659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
053f8e7273757cde1230012e634b9d27

SHA1
ae9f8e25a3b9c23144044020c1db252b3fce1da3

SHA256
6a86b328df4eb9addd2676d6f60c867c7d145d4c05b34b55395afa5cc4561ede

SHA512
1f3a262f81a5d6c0bf70557f0ceaa7af9eb3c422be58a0789461a46abc1e505fe2bff02c903995d29903ed54de21294049f810a81617e15790534595688239bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
be8de4b7e85493e7998cee3727f53b74

SHA1
52bdd2964b65762d122b21dbfd1b3e35f445ff83

SHA256
ca114748eded63b42af90f52eac63c5a2c3ee50a9de7b7f5cab6ed151dd02fa0

SHA512
de06d7c3b7b2858b5bf9c8828a04899b0b106a14d5640a586dc10b6d4e9f51be7a4af7ba838fb9aa0702873e375858aefbb6be4bbeae9a6479531e1cf09ccafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
22175b2d37fd59f2c675f24bc3cc052d

SHA1
6a918c2f5b602d4b3e039c3b9ca71c6f2be5e018

SHA256
d0212f0dea2eadce99169a9a795daa4354dd75d1500861ba2ed4c6c899d28871

SHA512
c9662555e645f3570d2d2fa58620bb4002af4b930ee711040ca77d8927143c13573ce2770a282e4a50424d09ee021be83878bfca6eb4457a296c986b1ab2e052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ff37aef2e0038f898c2e9e0bf3e016e

SHA1
f14403f76fd6e73cad880d3dd3dd5313c6634c23

SHA256
6c11c32369d84eb01d7d38a71eab19e54ec833cd7c81033ef32a01ae7be999cb

SHA512
729a99cbeed5b960f3c687ec47b508f4825b00c2910cdaaec85a1e18e433425b64a5ce01af235000aa40f92484a847815c73c6ab0683e3ad53b44433e89a88d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8a111ec02322ca31d657fb72c2684664

SHA1
104f6a10b4c17de5ae720dcc4490901c423718a4

SHA256
d4f83e8cb0e776c7f404d26bdb503bbae29d153c4d9febd5e07b17fcc03b487a

SHA512
7961b408ed9db307c98d5e77a6cae1293455a456ed9a92562264eb0ea3416326f5251af45ef90160fd95dd0d5e1733e0d6bb02bad32b12982e09910187d14c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
1d2fc6d06a17bf4368076757bba70c93

SHA1
c2cbacaf6bbc4c7764d09d6c96e1eef6c73c2d91

SHA256
e6cf18f23d0fc4d899a736b4e0d3391e7f1aeb631f0ce722a7c1221fd4250427

SHA512
d659a332e143ed421818455cd823eaed5ee7c7534ced4ec04b83c6047a4d71c811d6d42bf9b79462d9766c2c69a732c25ebcba59804905d4d2b7dd978393ad33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
dccc1d3374c94cb98d895c294c83fc30

SHA1
5cb3d8413eac9404098fb20f6522449509f9ff6a

SHA256
7639fa90c8b62cef717abbfbf1a0507b6192fa004b182df7544ee35cd6fa7af0

SHA512
012922be66f1805902ec5ab3960f737d4ef4e525847601833131d0d889ed21a5dd827ada27024ef10a2471b5ae775e262452396aeb8cc078e1415dd07be071c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d4922df261e9f32fc116d9d5297f6381

SHA1
130430134ed6a1697ba36ef8adccad8e93620b4e

SHA256
8525e0eddb53a2a2f40c4478da1d7f909f231e9acc102a9dcf58738c926c2e3b

SHA512
1cc500469e8f2adc7912d1fb53e391094ce33767ba7a40981bd967aa57cfbb85c7df7da3b1d4bb75785619780738e60e26a3fd70b93cc7e6b02fb473143e2f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
105a4183b9b3607420b48f36995b5c6e

SHA1
90b310308c958971666c3b194859b8c11919b05a

SHA256
fab91ddd329b4d9c7874fd2971380c664f9d45799e44ff47ed4bee069b240cea

SHA512
b6ea267f8a04867f0c80b0217a68f8890a05cf55532d63a1a75698d2a459d377cb41b74afc6b7f098a27417d3084b1977af08a603f1c37050f9f2e15793523c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9b59a30f8f2e3e6ff716aa1ae14b5719

