customerloader | 9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0

max time kernel
1050s
max time network
1013s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/10/2023, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-10-25 08.11.54.png
Size

13KB
MD5

51e504750e157c50fd5f07ae7643639a
SHA1

aac2c4a1fd69fef7bff8c7447a6d13fa8a9a7452
SHA256

9d1d5346149f31169406d2b23ec83fc292d561979a4f7819c26e74748d9efab0
SHA512

b84134b916a1b91ced634997dbb810f77baa398e0e2c485db5a245e13609398d2c2e88dc6dec8080a769739125030aad33ca526480c67f46791537132020579b
SSDEEP

384:MjreO3cNJHZf1wup3chMjNuMQBmiL4htpBKdBZ:83Kbfmup3A+tpC

Score

10^/10

customerloader xworm cryptone downloader loader packer rat trojan

Malware Config

Signatures

Customer Loader
Customer Loader is a downloader written in C#.
downloader loader customerloader

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral2/files/0x0006000000022fb6-875.dat	family_xworm
behavioral2/files/0x0006000000022fb6-964.dat	family_xworm
behavioral2/files/0x0006000000022fb6-994.dat	family_xworm
behavioral2/files/0x0006000000022fb6-1240.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

CryptOne packer 4 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
behavioral2/files/0x0006000000022fb6-875.dat	cryptone
behavioral2/files/0x0006000000022fb6-964.dat	cryptone
behavioral2/files/0x0006000000022fb6-994.dat	cryptone
behavioral2/files/0x0006000000022fb6-1240.dat	cryptone

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	EV3 Classroom-win-1.5.3.4056.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	EV3 Classroom-win-1.5.3.4056.exe

Executes dropped EXE 7 IoCs

pid	Process
3488	EV3 Classroom-win-1.5.3.4056.exe
3584	EV3 Classroom-win-1.5.3.4056.exe
2416	EV3 Classroom-win-1.5.3.4056.exe
5432	EV3 Classroom-win-1.5.3.4056.exe
6100	EV3 Classroom-win-1.5.3.4056.exe
6400	EV3 Classroom-win-1.5.3.4056.exe
1652	EV3 Classroom-win-1.5.3.4056.exe

Loads dropped DLL 64 IoCs

pid	Process
4296	MsiExec.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe
3488	EV3 Classroom-win-1.5.3.4056.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
162	5088	msiexec.exe
164	5088	msiexec.exe
166	5088	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe	msiexec.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5b923a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b923a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{1AA31EDF-1388-40AF-97D3-EF1CCA5E211A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA5B2.tmp	msiexec.exe
File created	C:\Windows\Installer\{1AA31EDF-1388-40AF-97D3-EF1CCA5E211A}\icon.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{1AA31EDF-1388-40AF-97D3-EF1CCA5E211A}\icon.ico	msiexec.exe
File created	C:\Windows\Installer\e5b923c.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000004e6fa88768ff2e40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000004e6fa880000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090004e6fa88000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d04e6fa88000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000004e6fa8800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133428003907144684"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\p_fileassociation\shell\open	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.lmsp	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lmsp\ = "p_fileassociation"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList\PackageName = "EV3_Classroom_Windows_1.5.3_Global.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\p_fileassociation\shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\ProductName = "LEGO® MINDSTORMS® Education EV3 Classroom"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\p_fileassociation\shell\open\command	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\FDE13AA18831FA04793DFEC1ACE512A1\ProductFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\80FEA36CFBE3F1D4EA194FC1BBA600E8	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\80FEA36CFBE3F1D4EA194FC1BBA600E8\FDE13AA18831FA04793DFEC1ACE512A1	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\p_fileassociation	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\p_fileassociation\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350690463-3549324357-1323838019-1000\{F8CD8D7B-5C08-4158-969C-EA274A341C33}	EV3 Classroom-win-1.5.3.4056.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\p_fileassociation\shell\open\command\ = "\"C:\\Program Files\\EV3 Classroom\\EV3 Classroom-win-1.5.3.4056.exe\" \"%1\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\p_fileassociation\ = "LEGO® MINDSTORMS® Education EV3 Classroom"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\FDE13AA18831FA04793DFEC1ACE512A1	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\Version = "17104899"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\ProductIcon = "C:\\Windows\\Installer\\{1AA31EDF-1388-40AF-97D3-EF1CCA5E211A}\\icon.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\p_fileassociation	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\PackageCode = "80B4AFD46EB06F9479570595D9355868"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FDE13AA18831FA04793DFEC1ACE512A1\InstanceType = "0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3092	chrome.exe
3092	chrome.exe
688	chrome.exe
688	chrome.exe
368	msiexec.exe
368	msiexec.exe
2416	EV3 Classroom-win-1.5.3.4056.exe
2416	EV3 Classroom-win-1.5.3.4056.exe
5432	EV3 Classroom-win-1.5.3.4056.exe
5432	EV3 Classroom-win-1.5.3.4056.exe
6100	EV3 Classroom-win-1.5.3.4056.exe
6100	EV3 Classroom-win-1.5.3.4056.exe
6400	EV3 Classroom-win-1.5.3.4056.exe
6400	EV3 Classroom-win-1.5.3.4056.exe
1652	EV3 Classroom-win-1.5.3.4056.exe
1652	EV3 Classroom-win-1.5.3.4056.exe
1652	EV3 Classroom-win-1.5.3.4056.exe
1652	EV3 Classroom-win-1.5.3.4056.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe
Token: SeShutdownPrivilege	3092	chrome.exe
Token: SeCreatePagefilePrivilege	3092	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 1788	3092	chrome.exe	100
PID 3092 wrote to memory of 1788	3092	chrome.exe	100
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 4936	3092	chrome.exe	101
PID 3092 wrote to memory of 1768	3092	chrome.exe	102
PID 3092 wrote to memory of 1768	3092	chrome.exe	102
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103
PID 3092 wrote to memory of 2156	3092	chrome.exe	103

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-10-25 08.11.54.png"
1⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff905199758,0x7ff905199768,0x7ff905199778
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5248 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3432 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4904 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5408 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6060 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6136 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=884 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5320 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\EV3_Classroom_Windows_1.5.3_Global.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1776,i,13463199564472126998,7005048683324623673,131072 /prefetch:8
  2⤵
  PID:3980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2056

