Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PowerToysU...64.exe

windows10-2004-x64

10

Resubmissions

28/02/2024, 03:17

240228-ds1rqshh8s 10

28/02/2024, 03:01

240228-dh1nzshf9x 4

28/02/2024, 02:39

240228-c5sq8ahd97 6

Analysis

  • max time kernel
    280s
  • max time network
    277s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PowerToysUserSetup-0.78.0-x64.exe

  • Size

    249.8MB

  • MD5

    aa98e52c780c510c6d7a7eef1859cb4e

  • SHA1

    da888750065c08be20312e643782a9b1255e7eb4

  • SHA256

    120b1cefc94d76ec593a61d717bbb2e12af195d19e04c811f519d3f9b9b3b5c0

  • SHA512

    1adee598c5c6ef32acfef1343e404dfe0f82fe7f02bde851236006748d9116e8e848e8ce120de811bf2085029635ffd8a70c923574666791f3ef6dc8010e85e3

  • SSDEEP

    6291456:Yan+LwMs9L55ZETFxAVHpn0XXTC2XNBgRAEnY2pnHFQ8/C5kX3hXMXuMWA:Yls53uIVJn0XG28bYmn2ookXyoA

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 10 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 21 IoCs
  • Executes dropped EXE 30 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Control Panel 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 47 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3424
      • C:\Users\Admin\AppData\Local\Temp\PowerToysUserSetup-0.78.0-x64.exe
        "C:\Users\Admin\AppData\Local\Temp\PowerToysUserSetup-0.78.0-x64.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3172
        • C:\Windows\Temp\{BF8225C3-7646-42F0-8ED1-DBE2AA08FB4A}\.cr\PowerToysUserSetup-0.78.0-x64.exe
          "C:\Windows\Temp\{BF8225C3-7646-42F0-8ED1-DBE2AA08FB4A}\.cr\PowerToysUserSetup-0.78.0-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\PowerToysUserSetup-0.78.0-x64.exe" -burn.filehandle.attached=512 -burn.filehandle.self=656
          3⤵
          • Adds Run key to start application
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2636
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Package Cache\CEEB2F4674AB44E9EBCE9175CE716612D979979C\terminate_powertoys.cmd"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2208
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM PowerToys.exe
              5⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:3520
          • C:\Users\Admin\AppData\Local\Package Cache\F7119E3AB3D5CB3ADCD9A57F0EC227F783695819\MicrosoftEdgeWebview2Setup.exe
            "C:\Users\Admin\AppData\Local\Package Cache\F7119E3AB3D5CB3ADCD9A57F0EC227F783695819\MicrosoftEdgeWebview2Setup.exe" /silent /install
            4⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2120
            • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
              5⤵
              • Sets file execution options in registry
              • Checks computer location settings
              • Checks system information in the registry
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3704
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1412
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:2764
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  7⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:624
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  7⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:2052
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  7⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:3280
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzkyRDI4N0YtNTExQS00M0NBLTgwRDgtNzU5MzEzMUNGMDAzfSIgdXNlcmlkPSJ7MjJGQTkyNEMtQTgxNy00MDI0LUI4RjQtN0I4QjA0QkFEQTFBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RUJCMUI1RS0xRDJGLTRCN0QtODlEMy0xOEU3NzlGNzhEQkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE1NS43NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNjQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                6⤵
                • Checks system information in the registry
                • Executes dropped EXE
                • Loads dropped DLL
                PID:4436
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{392D287F-511A-43CA-80D8-7593131CF003}" /silent
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1088
      • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.exe
        "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.exe"
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1204
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.AlwaysOnTop.exe
          "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.AlwaysOnTop.exe" 1204
          3⤵
          • Executes dropped EXE
          • Modifies Control Panel
          PID:1604
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.Awake.exe
          PowerToys.Awake.exe --use-pt-config --pid 1204
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1728
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.ColorPickerUI.exe
          "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.ColorPickerUI.exe" 1204
          3⤵
          • Executes dropped EXE
          • Modifies Control Panel
          PID:3396
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.CropAndLock.exe
          "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.CropAndLock.exe" 1204
          3⤵
          • Executes dropped EXE
          PID:672
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.FancyZones.exe
          "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.FancyZones.exe" 1204
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1632
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.PowerOCR.exe
          "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.PowerOCR.exe" 1204
          3⤵
          • Executes dropped EXE
          PID:4860