SHA1
038cbc3b15ef9918a5ae48ad562db1910cd1f3f6

SHA256
d1e5f6058139907df5fcc6f019430573353ef0718334f5dd9eb08163a168ca97

SHA512
5213b4068a71ee8b7c5c06e0d4e48dd079c5cfd7a004ac31a3290b6e6734a437ff41308aa0c11da6de792a6010933adcbdbabce257784bf055c1b101119b8199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
e598d458cafb03c0075b7d1afaf2e6fb

SHA1
5baf2a12e2da6f46b1823c71b1f22a042419bd78

SHA256
e6672dc916d5b3ae80abc324f86ff3a55ee2aa5ef0b4030385e83584b8983b85

SHA512
8e2237f6785149c99bfbfec02bd04a2369f64c6c0b41c28dacf2242e68080c3caeaef71b6fb378c2e2ac1e610969692b26ca7c68fbf6dec5997d1dcd072a3fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8be9344e18eda50938825c8e4742f521

SHA1
0261eefebefa107096a24fbd7c7474084287db63

SHA256
21ebee819111d89d5bb23b3be405fd81278cbb4d74455af08b071e05067e3ee5

SHA512
53193bc53237d55c59173b0af088f3aaf93c4bc82acb996747ff43f87e0fd2cbacdf4e5ecb9b463d115f22fa6786ee6687a2d64c5aaccc62b1fb6d9820ca7c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7040ce94d17500a36138e6bcf0db2fe6

SHA1
4e8aebe997d133e25d77e4e36464e46ba4033536

SHA256
983b4a03c5860992a3863578f761eb18334e0dff751fcd01a58cff3f681d595d

SHA512
984d4dc4cd1ad1475a54eeec37938e476197d5909f96ff8c3cb311c1f9f2166aa2c424eda4e9d983582b6fdca065f120cf380c73b44f88264a428f6ea1c76620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c6cb3e7ea522e38dec83ae43a1f801e3

SHA1
7684fad0dfad5286cf743f44c1f08abb206e0e18

SHA256
a1aacf99347c9700297912a5efabf30ea9f37abe5c4760d1659e13013ff3fece

SHA512
7d971f2ca5b09e3949c3ede5cf85900c561796396dc850db2200c89bd80af9e25f5a582dd312dafa2832454e82e648acee26c2103afbe0a3cdb09cd2bc82ab53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aa191.TMP

Filesize
2KB

MD5
3b7168a1b2d0d4dcb80bb124cba7655d

SHA1
64a1e444111f8c4dc7585500bb10835a9643c788

SHA256
25ba50d69e8ef59fc0fbfe5d174b363bd896e0d5139151f5db92887ad217402b

SHA512
e2e5dd2f084b4de11c4e234abd94cd74c5626fa14abef4256b36289da6195eb5855b2350f1db3acc70a7a4a2d8ba0654c7c4c1a08308ff0e9da39db9511627a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
852b64551ac6ad84b634b109cb244ba3

SHA1
a0c2641288718b15010306922ca7388660b0da95

SHA256
a66ce040287f4728b3ee72f0776d2779679c80f3c2dec9877efdd9fd6dfd61fa

SHA512
e238a980fd88b73cc415d315fc19a35bbeb2ae80ea82384686788926b806b45de221bd44ac48833c05107514677d7688ae6edb3c0d3ce7c650a551a105100658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
42458dbfda3cdac481d6b2c327d9ed49

SHA1
6ac91df1c4abb7447a0fabc81fb5513184fef71b

SHA256
ec2cd151214e67d0cc4c0f68dd9eca4a815639ede2c191274f7f432eecf81d6b

SHA512
4710f7853dd18de3d37280fec70701a02400e579ccb4c398b173af53bb77480c7a17b4dbeafcb869343045a4e205c3d0ec77eb0dcdefb348922b5a648971abf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
f7c17e76b4daa3c2d11b5291149b9970