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:368
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4988
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F3C4D3DB76923C4B521F0C483AF1B5FC C
  2⤵
  - Loads dropped DLL
  PID:4296
- - C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
    "C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3488
  - - C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
      "C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe" --type=gpu-process --field-trial-handle=2224,16021723278346262419,8877187640541842711,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --lang=en-US --cefsharpexitsub --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --mojo-platform-channel-handle=2256 /prefetch:2 --host-process-id=3488
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:2416
  - - C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
      "C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,16021723278346262419,8877187640541842711,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --lang=en-US --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --mojo-platform-channel-handle=3352 /prefetch:8 --host-process-id=3488
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:5432
  - - C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
      "C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --field-trial-handle=2224,16021723278346262419,8877187640541842711,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --cefsharpexitsub --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4288 /prefetch:1 --host-process-id=3488
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6100
  - - C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
      "C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,16021723278346262419,8877187640541842711,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling --lang=en-US --service-sandbox-type=audio --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --lang=en-US --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --mojo-platform-channel-handle=4708 /prefetch:8 --host-process-id=3488
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6400
  - - C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
      "C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe" --type=gpu-process --field-trial-handle=2224,16021723278346262419,8877187640541842711,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --lang=en-US --cefsharpexitsub --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\debug.log" --mojo-platform-channel-handle=4948 /prefetch:2 --host-process-id=3488
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1652

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1552

C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe
"C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe"
1⤵
- Executes dropped EXE
PID:3584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x518
1⤵
PID:6540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5b923b.rbs

Filesize
8KB

MD5
1bc5dc64c94adcd1967c829f0226bf1b

SHA1
50a12eb4e8c849fa9a1e5f4e8f630490b8466a83

SHA256
95baa0a365f1c4d9f7549e193c773e48a273a4e8df728661338005d540602e0e

SHA512
1d2e8e5b3994bbb10fb07ab465006e136df0db9202493ac3e12bbf1068291da2509c94f8a6f004525b64703e91640729e3c4fa66cf475dd366084261994643bf

Download Submit
C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe

Filesize
491.3MB

MD5
c10f230d0d569bc5f33f9f3b6b709063

SHA1
46be5bda8b95878a71ee8dbb994072c14a4ef460

SHA256
d960568756546d24be2c0e0a106b140aa4b119c700de3a68710e16edc7cad839

SHA512
f49890aca15d6c62434aaa71d5c59fb03b8fa169daf014f5108080fae989af682bc0a54620e487e7450ebd02e89ea7a7699eee9d24da86448b6892b40f18dac2

Download Submit
C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe

Filesize
491.3MB

MD5
c10f230d0d569bc5f33f9f3b6b709063

SHA1
46be5bda8b95878a71ee8dbb994072c14a4ef460

SHA256
d960568756546d24be2c0e0a106b140aa4b119c700de3a68710e16edc7cad839

SHA512
f49890aca15d6c62434aaa71d5c59fb03b8fa169daf014f5108080fae989af682bc0a54620e487e7450ebd02e89ea7a7699eee9d24da86448b6892b40f18dac2

Download Submit
C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe

Filesize
491.3MB

MD5
c10f230d0d569bc5f33f9f3b6b709063

SHA1
46be5bda8b95878a71ee8dbb994072c14a4ef460

SHA256
d960568756546d24be2c0e0a106b140aa4b119c700de3a68710e16edc7cad839

SHA512
f49890aca15d6c62434aaa71d5c59fb03b8fa169daf014f5108080fae989af682bc0a54620e487e7450ebd02e89ea7a7699eee9d24da86448b6892b40f18dac2

Download Submit
C:\Program Files\EV3 Classroom\EV3 Classroom-win-1.5.3.4056.exe

Filesize
491.3MB

MD5
c10f230d0d569bc5f33f9f3b6b709063

SHA1
46be5bda8b95878a71ee8dbb994072c14a4ef460

SHA256
d960568756546d24be2c0e0a106b140aa4b119c700de3a68710e16edc7cad839

SHA512
f49890aca15d6c62434aaa71d5c59fb03b8fa169daf014f5108080fae989af682bc0a54620e487e7450ebd02e89ea7a7699eee9d24da86448b6892b40f18dac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17

Filesize
2KB

MD5
9e3fb2073769cbacf0ebb6f7f4f29c58

SHA1
8ada8cb3a77faa5d337528bbd3102b38321940c7

SHA256
b96ef9a5bec16b42d864fc84f10d6aaa1ab86f1741122e9fe9ef81732eca09b3

SHA512
2ccf66f29cab4f7a3503dae33c62d9e78d89f1680f34882dc9e3f4a221d228fec8f6bee8a8b6b08073ca36fb5f704d5795745d9f46042ab835e8f3e005573f64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
1c8d079ba37a6fa45f42033bc5a9a3ca

SHA1
6a12a29f36962412f9c91a91b2a387e867bdcb70

SHA256
3938528fa67e476908fb1da224cd963391c16a58b22f9ab260073726db2f1a30

SHA512
74a629f2bd474e2efff0342be523515f9e225c358fc9f4fe11dc397f502abf793a0a573936eb354c2215e5bf3135f5b748aa033c349270447f14916283120adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_555476A565986D205C40412643ADA90D

Filesize
510B

MD5
b22fb39a9be9f34a8b0ede2704c33614

SHA1
4fc0db814d71f0e0d12e699afafe2de1ecde201e

SHA256
c9cd54b0ffa1f76bbe56689df83f0115aed217e69500f8282a34cccb443c0713

SHA512
915abee7f0751b55709d3d247551a5acc58fdf07f1aa615d1f85072fca6f2e79badda6f41da0c6e533f21f1a542a2857c0704759ab3be341d062e1f125fc8c38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17

Filesize
488B

MD5
a921431d1336ff70b617bfadc66c681a

SHA1
b831e6a40c73410030bf3bb21124c53775a256e6

SHA256
39f5b556100e77bfc166f9efc3cb624d2e12e9c5996e1d69b339d0ca0caf9178

SHA512
8c70381f5c58c0969d451a5ea574d7684034f1b05d6fbcd395fdf7a9e53f8ba01de815c8cbcf9d000ea6a1100aa3c2f813f72d36feec1523b8e8e0071aebb832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
fd7389e5e699bca2ec9c5c37a083ad24

SHA1
91f7ef574b1de508d54dac7af665de853c098ce9

SHA256
7a964ee5428ef84b0f5b78d7814c99411d16714ce157b42eca34d56d85947e4b

SHA512
175f1d9026e2a2a676527e071c8458cb38208202e3fd7d98683126abbef471b97a8b30bf13035bfddec0f6f50091c8972cf8795eaccba10754d60553fee7b587

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_555476A565986D205C40412643ADA90D

Filesize
480B

MD5
8b5917eda1a28dd95c5521f09b47b3dd

SHA1
bebd647cd5080b685e7b8da92178c267bfedefcf

SHA256
39f1cd00947b8e72f7209aa2a0926dae18cd6bc195c1e02a52fa5d45e3f7c985

SHA512
320ab08c643cc0d0d6c329278e17f0f6ee118d6304a532bc177496873672d39624bc08e0cc3857de79a7cdc7ff5927112f19ba8514daefa0e52019d1fffe4602

Download Submit
C:\Users\Admin\AppData\Local\ASP.NET\DataProtection-Keys\7790e162-63d0-4fab-878f-3f388e8ff1f0.tmp