        • C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Settings.exe
          "C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Settings.exe" \\.\pipe\powertoys_runner_c5db4fa1-4af2-417a-8699-86abf5755874 \\.\pipe\powertoys_settings_c5db4fa1-4af2-417a-8699-86abf5755874 1204 system true true true false false false false
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Modifies Control Panel
          PID:4056
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.ShortcutGuide.exe
          "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.ShortcutGuide.exe" 1204 telemetry
          3⤵
          • Executes dropped EXE
          PID:3140
        • C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Settings.exe
          "C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Settings.exe" \\.\pipe\powertoys_runner_34b606d6-1fde-4e3f-8dae-671ff92dd7d3 \\.\pipe\powertoys_settings_34b606d6-1fde-4e3f-8dae-671ff92dd7d3 1204 system true true false false false true false Dashboard
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Modifies Control Panel
          PID:4068
      • C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
        "C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe" 1204
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies Control Panel
        PID:2232
      • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe
        "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -powerToysPid 1204 --started-from-runner
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Registers COM server for autorun
        PID:4484
      • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.exe
        "C:\Users\Admin\AppData\Local\PowerToys\PowerToys.exe"
        2⤵
        • Executes dropped EXE
        PID:4164
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
      1⤵
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzkyRDI4N0YtNTExQS00M0NBLTgwRDgtNzU5MzEzMUNGMDAzfSIgdXNlcmlkPSJ7MjJGQTkyNEMtQTgxNy00MDI0LUI4RjQtN0I4QjA0QkFEQTFBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNDBBQ0YxQi02ODc3LTQ0NDQtOTIxRC1DODc4MjhBQjcwNUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZT0iLTQiIGluc3RhbGxkYXRldGltZT0iMTcwODk1NzgxMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiLz48L2FwcD48L3JlcXVlc3Q-
        2⤵
        • Checks system information in the registry
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2648
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\MicrosoftEdge_X64_122.0.2365.59.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\MicrosoftEdge_X64_122.0.2365.59.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4920
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\EDGEMITMP_97F77.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\EDGEMITMP_97F77.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\MicrosoftEdge_X64_122.0.2365.59.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
          3⤵
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:3224
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\EDGEMITMP_97F77.tmp\setup.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\EDGEMITMP_97F77.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955EDCA4-DC19-4A68-A7CF-C0114E9BD1C0}\EDGEMITMP_97F77.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff67ea369a8,0x7ff67ea369b4,0x7ff67ea369c0
            4⤵
            • Executes dropped EXE
            PID:4648
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzkyRDI4N0YtNTExQS00M0NBLTgwRDgtNzU5MzEzMUNGMDAzfSIgdXNlcmlkPSJ7MjJGQTkyNEMtQTgxNy00MDI0LUI4RjQtN0I4QjA0QkFEQTFBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNkNDNUNDRi04NkNGLTQ2MDEtODg3Ni1CN0ZDMjc1QjVCMEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjIuMC4yMzY1LjU5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2I2ZTdlY2FkLWJhMWYtNGNmMi1iMjRhLTRhZmUwMDI4ZDBlYz9QMT0xNzA5Njk1MTcwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVp2TjlrJTJibDhyakR1QzclMmZNaFkxSEYyOXg3TlFudDMlMmZCdGltNCUyYmRCNnlHWXd1bWlIaUFQNVRXMDI2ZjQwZUJsV2RhN2VsbkZERlVQOGJSbkRKYWwyaFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGRvd25sb2FkZWQ9IjE3MTU0NDEyMCIgdG90YWw9IjE3MTU0NDEyMCIgZG93bmxvYWRfdGltZV9tcz0iNDUzMjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM5MCIgZG93bmxvYWRfdGltZV9tcz0iNjI5MDQiIGRvd25sb2FkZWQ9IjE3MTU0NDEyMCIgdG90YWw9IjE3MTU0NDEyMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjE3NzciLz48L2FwcD48L3JlcXVlc3Q-
        2⤵
        • Checks system information in the registry
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4268
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Windows directory
      • Registers COM server for autorun
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4124
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding 736E496E7AC7984623F618AD6F12DD34
        2⤵
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2240
        • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.exe
          "C:\Users\Admin\AppData\Local\PowerToys\\PowerToys.exe" --dont-elevate
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4568
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding B9119F1A5A512B7290798C08AF10B608
        2⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e5a72d3.rbs
      Filesize

      566KB

      MD5

      2ce6241048cc1bf228a1038af30ed53e

      SHA1

      2f58ed6b2ae242fb6ef8ca7897b1a8587369aa8f

      SHA256

      9ebe3530a22756c3d81cc6ca81e2f76c270fae956b775065e9db40e464e17133

      SHA512

      6c8a5d1ec7f0d5c00ac442d1fce71da8fec34a40b3088930059ef921e0054b0bbe191b3f73cc1909311e39df7b80241d4e1701da1427f6fab7c7984ca9898138