SHA1
9fa1ed4296ea0e9d0858ef25974bf49906f2f54f

SHA256
c513f39c153385144a1780c11abc32374b319dfcb8630ab8a9de0509a21c6c5c

SHA512
a27bff712528f14e2a0c90cd3f31effd56934c1771bd70dfca4cf035d75ad591f5e1533d1c629223cad75945c439d2f31b80abed84cd9e990f21c06376a4b5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
150a5f6fd9f7f6ba9a22f12b16978458

SHA1
e77fdc2768b1e446bef5ca497fdc0b136e890170

SHA256
e17d7da2005ff4d7e8f50336fda9bcc83fd3ac24ad07beeed26e52b20cdf2b20

SHA512
d2f0242e2c8d128599c926b1091fe5183af3f227bbfa44eb72ed6305f8853e217d11a7aa7b316778438982d3011c33afbaf61612ef8931c426fdebcab986e628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
034f9c0f0decc5bbeb14a90222b90ed2

SHA1
98b7979b38502711addb18fd844faa584d72681e

SHA256
499d642d20029be9613d9440c868d76e64cd08d2f62de78cd8bf0977c4477e42

SHA512
716bd87fe9a3afb85911395f90238668d2a3af4f972fc7dcef0462731625ab13a40b378b0ad7cc207d71a1ce1c32b05dee7831c59f8ab405e79ae12d6ff0db0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
12d0f5f998461d88c4f31d5e1bdcece3

SHA1
25593514be2fec2efa06a53093fe63e0cd76de0c

SHA256
5da326e2013210cc4cf9dc8372df06cee3de6a4d170bfd1bda117a1e13c225e4

SHA512
a0307aca2b86c7ad276bca2928dbadfd8845d3ee6903bf9e2448c48ce2cdc216afa4eb7a23bc0553642842a471d68f0d22fef7483d4a51e01666a46ba6497acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cube_Browser_(64_bit)_20230329070510_000_MainPackage.log

Filesize
72KB

MD5
392bdd4cd41d0330e6b1e8dd36c840bb

SHA1
db96904641d3775af6a25a559590f70e819b6b3a

SHA256
a64a6de36639c6e287980a6418957e0602ff6353f7f1982f3d206f64a5bca722

SHA512
c07307f7c0ef836e45f7858bddfa8d1e1c0257b7eb29a4e69b85a9d2122c630b0e5e2b8c0e4ff8c6936880b3a2dcb586e7cd27cc91c14258f45273f45f9cd28b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI40D.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI40D.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
efd485b3aa0d7af236b75158cb1520d5

SHA1
4c7dc0b8e335df03d70367f4ea2e4cd94da8ea1b

SHA256
74533c89983e31a25fadfd24e0564fcea140f8fe307d2cd073367d58345e033b

SHA512
006a61a36faa9664d6adf536b120c827561a64d1fcf3a167586bddc35114f1a55ef9dafb57a8391e3f5daa3991fc869b748f4762639742bc21e4a335b8ab2222

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
9ec653978b10058ae97f7e089fd15dde

SHA1
d1c8a4cf73e640eaec245aaa8204a2d0f95cf877

SHA256
361039326ec526279873c75e8fdac2bbcb2cfe6822b8a9aa5b219e95ddbba8d1

SHA512
4135694fbee92f109dd692bd5c3c3f16f7ee0241a672c581a1c52e03ef58c2944b868d59ed042c1535fffc73830680eb8c850a235edc017c1ba282de6dd98bad

Download Submit
C:\Windows\Installer\MSI2022.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\MSI2022.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\MSI24D6.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\MSI24D6.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\MSI501D.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\MSI501D.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\MSI501D.tmp

Filesize
154KB

MD5
b2e2c24ebce4f188cf28b9e1470227f5

SHA1
9de61721326d8e88636f9633aa37fcb885a4babe

SHA256
233f5e43325615710ca1aa580250530e06339def861811073912e8a16b058c69

SHA512
343ea590c7f6b682b3b3e27fd4ab10ffeded788c08000c6dd1e796203f07bf9f8c65d64e9d4b17ce0da8eb17aaf1bd09c002359a89a7e5ab09cf2cb2960e7354