Filesize
1KB

MD5
7f7db66ed0d10071829103aa353e4174

SHA1
81f15de130b9e0008b196127f1e491d7a5f6b442

SHA256
55e98d2c00b05a1c77a12f670f9733ab407bd7e03e0b26d0f8e9c5c2d613bdba

SHA512
3619941f4a345ff5a6ff5b75236f41668260f75591711d790bbd1fa98aa49e53ea05d5ce818c9603d7357ebc23bf498b5508dfecf65631ec93a4dffcd6dc9d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0585c693-4287-492a-bc72-6ad2a3efbc3d.tmp

Filesize
215KB

MD5
96f7191a93377f50c0b33213f7ba0a47

SHA1
0c1d385f822f3de1774cdf82f7bb71d40cd493d6

SHA256
def581abd9bc1707a52b5b53a952ea9f9ca2cc98b6ebaee74e090d4b110987f3

SHA512
00264d6e3a66492a1d6c84a36da59c7ed2710932c2cd0ddfd20f57d6af2970ca3c0d70f31427fd4f0cdcf6921263c78ad02074ffdd061359b210f78d36f10c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5800bb8b-c093-4347-aa46-49e3f73b6bb1.tmp

Filesize
15KB

MD5
21eb3a2222e61d8a216ba42c7a60c9f4

SHA1
7a7fc72d41f29cef1291c61e01225c9fd83ea2eb

SHA256
fdb280feb3d1723d09c959b1acbdda66c0df23f860659802af26bcf536965cfd

SHA512
ce8917f872414b1caec0cb50ece5b4af1b7fe787cab24802753ef33af50e68a09229733d7cac0e0fcc3915ac6cb020afaab9f3c4a9361c12f88f0117a0a4d40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
1.4MB

MD5
2a7107cdfd85a80fccd645fd65510925

SHA1
f39af1407083af1ceee622f71d5afc443a1a6620

SHA256
3c1fd13064bd5fa6b3728ea15e47cb49acd2e6ef3c69adc0b7c018ff1487b445

SHA512
56a2773cca0663ba8a2d0e133880958fd6daca098a4a4bf975299093a6e1b130cb01f03c5ea0e7c88cbd43ee4a19cd81edefed2d17daaa7bf8bf4b024721c00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fd58ee36729a64731a4bb7c35045793b

SHA1
8f50b0ab84cbf7cd6930e177986b20cd161b2699

SHA256
6d8ccf86ae6a983b366f0659e6c92922840e9ce0dda17fabdef539f6df39f814

SHA512
e580d1309bf26c61c2ee8c99aba3dcc2efac8445ea6c1ca41d2d0657d65e7fc1b172c6f022c2434e50e7e8c0fbdb07f7480b25c4ebb9ef7460b7c1e2f9a32934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b29fbf3f98866dc2c745cdc5f644cb56

SHA1
ce0117a9de452ed90fb6c132858ef85ef032b50a

SHA256
22ac4ef0d0b5ecba0882c4369e553d5f691416b71088df264d52104879f720f4

SHA512
bdb952a7b43c96e8e68b3625798ab81be818ade3e768a9f9e99bff32295deff10243ed162c9b56916014ef41d9b874e7aba3a16b88eac5ed10edda120e15d445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
64e39e1ec42f8f5bde49cdd278ad1e8b

SHA1
dd17060f5a6ce37d90c95b28c5d91225bb3bd054

SHA256
7c8ed768d7ad4dbb8e8f8ac38d83bd6288ba2ebf918318b28857bfc45a515571

SHA512
a05a95309893cca6f93a519e6c10c40412949ce85b40647063b446e49fccb277f209573d926439a4df9b5af419ef1116f176b1381e8a07f3b361409af7a132dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
66611bb34ab2916ad9836a001358b114

SHA1
b39433d54fbdfdce97f0f260cc94e7e27d0aa10f

SHA256
46a795305ac5eb0033a5836b4335f8fec498e2148ba46e1514a9f9fff0153574

SHA512
69038484c95bf24d5144c2933bbd4338cd2d7f9a5575c22799e70874af7be1d81cfe84642d92194d1bb0a2e3c71283cea0e63a039ebb305cd8a36a663dd5652f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
458172868ae86056d06c1578ae06f80d

SHA1
d562f6de29b3f46c367d30d0fd81ae729825f257

SHA256
c0b63769f6397f394819cd45052e9fb70075599ccd328090fbfac28a1aa1c2dd

SHA512
142fc2771a107c01cc83543494e58644abda294d9e47efc9eaf9589b8e02b624e4fc85e4dfac33d320f2a45eb0b228cae0b3334262b6a48729bb5703b046c5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e480678539519c7c40ade0be62fbd1c7

SHA1
d1655c51afa7a5be33abbb62f85d240b9dca2b4e

SHA256
d34cf360a608773f713c1d3b021b9337e7cd217bba14d7e4f3aefb49097ba2b3

SHA512
0d96db72ec73a02d6e12531eed90578844550826a3e728b9c2cdbee7789ddefce34a49e941e7feb29e60d0e857197c7f3c9e36658df6f8bb72e968e7f4819adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
e7053d4900fafed3433b0b3dbe0c4a3b

SHA1
a1613207ff4874b7d9a59cf84b1010775d0e03e4

SHA256
f94ba1d0af15a9d2a2b4911ea767f8148184a1dc3f9b8b4c7de721324f2c7834

SHA512
8a91faeed7b2c2843fb0eabb2736a9d503c59489e90446d8329cd461fdb067bcdd69f0277851b33eefa6fcb67495ef3eb54a861ee232a3eef499078f37c95f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
9714d6097b44117a241cdce929d489d1

SHA1
1e47bb0348fd473e56a1968d0212b0eeb915d5f9

SHA256
7899b262805254e91bcb5844dc6921c718b9c79a03a384d4e0bdce38b18916fa

SHA512
d854e23d6bcecce986dffb8777af463e45936fc1362f3da288e8683b955a8425a17620dd20e2bd3a7a6baa542ef68b829f12f2ec37ec46d7bf76da53e6884f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
e3c1d1cbd1a71384587e24999fafb935

SHA1
849dd47b2a9359d9e7d3384e0b8e0cb630124e36

SHA256
f4667e7d9b0ebf5aeb943f4a944b48c5c11f1a2acd8bfd1e3419a9f53149a26f

SHA512
deef36cc86138b51764f85440a3ae39153d7f1842e2f9a8a6813f25c86dd1feab81544190b2593686e18ca6343eafc49d1bfe88fa0c1486be3d253dd6ea0dc17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
b905075c9d981f58637ed1c36138a2dd

SHA1
d438aba4f94957f541bce9467e681f744aad89e8

SHA256
8a1d96deb142a37d72e2d3b825917965eb8d25ffba674ba7e01a5cf6a248e6c4

SHA512
6ee41f5c421daecc3afc9a4bb5c055893e42cd2189c78fce7cbffa03055f7a1b744791ec3158e20471b6f4a0b9b9210c46d0583dbf18b1ca259fe8a2d806b5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
7bf0f5fa494dcef8333a7cadcc0f2335