      Download Submit

    • C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.59\Installer\setup.exe
      Filesize

      4.3MB

      MD5

      fecf83711c18940e2cee867109a70aa1

      SHA1

      880480ed53512011d0fb2453968e7a77a42f92d1

      SHA256

      b61c941ead985bba25ccbea7619423395a0d01a035f5ff96ebbb63f6dc1a6d13

      SHA512

      608f31ec073f5c4d049e92c0dfd9d2bb7c4d05f71236d8a0ffca3ac195508f98f8eb7b3e6092daa38a9c3637ea9ac588f0de6dee4cb26e6151b26616d678ed66

      Download Submit

    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\122.0.2365.59\MicrosoftEdge_X64_122.0.2365.59.exe
      Filesize

      2.2MB

      MD5

      6f8061cf4d1b7673aa307961ca414327

      SHA1

      5e0dac73b7a4d4fc0e823d9aed3702c78fdfa2fa

      SHA256

      ed1539ad419b035f5305524fb1d55e8e06d83f2d93252641046fdf07be2244b9

      SHA512

      96b93d04df75219803d619e614bfc67716c2d3236ccb1a2fc16a9b4590c01da6b207e4d0eff60ba6b15dc00eaebdebcd9de6d6019eb740a0b79318a847ccd1c6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\EdgeUpdate.dat
      Filesize

      12KB

      MD5

      369bbc37cff290adb8963dc5e518b9b8

      SHA1

      de0ef569f7ef55032e4b18d3a03542cc2bbac191

      SHA256

      3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

      SHA512

      4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\MicrosoftEdgeComRegisterShellARM64.exe
      Filesize

      160KB

      MD5

      cf9a26b458293978a908536927ec327d

      SHA1

      e8b293e3799f352921c7f430648c21f79e47b052

      SHA256

      4faa7cd71e234433f684c3d70efbfb1ada8d4172fc55caf78c0705e5646b0ba9

      SHA512

      54447d830595fd5e4cb8ff60e78916b676f983033397932fc0ff402cc310771d9e448cebdb1bcae6e0dd3d90c8968df01171ac52a1e14a36eda950f67909e714

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\MicrosoftEdgeUpdate.exe
      Filesize

      209KB

      MD5

      0032498af2ebc50357cb31f1024c87fb

      SHA1

      9818522c47ec379ff7bddf92ea72cd831691d094

      SHA256

      c6bdf041b02561700c71c6275df4704a52d1fed4ba6a1bec98a602c6c325d6e7

      SHA512

      f83fc43ca54e87a67d949666ca8c30721f372312042be978b01dcdccd530ce5db4d3d9d6ddc934a92c079825b91fd988f362cd481dd87fa09ddf2cfac85c05c3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
      Filesize

      204KB

      MD5

      cbb1acbff5a8ce79804e687be8e3e75e

      SHA1

      0bb50f813e08ff13d637a8f4ee66e4c0f1fb01ca

      SHA256

      6d483505a0c9fd508ef48323099e2c64fce025e4b018df1d80d60aa00d8fb004

      SHA512

      7f4a8df19f94c74b1898109804f4ec596abe32ff59d35279e58b139cf3210f6faa2697eca422435a193f4f2f90535187fcd233a018a54a0cfc426ced25de5ce8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\MicrosoftEdgeUpdateCore.exe
      Filesize

      241KB

      MD5

      f70b0fc2f46f5e7082817a11c39e3c54

      SHA1

      9939591b236bdd16ea02e79eb11a2d6fefe2af44

      SHA256

      f6e636cfe7c53c120d834756f52ab407f1c5dc97c27a14e557f24c176e86d87f

      SHA512

      b8bde38507eb84725aad9b7ffa33eae462fe6c7779f7ba650453b10bc9b52128198c4e29a568b0ba865fe266c19af81efc3f62a7ffd68e38e9d403d71b1afd79

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\NOTICE.TXT
      Filesize

      4KB

      MD5

      6dd5bf0743f2366a0bdd37e302783bcd

      SHA1

      e5ff6e044c40c02b1fc78304804fe1f993fed2e6

      SHA256

      91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

      SHA512

      f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdate.dll
      Filesize

      832KB

      MD5

      2dee8d159922d4b63c2662d65b4e191a

      SHA1

      0fb2cc41f82f476db096546ceaa4b3b007412aa0

      SHA256

      86bafa310ae193c792545f527365f83d3f3ac11c37aea821748a5d9c35cefbd4

      SHA512

      20c00636e4f78ed8bffa274264ed9aadedbb32ae11b34526506f16b8007830f07d0650a657c62f09f7943d71ce43723d88cd04ffeadca488f48b59c7931cc7e3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdate.dll
      Filesize