Download Submit
C:\Windows\Installer\e591330.msi

Filesize
75.5MB

MD5
d78d3ecee6f6e888acee9d3f61a613c5

SHA1
b76872ce022140cc53fc98c9e7d79f965451c282

SHA256
1d11d227e2932b324b619f62c961cc211340873e472cac6c3bdb81c9f5722e42

SHA512
cf70665e5dd0f668e121937c1f50a71898642d50a5c01e299222526e604229032cdd73d1b8d105149cfc4c7ef4bc9ed649f0a092e2f94d0c2615549f28176110

Download Submit
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.ba\logo.png

Filesize
31KB

MD5
ea99ad404a4c1f751ad438d3cf1530e9

SHA1
a174474f853be0eb961363579faa7630d38bf0db

SHA256
b336ad36348bfc804ae5118a095e1bdda960f4464a31059fdaabee4e034858e2

SHA512
026869f1318a40419a7766b2d847706a67442c1613a310bf0d3b174187f1a2989042c711f5b1e59f907c5be7aef6b40d4df9a1d8a962756c156c730f8278f77c

Download Submit
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.ba\wixstdba.dll

Filesize
184KB

MD5
fe7e0bd53f52e6630473c31299a49fdd

SHA1
f706f45768bfb95f4c96dfa0be36df57aa863898

SHA256
2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80

SHA512
feed48286b1e182996a3664f0facdf42aae3692d3d938ea004350c85764db7a0bea996dfddf7a77149c0d4b8b776fb544e8b1ce5e9944086a5b1ed6a8a239a3c

Download Submit
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.be\CubeBrowserSetup.exe

Filesize
605KB

MD5
41d45ae616eb809015ccbb85fcfe7c79

SHA1
5c50352ef6e48fd287434fa542073af296b0f855

SHA256
544246b9bbc5dcf0adb4240383623bcb7464b66f478050aaabd366be64b540b9

SHA512
e7e27a4fba66f8b798d479ecf27a25c79699f887731bbc68ff397edbc607d6424cdf35291e534d79eabeb3becd12531609fb6b08b4f15b3c761c28b3606d1db6

Download Submit
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.be\CubeBrowserSetup.exe

Filesize
605KB

MD5
41d45ae616eb809015ccbb85fcfe7c79

SHA1
5c50352ef6e48fd287434fa542073af296b0f855

SHA256
544246b9bbc5dcf0adb4240383623bcb7464b66f478050aaabd366be64b540b9

SHA512
e7e27a4fba66f8b798d479ecf27a25c79699f887731bbc68ff397edbc607d6424cdf35291e534d79eabeb3becd12531609fb6b08b4f15b3c761c28b3606d1db6

Download Submit
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\.be\CubeBrowserSetup.exe

Filesize
605KB

MD5
41d45ae616eb809015ccbb85fcfe7c79

SHA1
5c50352ef6e48fd287434fa542073af296b0f855

SHA256
544246b9bbc5dcf0adb4240383623bcb7464b66f478050aaabd366be64b540b9

SHA512
e7e27a4fba66f8b798d479ecf27a25c79699f887731bbc68ff397edbc607d6424cdf35291e534d79eabeb3becd12531609fb6b08b4f15b3c761c28b3606d1db6

Download Submit
C:\Windows\Temp\{3B9A89DD-E178-45D9-A5D1-523BE12A8A11}\MainPackage

Filesize
75.5MB

MD5
d78d3ecee6f6e888acee9d3f61a613c5

SHA1
b76872ce022140cc53fc98c9e7d79f965451c282

SHA256
1d11d227e2932b324b619f62c961cc211340873e472cac6c3bdb81c9f5722e42

SHA512
cf70665e5dd0f668e121937c1f50a71898642d50a5c01e299222526e604229032cdd73d1b8d105149cfc4c7ef4bc9ed649f0a092e2f94d0c2615549f28176110

Download Submit
C:\Windows\Temp\{5AC7FBD5-FC2D-4129-8B22-D8FCB78E51D8}\.cr\cubebrowsersetup_x64_2_6_2.exe

Filesize
605KB

MD5
41d45ae616eb809015ccbb85fcfe7c79

SHA1
5c50352ef6e48fd287434fa542073af296b0f855

SHA256
544246b9bbc5dcf0adb4240383623bcb7464b66f478050aaabd366be64b540b9

SHA512
e7e27a4fba66f8b798d479ecf27a25c79699f887731bbc68ff397edbc607d6424cdf35291e534d79eabeb3becd12531609fb6b08b4f15b3c761c28b3606d1db6