SHA1
4858d54201da1ecfe4fe7ddb471d86cd1ca8b85f

SHA256
4e9ae98386b854dbd7571063edd7ba850650651a62232972612d0149ea967fe6

SHA512
51bc9e1450f77225bb2e03bacfc06465be19167d269bf5ca5c5c69d6473f89922264f64b23d18ed8c1a25d41c2a42f4579146aae46211facade34c1855f49eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
30736e1ad446808a001be21811e9d7af

SHA1
5e26feccb017517333b26b0799536a15a9097669

SHA256
574cdabd466ff3fb416dbf33b27764d65dd2a9bb47706461831fc96335b2e158

SHA512
f6f150aadb0392806d9248454b1f9129c56d7ec8a58c37a73cd21b888dd3abe5e3f205466a4e5b3ae234da7cb9bd846023a76252836d7bad0eadd2bed3350528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2001e762d1fb1f9fc7890717338502f1

SHA1
e3778afb045eeddd78da9701c604630e26d2b558

SHA256
3660915383ffdbcf84305d139afd8405336b10861e820951022a73202112a5b6

SHA512
c3b19ed24c64ea0fa5f9ecb98913384297c2d63049fe1b29def7405536b779b4c9a54db147fcfdc897708854bfccc81b8dce6dbb3123d457fbc0fe2c65752d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
39a6c560d6fcdda8a76742d4c26ca9f0

SHA1
82251bab97e9add25dcdedbd8943add101e31151

SHA256
fbfd3e5aa29d94307f67eaaec9b3127c6a15c896ec264d507c2632153870bade

SHA512
0661d9dda78a737abdc709f83d4b9ddcd3a7c0ec69edd1fc53251ec93abdc8ab1ecdf69c9cae794f0ab3766e90ae328408a341edd787491d561956f01c068759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
871196a70ed0cafaf152b001b3fc6691

SHA1
47212f00dd2ba7d9aa55b461c24771282ce4d36f

SHA256
69dbfada8f99a4a29865f97d021e102df4967f13ab829fc972dd0a45785c3ac6

SHA512
52c50b6b083fd1299ecf951f70a0df18a667e87f9878796c4de99401d35c9ee4e4de704cde893c362da3ac8f41dc1ef84a0b361f91186e3567b09e7a9a0c69e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f1c3737e7131d409f459abe0e046eaa4

SHA1
f816b429afc8b75db8c3ae718f2d62a86ef2f4b8

SHA256
cadb3183fe7cc40ca9be6c466cbe80a6fc061fdd3e68c45e612bcdc6b12d4404

SHA512
3492d62b5c7c129e6b13f9e0ce1dab10c0e71768fc0c5264f839c0fc811b4d86334f17309bed5cc6933670ea6aeb208dea533f4c7597bdab54ac898514ace3e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
62788588fcba164fb9917a4dd1955eaa

SHA1
ab1bfe19383aa99d0bdbe12c56546eab7dd2f174

SHA256
07fd239fa7d7ccb51f254e52bb4d0437d747b9632a1275560024005793b87b26

SHA512
5fc6b5ca9fa450fcbaf3a49e4c700c62ba45145194a3a2abff0a1211759696af964b092b71eaf597400b055ebb5b565d6676e30ba18c9a7dd2044da6cc51711f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a3e67c1843d2694b73c91b1f199a2b68

SHA1
b57c812875b8f64adb504502433e69e4f5ec41d1

SHA256
f67d35c5bbd7c3f0fd3b3160458a8ebebc3c7ee1d4d6150fec56f1d07753ae04

SHA512
948fedc7f0b8a93448c5b8a303c96c92f3143ddb003004d13b751e5754809c3d9c36b6e9287e92d748b144f71bd5501a1f52a49567f9b58b8f36939ae9e4085e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8a5fd8fa4d5253aebc679799fcee6744

SHA1
41fc728abfdf6c10e3c55e0fd386ea788b063601

SHA256
1ea731a7a5f67c426518915db0fdcba95920e2753b03f873dfb91646d23a69c1

SHA512
11ad6d7798f7fe926f618b203e6a14dc1772f4d999d8d67b7d5f65020258c39b94d80839d17f740fc9fd6f1d9f8f84dd11fcd454451dfc655e636e5021e32179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d62b83178110a32cbae6b2170c09b35f

SHA1
c26ee0de9051bf81291395a0a7035e57a521f28e

SHA256
f46b00681e65c26c2af54e2727dea322b5b7d694f9d42d0af3ea1a48e96fd4b9

SHA512
0573a3cc2fb7218d723eb4da895382b7148b265109af2f565bf275c3ed9f0f5e3d07ab986366690f764ca8d41448350c0bb516ea7775fbbe4d1504638133737c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ac15498b43671730aea32e4e2984cec

SHA1
a573591625719f2e51a1eb24c3bb8555fa1aa264

SHA256
e577e1eb97c5f86983d40d1c13714ecf8500e8fafcdbdc945a6023d74e1e2498

SHA512
be22dde11816bed1491e4e5961877432dd45f2f61ecf78c2a79e1b10227a3d71245840f3002dfe591bc8b8641250bc39de350adbd599c08e6e562e094c77a3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587be2.TMP

Filesize
120B

MD5
ef80a94f270acbe75d73489ff9b97bde

SHA1
35307f844413e9df2af7e1abb1e51f011682b00f

SHA256
d00fccfe55ce736f7a0e7fdeb91887ebfc04c87b510708efc80aee81ac72b674

SHA512
ff723afeee0f3f062782f208d5356f5046cde3012c18989ce32547ba1fd6dbd28d12d18ed69ea280ed78bcd36dc9cf0ddea6ec213dcb58d9e7b8cf5d1b6acada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8442dbdd6faf167ba12a17b23a2229875f81de0d\index.txt

Filesize
122B

MD5
1d6c907ee893a794bd467aa46a023c7e

SHA1
beb87be1630a3dd70c62168ee6c3289a901b6ac0

SHA256
810f7e98804c73a10f92d6ced0f520f7018216d976ba82db0a6062788dd09d75

SHA512
73f949fba7031f7680f0bf106c64563bcfd7c80b62dd244d29537972cb09fedc5cd4b10a0a2efb5a754cf4fcfe438b080c10a25d1636bfdb2568e79ac1d003a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\8442dbdd6faf167ba12a17b23a2229875f81de0d\index.txt~RFe593956.TMP