      768KB

      MD5

      15adcb5da69942b2bbded2883119f813

      SHA1

      dad1459fd3a637aec6ed8014cc062164ed8b6cf2

      SHA256

      cb69ba7a63fb8fffe73a455e0c04b39bef7f19b451412f96a245d38c9aed8657

      SHA512

      970b04ff4846e34d8ab7fe7e89e0510b347d739b41bb89b3bd02cdeeee8c58696a3a0d344fb9b661b3dfcee2107e53b2a81c8d5c9e93dba3c1ddadf41b53474d

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_af.dll
      Filesize

      27KB

      MD5

      0d8ca15cd08112472d8f725b9d26f400

      SHA1

      6082361001436a4d2c45babb755601a19bc58a10

      SHA256

      a36ec679129d8fa6e3f56b37c88e7d3406bb4d6d74e559e5a272ac8f34a812f4

      SHA512

      8ec03222c8a023fba580a309a487e4d9535cded212ce47aaf3d7f4cda250c99ce25417330e0508b0a306e0ba14f9451cda0a31c550fdf0ec92c192792af1e23b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_am.dll
      Filesize

      23KB

      MD5

      5b981b86b65935bae5fe5805660c7302

      SHA1

      1107f5a6b8bb4ed1e95f621fbb7b236d6a57e11c

      SHA256

      bd380d64f5b9dd6bd979a78e912f1a3d2a7c08eda3418abc85d67c43c8477264

      SHA512

      d00f6d92f0efa0c89ee042abcb8b583097cd173d80b8009fc9dcda98a25c73edab970d607b4993831577812335db49dd3d76dba64a4cd6adc7b57494f0f78766

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ar.dll
      Filesize

      25KB

      MD5

      5e9ba26ad6068d5b12ee2ebd74d66c03

      SHA1

      2081cb86bbc6e20965b147f4178990f4c9ba52e7

      SHA256

      6fc47a7fefb2ea88371b5e1ea84b24faaff6d4ccb503e6d9903b8301d16715e6

      SHA512

      ab2eb6ae054cc107b83d877fc44dd62380c4098fbb805033c1d1f87d7172384c4cb7482d1f8931ad5f5b7dd181f6239748497e4b5866c2f406c310c6837028c4

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_as.dll
      Filesize

      27KB

      MD5

      30a0dfc5374347d838199254ef2b27e1

      SHA1

      739c8197c111eededbdfb8e1940e63188bd8c5be

      SHA256

      92cc3b354e786d428ab3bb43c77119b81a2960b00bd9d99550639a8b5c0428b6

      SHA512

      b8611af4595eea99fb45653f6419235368075664721c467753cedd3b71507a28e0d6c5fb2c4b3e01db56d4842c043b14e20ac1ae7c225e7d678c77befdfccd1d

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_az.dll
      Filesize

      28KB

      MD5

      da1dd46046721726b57bab405c7b7c49

      SHA1

      f42267672f7112d772feee601d2add8346a0a89d

      SHA256

      d699ca97e2bc94f0ecc95b2ccefed201786535e7ada3fd6ccb543f42cfc273b8

      SHA512

      b71909c7df499a702b199b87a96d7f25fcc82a0dcbe1138e900b3f386a6204d1b95e37941f32f61a0a558ce2b514f938b0029c55da0e4955229863d8b4b40061

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_bg.dll
      Filesize

      28KB

      MD5

      9fbe7d6ef07bd3af76a9fc97dfd90e95

      SHA1

      300ea110b9ec0ef6c754950ff4dd59dbfc9f2b23

      SHA256

      fef5f9a3ac4626f756b28f6304dc5e5e50bff553930ff35d6b8429ee494b4313

      SHA512

      0df3f0af13d5ed4291ba179846a741149807e073c767b90ab5fd50449879429de6dd2b43954b3a52d3cc77ef4c98dc9efcd594c17784b48c97bf5bdccc90cc97

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_bn-IN.dll
      Filesize

      28KB

      MD5

      583c93b26e5dcd4bab07f7d303ebf5c3

      SHA1

      439e6d4762c2a3593512ff103a8ff32110fd0da3

      SHA256

      c0bb2e9167995db0d8f1f69a202ba00529e2ead8daeb29fcb99d42b0613efb2f

      SHA512

      aafbc518e596969d20327a2b860b63013b1d5bb7c89faacff0ba95a9f6bb160dffd5a0058475ec1ba2c5d07cfd8cd4a0cffe4bb89bd4bb74b3e5981d6beec414