Download Submit
C:\Windows\Temp\{5AC7FBD5-FC2D-4129-8B22-D8FCB78E51D8}\.cr\cubebrowsersetup_x64_2_6_2.exe

Filesize
605KB

MD5
41d45ae616eb809015ccbb85fcfe7c79

SHA1
5c50352ef6e48fd287434fa542073af296b0f855

SHA256
544246b9bbc5dcf0adb4240383623bcb7464b66f478050aaabd366be64b540b9

SHA512
e7e27a4fba66f8b798d479ecf27a25c79699f887731bbc68ff397edbc607d6424cdf35291e534d79eabeb3becd12531609fb6b08b4f15b3c761c28b3606d1db6

Download Submit
\??\PIPE\wkssvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4688-1148-0x000001C8BF440000-0x000001C8BF450000-memory.dmp

Filesize
64KB

Download
memory/4688-1110-0x000001C8BD3A0000-0x000001C8BD612000-memory.dmp

Filesize
2.4MB

Download
memory/4688-1111-0x000001C8BD980000-0x000001C8BD992000-memory.dmp

Filesize
72KB

Download
memory/4688-1112-0x000001C8BD970000-0x000001C8BD97A000-memory.dmp

Filesize
40KB

Download
memory/4688-1115-0x000001C8BF440000-0x000001C8BF450000-memory.dmp

Filesize
64KB

Download
memory/4688-1114-0x000001C8BF2D0000-0x000001C8BF2FC000-memory.dmp

Filesize
176KB

Download
memory/4688-1116-0x000001C8BF2A0000-0x000001C8BF2AE000-memory.dmp

Filesize
56KB

Download
memory/4688-1117-0x000001C8BF450000-0x000001C8BF468000-memory.dmp

Filesize
96KB

Download
memory/4688-1118-0x000001C8BF470000-0x000001C8BF49C000-memory.dmp

Filesize
176KB

Download
memory/4688-1119-0x000001C8BF440000-0x000001C8BF450000-memory.dmp

Filesize
64KB

Download
memory/4688-1120-0x000001C8DC3F0000-0x000001C8DC406000-memory.dmp

Filesize
88KB

Download
memory/4688-1121-0x000001C8DC3D0000-0x000001C8DC3DC000-memory.dmp

Filesize
48KB

Download
memory/4688-1123-0x000001C8DC470000-0x000001C8DC494000-memory.dmp

Filesize
144KB

Download
memory/4688-1147-0x000001C8BF440000-0x000001C8BF450000-memory.dmp

Filesize
64KB

Download
memory/4688-1141-0x000001C8BF440000-0x000001C8BF450000-memory.dmp

Filesize
64KB

Download
memory/4688-1122-0x000001C8DC450000-0x000001C8DC46A000-memory.dmp

Filesize
104KB

Download
memory/4688-1134-0x000001C8DC4A0000-0x000001C8DC4AA000-memory.dmp

Filesize
40KB

Download
memory/4688-1133-0x000001C8DC560000-0x000001C8DC568000-memory.dmp

Filesize
32KB

Download
memory/4688-1132-0x000001C8DC520000-0x000001C8DC546000-memory.dmp

Filesize
152KB

Download
memory/4688-1131-0x000001C8DC500000-0x000001C8DC516000-memory.dmp

Filesize
88KB

Download
memory/4688-1128-0x000001C8DC4D0000-0x000001C8DC4F2000-memory.dmp

Filesize
136KB

Download
memory/4688-1127-0x000001C8DC590000-0x000001C8DC63A000-memory.dmp

Filesize
680KB

Download
memory/4688-1126-0x000001C8DC420000-0x000001C8DC42E000-memory.dmp

Filesize
56KB

Download
memory/4688-1125-0x000001C8DC410000-0x000001C8DC420000-memory.dmp

Filesize
64KB

Download
memory/4688-1124-0x000001C8DC3E0000-0x000001C8DC3EC000-memory.dmp

Filesize
48KB

Download

pid	process
1276	cubebrowsersetup_x64_2_6_2.exe
4520	MsiExec.exe
3212	MsiExec.exe
3212	MsiExec.exe
1696	MsiExec.exe