Filesize
129B

MD5
d2b10cc80326af896120f6575a1f2d06

SHA1
e0bb92a3f30128d24c032f4401cb41992683a0d9

SHA256
382fa2cf023efd94cfd3c8857d2a1b7c1fe6d87390a313c8795b397f5c3be5d8

SHA512
123bc7f35df2ffa11c8f87cb2204fb6a2aaafe6b006dda88cb604ead9c4f5d66352a30457b75e81bfba99209eb63db3c79ec383671f475783a3e082398a5838f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
806fbf46fb5f976a6743c3dffd56585b

SHA1
bfdafceed7d53fa268318687dfaa33b93b9f498f

SHA256
2051d13c089271eda7d355074431fa155112cf0a484d75d0d18dfb114c128609

SHA512
e6d56ddd7dc7ecd51faeae52f03dfb306fe458f35b6267f556b862eab306c091b42744e1e4adc5a8b3fdd3dd862a20124902fd5e2d08e81a28a34a6d548ecfea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595c9d.TMP

Filesize
48B

MD5
5a059f27bb46fec7e848a11fdac5050c

SHA1
322fa04a5759371923d8e88f7453cb6b8af94096

SHA256
ba8c2dbe50143ef1a8c0e3b654d7097b37312c9dfc04f7171348e137da6186f2

SHA512
cf0112bb73596445088f20a73f57ccc8bb121e65b43e8cef6565b5cb20945b4009a297e3412bc245b7f01667db5766a8b4854eb2287b53d0f0224e6c8fb16804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eda4d71a-5961-45b0-a524-bdea9cb457b6.tmp

Filesize
6KB

MD5
5a810712f3f98de81b48c5271fd20ffc

SHA1
3c7e47cd14958fc71fab9b5253d6ba41736728e5

SHA256
266216156cecb5c6aff904e39d9d747c4fa015db0203c93a8c5c59f0da7ef19a

SHA512
f3a386797bc83f2b0712a4ba3874a3c7d85cf1a9dcf8d40ec298c1b8c4c848a3030593e992ee3ba89561bcd852b5b14aa0255140e18f6e72aec5d8a2f5d96baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
d1ae5542a77f5fccb861fc9f8b989859

SHA1
8c444a5f70bf855f93b9b999061e3353e15826af

SHA256
6c6cfe74c172e23349da1d1972866284c2cbfe751621c9e94ced53745637e52e

SHA512
e63d662c28d27568be6e427c7adea31a97b0207e747da668f4de62cedf171b0cf477ab96e7e70bcbcd3eafa57412071cac496ca725c2d7a1a79654ab1592cac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
373551ffcfd07c9bf5e558d6593dcf9b

SHA1
31db328699789a85ad5054d034bebd63606e5a5e

SHA256
8796586b00408b23ce02389113b61f38010bdb68733bffab573a27eb47bf61d4

SHA512
d0098310715f84faf1129ba1acff71487957b8230ec2f89969fc0eac638b0f70444363bd888a78be7b9758980ff358549db011c7bb3089d8783d417cd6a8d221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
c6e54b2e5e044ac73d36a06badb9b381

SHA1
8dabf8341a589378f37d0bba760223db869c4015

SHA256
6c1125ea0ec0bb9799b14b091332e6f298ebed2e1c7511dc2ae0c54360a2783d

SHA512
cb2b511f4022910522c939e87acf212819579ca9ab41c23892be865825855ea0cb06e78b69ebacbc2061bacfdd6b943a6ec7b921aee068657f9eff942fd56fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
9cea876e79c9ed414aafee33897354fc

SHA1
ff53bf353831b41db4ce72107bc38c600ec79aef

SHA256
58a5a4e51675a63023d53a4b8915edb63ae50d989417955b198e3f60c72026d4

SHA512
472dfc2ab49bd21863a9747143a4686e48e28be39257558922c0f336ab822ca531a7c55440b0b93898fa471f3675cefadc734d33fb01fb560352ceadbee5e060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
6d0cb042ffab34c4594305b96ace80c1

SHA1
e7708531d46fe1cdd86c7f52932172cd922f4917

SHA256
81a1785c460a0c3496ed88a1cd66f7c806fbe1ab0d1f36fa42fc5d306f75dd34

SHA512
7d7da59334c4bb6462a734de15e0e63c456fcd39b90d3defb1a5d6701ff9a9cdfa2b3404fd9f945fbdf9b92347ff547000319cceef4d36f5457ecb0ec5ab4a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
b77cecb8da69e10a0a9d2abad1ba9365

SHA1
a93cf56bad692c670f7c148437779f52d25a09b7

SHA256
9c58ec1c23043e1eedfdf71d7138b6b803b4734ec8f385bdc60b7c110045c9ba

SHA512
b8b6ff2217de21db73f8a47b90b3198bc87b2b2779e70fe6da89dd63489fee9f70c802f9c7394f5de46c42df587c838948fb4f4e7666a3490de8070ff317d144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
e43ccba445042980d4c013bfdd52b65d

SHA1
130b7ac8a8e4970e689db4a5207c8606f276143b

SHA256
43b8cbe580e1145276a3cac4c34275fb2dba5c4b3ca6f0e6d2930370cd8c714a

SHA512
66b513d8b31e5a20e28a36010aae3cc4a9116e212caeab3f4953b9956bb0e1c82ad4c4d91c1aa3bf23664e18e4645175a202000e1210aec5cca3df87ae14df66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
eab97364500f5a5d2cb822bd36bfb66b

SHA1
270dec0d2bf98567751bb86bd44175a0176b9b6c

SHA256
c2ec58b83e56dfbf4c3033714522b87a06a539f3be61da16ccbaa8b78b9353f6

SHA512
c7caaee64d878bad68d731ae1c9f1dcc78bbf4952295c98acd5cce88be3b832256386c90683a3d286bb5a90133088501eb883c5f6f23caa4a87d0f357b230974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a498.TMP

Filesize
98KB

MD5
75d3b237bdfbbdd4557219aeceedd44c

SHA1
4ecd99328ba4c9bf5573034d966e3eb6fcf0eee3

SHA256
26e0c57285f3a70e3c5a0624f486b0c27af5e51cc93eda507998fa9148c22309

SHA512
86c09aa12ceb648b8b43383f3df5ce66f9e4003c94f1235d01cb40e60376366863ff8efff81a2a4a5ced5ee541911370a2707366d1758c8b597a9644916b27d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\CefSharp.Core.dll

Filesize
1.9MB

MD5
f8b1cf76364fa42d6c21a990eac8daf3

SHA1
d38d5687b46a669cb4cc4b1ef52f37c82d1529d0

SHA256
1ad29c3b8dc162c5493c9e45166ca8e3ed2e0a83a2577f7ffb1c4dca4f350e71

SHA512
de4edcc795404070263d840c7f65e74fec5197ab90e3001e805d3dbaaf3f1369d48627683461d00868656dfc1dbf20095bea54fd25c27a91cb0b72e22225920f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\CefSharp.WinForms.dll

Filesize
31KB

MD5
5fa38dfe2a3087d4d21be61c150104d6

SHA1
5c5d1d8824bf771dba2a097d5f46dd5d2a150a89

SHA256
3af35c9f5516053563471f764cff45b99d55fb2d1d220806183ced84c417e14f

SHA512
52ba328be3ed9fe122e9f61df544e5d73978496038bea1220a12033e79339b39b55f6a0dfab4ae36a09f941cc8a5bb2a9230386448d1da4c1b79363233033f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\CefSharp.dll

Filesize
990KB

MD5
a27b945fbbbdb6e07762b0ccedddbc63

SHA1
829148dd6c3a21ff5bbcfc1d7a1d8eb5ca37ddf8

SHA256
47dc4232fa404ef61cbdd9bf57c4adc4e620164f5dfd2f0afb42d93cfed698db

SHA512
1842f4850c9086feaff9fe1efb2a601bafa41bdd34aa9a71e0cb869b8af5fc719fbe667dd6a3b11f8f6add45393a0776061fe7423579d99b881b6e5f725a134f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\DirectWriteForwarder.dll

Filesize
487KB

MD5
8c32800cc47da3b1d9d4fdc9e5a64afb

SHA1
856c2add6ff1152db096894fa5d2016c291060b3

SHA256
ef3e13d14568924c2bdb3197fcf5b8864c7145e0a0f76e749163fbd63e689c58

SHA512
03916cc54ae5b7aed8077b1cd23110bc1e8269d3d23a5c1c81b5eadc643b786d9ffde309f45bcfba73aee0b8513e95bc7f2e9be22d6fc980872f8031f32d2fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\LEGO® MINDSTORMS® Education EV3 Classroom.dll

Filesize
136.8MB

MD5
0d62b14029bb30c5407777582e72c711

SHA1
c086460663b44ca42b11bba2a547a2a2ea8aa2e1

SHA256
f68c2e58cd8bdfe369ba5cf85e45064d07f986f7b6d520871b02cb53a4280c21

SHA512
6c363ce1b71e96938631f56485f8d4a94de335f307ecc2fc4b26b0f3fe3b549773ee54d79de1a481b33ae232fe9d8fa94af3ba4052f29414b91f5f87824d914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\LEGO® MINDSTORMS® Education EV3 Classroom.dll

Filesize
136.8MB

MD5
0d62b14029bb30c5407777582e72c711

SHA1
c086460663b44ca42b11bba2a547a2a2ea8aa2e1

SHA256
f68c2e58cd8bdfe369ba5cf85e45064d07f986f7b6d520871b02cb53a4280c21

SHA512
6c363ce1b71e96938631f56485f8d4a94de335f307ecc2fc4b26b0f3fe3b549773ee54d79de1a481b33ae232fe9d8fa94af3ba4052f29414b91f5f87824d914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\Microsoft.Win32.Primitives.dll

Filesize
20KB

MD5
95dec4d5ab6626e257633d5555075cfe

SHA1
66dc94753a440f7b79136f1c27ab850e51abdbf6

SHA256
c0c994f67f1ee45e7d7922efdde9dc7377a9979e7aa6efa88c6d68f1bc45c776

SHA512
dff989afd111d879385d95372d4dfb38538b642ba02172bf508bece9a0b32f4ec42e623009a5d55520e8740f5e79ea7aeaff39dbb0598fa58592e862ee37b597

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\PresentationCore.dll

Filesize
8.3MB

MD5
4f49dd21edb04675e1ff071a12fb03a2

SHA1
33e923c33281b27eb39b494ac71783e00d73db7e

SHA256
0dbaeb03a8c38fa607ec72daed139fb627add39f86c9d756440f12cd63b9f705

SHA512
4b427a42c612eead74a1b415888049ce525fb32599e7ddeb44e7ad3cb81f2102862bbb9b56c1bed134f614800e6360acffbd8dd35013de6316fef93398019706

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\PresentationFramework.dll

Filesize
15.0MB

MD5
ff1e3289f55875020bf1972ef16ca0e4

SHA1
25df65038e3e6069dc497e96d4c818158eb2ed7c

SHA256
59942d26243f0d2a4e6cf5b723876a25b02d5859ab637318257fa1fd0dc2f5b7

SHA512
a0a3d1eb029f3b1cb95f3d91c952a5bd27d53b94817e55270a47c7b62c5e2ba184800bb65d129eeaa91a937f941b3532deb32ef920a87a32a404b4172be5a923

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Collections.dll

Filesize
323KB

MD5
a9804068e4593879226937787efcea64

SHA1
4ea6b3d170027438d1bc4493f5c9319ac95af85f

SHA256
3303999164bce5f269598384a2ddae2a6ede7ceb95ed875d92a62abec4562264

SHA512
486d8b30633e31a032e678e24f9f5606f6d313b87d4dd112805d895764ed1777f1ee8793551503690e16c564547ba06e8a7702e7851f7a122e8085098526addc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.ComponentModel.Primitives.dll

Filesize
51KB

MD5
088a00d3e0ecc8f5688a0128c9a98df2

SHA1
bfdc6b9226a18b4a9f261b5efd9e8dd8b87dada1

SHA256
195b54042cfa4fc101ad7e9055ab6848fdadf46d5efd0b82cf68938fbb6ec91a

SHA512
c9d212f664016e9c1c551dfa5ce796d3eae1658ee699e757ff71b83db107a0a813ef759ff1d73209fe765d37f68b7077b8c205d31803f5b6f591978ddc38a094

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Diagnostics.Debug.dll

Filesize
13KB

MD5
65d54d6777753f06bf077a8bf4a3e83c

SHA1
ffe7e8f0b2d9a8fb14cace6c80d10d2891c1f592

SHA256
351fefc386e03d31ef9301826246a4f7261e7fa77e1daadce65a8fb79110fb46

SHA512
fac6b45e1d04d34eec9933772e4928a464ddf42bd5bdb42ffa54535beddaad889acc3cefdc1247375fcaf67fb6016094fabcfe77b45a1d295089e01121d099d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Net.Http.dll

Filesize
1.4MB

MD5
4aa849bdd7a510618a68a2f81b84be0f

SHA1
370d10633671b374eb02848d3aee1317100dbe81

SHA256
e2b36235465eb75faf75518c87bc9f1a40c00dca82277260f5e19e7586dec3a9

SHA512
79a2e795cc9ddfe41ab4eef8477c1a2c4be28edabe39f14ae2f99aa61648c39441986155298fe8598a8952bb6e9c14a6f3b2b009882bfa8afc35d6a3b572081d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.ObjectModel.dll

Filesize
85KB

MD5
f72c585a489b15c23c977e0f3a3bb933

SHA1
e52f77083362a37019850da7d91897e7cdda2f56

SHA256
f440fa399b50d0f91f1a8512466db94c9d970cf473bddd445027173965586f82

SHA512
94bca1cf8b3a4075e723e65cc41718fecbc2fce231e057e937db2a92c842abf4534ba6aef3ca7d5282655dcdd1c76339df795eb232d3a714f8bc9f65d83f60ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Private.CoreLib.dll

Filesize
9.1MB

MD5
8da14314407aacbbf95677398c0c35e7

SHA1
7e8c1fd0111dd6f6a9221f3eacb382a640283542

SHA256
a83d2a768912d030fe1e195f62fa81fc94410879e59355fb0626ee6a1f151a06

SHA512
c9d8490681755a645b8d09506ade13897f799b9e10cf0c3746b0f9d47e7258955c2622abc992c4ed48bb49ed60196b036b661ba3c72a7df25d11eeae823a8a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Runtime.CompilerServices.VisualC.dll

Filesize
16KB

MD5
a46d0f846daa40e523e31d1bb4c8ef57

SHA1
ddc76a305b1e4a43b93f971805fbe16d7a789b7b

SHA256
49d07d4ca89e37d65d442109ae8528aa0996cc2aefe982018a86984859a423a8

SHA512
5c1ee89e2007f7f90a4dc92d960b87cbf9f9cd50b8411da9b980c89d0f367248f1d12864a402ff39ef9e666f58fc193c8281c7834e70bcf54fe7bffee5650c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Runtime.Extensions.dll

Filesize
201KB

MD5
6e47cd7f8192746a192bc0756643f16a

SHA1
b094bab85249166d9f579b857b6b709883714fae

SHA256
e0286003290556359230026d7f9e64e23430f3888a7a3188beba47c6377fad4b

SHA512
5d735e245e2dbc299a4f25cb7781d25513e705e05e5737c7d325a9d68af6b27e16b02cf32f381d0e8010c78eb78d6cc12a0da3be8b69d586265860c9be260e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Runtime.InteropServices.dll

Filesize
51KB

MD5
2bf969b41403ad17ab95073ac459648e

SHA1
b9471ed12e8c22a3d9fed0a17c5292b4680b7a4f

SHA256
3f1de1d03c1b29ff0e3b79f22f1313711565da3129f6ed6379e7f3f1090a5cbf

SHA512
debe6fc197be927323ca58299d2b5c15a655a632e07c6f9eb9ee8e6c275bf49030724f2140101b81e84743b7dd3f32071fb24627ca5a84ce09e1136e05173e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Runtime.dll

Filesize
51KB

MD5
8590e8b5ea9e6b0dd0521fd5f54a78c2

SHA1
732d5c30cec3faba3a6ced59bc54dd2dd9d28d1b

SHA256
9a58b3505bba402a308c33f7a03855b9b3650438fb886b3edb66fbdad16ca7cc

SHA512
8652a1b5e795d9388e2faa8a190d1f1e20ddbbbbed3357f69e12c13c2478bdc94eb2b9947bc480e12f31e151d3b1c4b67ba88de840bb0d78fb366a970bd20755

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Threading.dll

Filesize
74KB

MD5
b875950620d3a0edf4b5585a3934862b

SHA1
9ff6002cba05b56767570d3880ba51c4dc59f843

SHA256
733a207253f0ca740121e609a336284151597d50a18ea093326ac975c36c5fc4

SHA512
8457dfc34329c91f7f3fcbdd9d8eb2215a12df739ad3954e82c4c376ef53abb3a4ee74c66c1b36c54d04e95594f6de1c44c21680bbcc8ea47984b7c9b50579a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\System.Xaml.dll

Filesize
1.4MB

MD5
0dad83c3eca1b0b2ebe55589f126d02b

SHA1
4e4da1ac9e1862000604d3b47dec300eabf524d2

SHA256
7f6ecdaec6085bd70e34781991f629d3f7a1f13263f476fae89aa6c4b0c36114

SHA512
4bd2dbbac659c451b9c9524cdcbabf58fbc6373fb2baf24d1532c420698602132cb782cb33e5cacfede0f9090d62bc6159779492da02fef6bba161c0ff9e5cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\WindowsBase.dll

Filesize
2.1MB

MD5
e80ff981d92ca1761a40ff8838d40142

SHA1
e3bb109df00c0571f0a3aff0931c27f8d1fa9aff

SHA256
6232f54332f369442f8df8db33123d1c73de526974c641fa8d39a1c350f313b1

SHA512
eb7551354a3e62dbab613c3099456488831b99da7b26929e6083023337fce1259df596715124b29f556c19663bb9d37fa67b216f380fb56055c6455171a1629f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\clrjit.dll

Filesize
1.2MB

MD5
af08d151744c814593eba303934e5ce7

SHA1
423d2c67f6072b65a94c38a7dab54aa955d089c7

SHA256
67d33318d5f23615ba47eff6ed7416eca096ff3485e977a17e7e9650d4252520

SHA512
b2c7bf4c2b18762e1519ccb7fd759b57488da2191a27080a2d66b10862efcef2d16fc6cb1fa8162e496799b19ba642c9050686751b1abbcae019502c0bc1d702

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\coreclr.dll

Filesize
5.3MB

MD5
f189f8b85961d5973f2e359b70f0564b

SHA1
4dc1fc29e2db0694660068e2b4e9675806606ee1

SHA256
ec7c8bc62012b7efc50b810b8cd4f498ce61788a6c662e1b2c94214cfe4f1c9a

SHA512
c1d53d5019558a3ea8ec3c75675bec60fa817515aea4643d0a6786fd9b81446983ea35e02fac6d449c77fedea996369dfd08d0751ebfe5ae0e938f8fc8dc9689

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\hostfxr.dll

Filesize
585KB

MD5
91d9f560f1f7eebbaabbc18ee36ed811

SHA1
3f8bb6df836aeb623a12b7e846484b10b7df9a8e

SHA256
886d58c4714122e8ac352eae724f6a7f608b6a987955ef04c16a836a46e0fbb0

SHA512
2a0c918cd4ac07ddfd2e5084835ad9f6fd5f3584b55a2b1f4359097ee07a9381b4f455b68f4750274ef5b2e7a3593b01aef42dac42043475b1ac456ea338d780

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\EV3 Classroom-win-1.5.3.4056\a0dz4rcb.bek\hostpolicy.dll

Filesize
576KB

MD5
f8a3eea5de5780cf9d8f29bf387ef768

SHA1
531389bd51488eebd58fc4371184817d8b6551a0

SHA256
b786f28906e2099e1be80e0ca945e78d298674669d629e33d6cdd2299db47f2f

SHA512
403c1a7452a9a0a65961990170e1fae8c598c9d49e0802fb480ae47f04f6959ec870a336027bb04117168bde3b6090bdb7e61632da325bf25b289193efc7dbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI2E2D.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI2E2D.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\Cache\f_00000d

Filesize
767KB

MD5
367360ca955c0c021c30fd6e8b1d14a6

SHA1
ec1c63bedcf00fe474757fa98006931a257d5000

SHA256
8ec42e5b7847cc1eea5e60f27172c10b9b361b86edfd8866676e156b0d449b67

SHA512
ec887f2ada6803409db640b6bc353b1eaed7504c509294f1be88ee1dcef8f9fd577e9fbeaffdf9297dc0f34bf66a487a084b844b88994091959ecea008450045

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
cc20db8260a9e1177e7bdfe4bb260b64

SHA1
be437c0542d69f143ee1899a8898b9c201881254

SHA256
be891a6fa013470ab1caac591460d08c71d503010d5d0692556dcc4954c279d1

SHA512
44e81ed5bf3c5304c5f37f03a13e23d8953e6b544a385bba92859ea3871ac49fd50819abf457392800a0fc51a312143f0d266850b0c156619491bb76997d1434

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2aa1ce61e369abd2f74f67e5d9bfedbf

SHA1
e0f7ea8ccdcff311ab886969e792d5ae1b3b7e55

SHA256
95c88d3ff6563fa5262a1cb6ec8d32bde37d383097a4d04081e76d7698c88592

SHA512
cda6ee2c2994e1488ea05d48f8a42a9f01ea3f6d111c065539b71fa27f9591b01b592ff984216c39ba6d260c1e5578b01468c5f1e226ec33724a75a92011216a

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\LocalPrefs.json

Filesize
479B

MD5
f8691e0692b2d6ce012eb05a3fe95c11

SHA1
9b2ce152b3b34929f5df8120742e86e49751b1f5

SHA256
f734d63c88367cd0fed9d7fe4bf600e9193025d8a135d2fb760ac71c0d9c359f

SHA512
c68c368d1866fbdce27665bb0815a7e3b4e40c5ab087e9efb82f9aed8f0d55b2dc4bc932dc7f96f9d4e149eb0fbd70bb16f50d0659e4daa6e76bf42a9b988b66

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\LocalPrefs.json~RFe6043d3.TMP

Filesize
389B

MD5
e22cced803bcad555f80eed6f94d3246

SHA1
7c663f212b15475813a09a3bd67e2a3e0fbe25ab

SHA256
98a318101044d2b550820d1bbf18cbadeee1aed6979b484f2a08fabedc819930

SHA512
b83a79ee10583052e2cda08d91a5e89fe0fd42850b63cd01b8f95320712ad7a39c1b9c7dce3fc5a8f2b4b0f34e74338f6880acdd1f39a480a79bd33e69b692f7

Download Submit
C:\Users\Admin\AppData\Roaming\MINDSTORMS_EDU\CefSharp\Cache\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Documents\LEGO Education EV3 Content\en-US\buildinginstructions\manifest.json

Filesize
3B

MD5
58e0494c51d30eb3494f7c9198986bb9

SHA1
cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

SHA256
37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

SHA512
b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

Download Submit
C:\Users\Admin\Downloads\EV3_Classroom_Windows_1.5.3_Global.msi

Filesize
249.9MB

MD5
d7bb4958b30df56c72041ff26d875f43

SHA1
70ed2ab3f18f157db6556f88e99f8575a2498379

SHA256
e9639181b5cf21ebbfa217cf9cd56cb87af6cf24a22898321b44dfe9f563e5ad

SHA512
96b61d9344472b375ee9f281d25ae02a7060e6ccec19e894e3e8d21d8fda09820ac3af3b7ac8b344684b3f23dc090449f08e6bd6a321335c95046b3c4d7a74ca

Download Submit
C:\Users\Admin\Downloads\EV3_Classroom_Windows_1.5.3_Global.msi

Filesize
249.9MB

MD5
d7bb4958b30df56c72041ff26d875f43

SHA1
70ed2ab3f18f157db6556f88e99f8575a2498379

SHA256
e9639181b5cf21ebbfa217cf9cd56cb87af6cf24a22898321b44dfe9f563e5ad

SHA512
96b61d9344472b375ee9f281d25ae02a7060e6ccec19e894e3e8d21d8fda09820ac3af3b7ac8b344684b3f23dc090449f08e6bd6a321335c95046b3c4d7a74ca

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
9a9dfbc17c9a4fce878c560f9e4ea476

SHA1
a91b275c6298bf7e724d101d5dc608aca5965374

SHA256
ea8386ed6783ad75ceda2c2be85133b5566f49fdc444bdf37bf7ec9bd56440bb

SHA512
a37ad99caf70e783f242a35cc81b97436848ea840280fc58df41e928d5b739b1496486ccd4fc6beae0c1c8c91c0ee9688ad0e0db514819bec552387913e4d2e4

Download Submit
\??\Volume{88fae604-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d869407d-2d57-46fd-b0a3-b1b9e82d6004}_OnDiskSnapshotProp

Filesize
5KB

MD5
8bf4c322d3a1b753966ef0704ed55e0d

SHA1
e69940d1289f5519a6d4a789305ad9404ee46a14

SHA256
8976e81f05e63cc4370c223c64a90caf30bacf813a67ad5922a91bbea200cf2a

SHA512
bd0d05c49d9f771158c30d46d4d5f398bcfc30a0c765d1a2c174b654e2d28588fb000bd525ef3eb80c913d51e066669f99bbc4274ed889ba8539092594ced0f2

Download Submit
memory/1652-3714-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/1652-3711-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/1652-3713-0x00000211262D0000-0x00000211262E0000-memory.dmp

Filesize
64KB

Download
memory/2416-3557-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/2416-3437-0x00000223D0770000-0x00000223D0780000-memory.dmp

Filesize
64KB

Download
memory/2416-3580-0x00000223D0770000-0x00000223D0780000-memory.dmp

Filesize
64KB

Download
memory/2416-2477-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/3488-1772-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/3488-3517-0x000002913A060000-0x000002913A070000-memory.dmp

Filesize
64KB

Download
memory/3488-3573-0x000002913A060000-0x000002913A070000-memory.dmp

Filesize
64KB

Download
memory/3488-3532-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/3488-3250-0x000002913A060000-0x000002913A070000-memory.dmp

Filesize
64KB

Download
memory/3584-3436-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/3584-3170-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/5432-3542-0x000001F208900000-0x000001F208910000-memory.dmp

Filesize
64KB

Download
memory/5432-3601-0x000001F208900000-0x000001F208910000-memory.dmp

Filesize
64KB

Download
memory/5432-3585-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/5432-3487-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/6100-3611-0x00000171E9DB0000-0x00000171E9DC0000-memory.dmp

Filesize
64KB

Download
memory/6100-3608-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/6100-3556-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/6400-3610-0x00000247EB090000-0x00000247EB0A0000-memory.dmp

Filesize
64KB

Download
memory/6400-3609-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/6400-3658-0x00007FF9007A0000-0x00007FF900D0F000-memory.dmp

Filesize
5.4MB

Download
memory/6400-3659-0x00000247EB090000-0x00000247EB0A0000-memory.dmp

Filesize
64KB

Download