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_bn.dll
      Filesize

      28KB

      MD5

      fef17d66629715ae8ce4ab00464152ca

      SHA1

      f62db519180eaaec0d62f56bf1dabcf353583aa6

      SHA256

      2ee6f8216f4953f3101de9578b392e2de94d59a79d08cbdd327b3d433f2b70ee

      SHA512

      98b2647b3bbb2476371fbf9329fad70934bcc7e1f958e925bbfca17a7083e47a5561db986d260025c339b051f7f00bcaaff938ff351032b95075bcc589b7255c

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_bs.dll
      Filesize

      27KB

      MD5

      c359759bc31042b62167a40c7c0203b0

      SHA1

      21140ceadd92ab23835c0e7a8f2e2fb95d0ccbdf

      SHA256

      43fe0258ad799cae8bb20f23c20d74fbbb4b650b97b1b5b737d1d1728556d897

      SHA512

      1d5837ef553223ac09e93df362da460002fb4f9eccc19120c4fb8c29cd453139a3cef54e9514217ac2d862a423d7a82f3e3d9b09f00c611cb16f19dfbe90979f

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
      Filesize

      28KB

      MD5

      5928df4290e3b6e8676a5aac6ddbbc31

      SHA1

      d83b71bc4b37c3b228b113239506f89761a55f7b

      SHA256

      ac5f350f4dc790f61135186c113bb2b8a78f26dab322ddb86b0e3403ab960721

      SHA512

      90113cfe50355d6df04382ee69db6ddad1651e771d0182e28d0d3de3d1d5a2f10d22d5de2b54e12bff1fa5d478513c881e9cfceb2b471746fa870516aa3d0e69

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ca.dll
      Filesize

      28KB

      MD5

      c2cc0764c763cd30ab629173ad2c9fdd

      SHA1

      0e681669c04e102a4b031378b38c2645dd42bb3e

      SHA256

      f3b266910a5bc6f738c154cb6a754cb55df05ad7f01cd6d61cd6e0cc8927455e

      SHA512

      f54ac389ea62f4c4af5cfd727be094d43976c53a84a1df4313fa5c81bdd9f7038ec9b13832abda95d6f496956383708b3828f41e4b746ebf645dbc343f6568e6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_cs.dll
      Filesize

      27KB

      MD5

      ebe48b47180b491688ec519a8d9bef73

      SHA1

      bd98b11dbaef493968d999c22e2e35fdadcc51b2

      SHA256

      02aae7715ad305977f316b9c80989ec63371c4c3e813b64252fe5f92143201d3

      SHA512

      7b2b7204505d73ce66ad070bd31a7790dc56ef071bd233b7be3eb1ecf82a9cc30a605c0524c707d10a9828849de69a7169f8af5b7ea1c4da797deba89bcafc20

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_cy.dll
      Filesize

      27KB

      MD5

      909c5c6afa14ee9756a4291077f2359b

      SHA1

      819e5e4f3197a6f45b5ce461ebda5b8dcf5a9a8f

      SHA256

      7b0b45ab3f199a316d33be841867e0e5219db63174efb5e6d9866816a3faf770

      SHA512

      a7b75854111e769dbfc0fef86e6561aff12b883c34cd91d15a2f209c68d76412670e9ca732ca159bab42176a4c3f1d9707f8e9db5e21143c15d13eafa1381d54

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_da.dll
      Filesize

      27KB

      MD5

      764d47b36dc060e15414e850c974b983

      SHA1

      4cd0ef1c6a951c50844e441a3673de505aa38004

      SHA256

      3fa89372d50cee57a316e279bb092287fad67ec1f47cc8f75178a985f43b5cd8

      SHA512

      9017d3ddc85a919fd1ad5ae182c2e4f1194eeadea98f185a158b5c424b7730f30f10b18ca902cbbbc83d6567033d79327c7b1efa89d36b55b9066a8785530984

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_de.dll
      Filesize

      29KB

      MD5

      24068ddcee174136374b56b4148678af

      SHA1

      604ed94670081d22a50436076d813f3f09d71e10

      SHA256

      8480fd2d3c59530bcb1fa9a07de57f354d4222155d928d1784cad51dce9e30e2

      SHA512

      f8969cd5d3d34c2b1b1be9cc62d5e33cd7798ceced2ecb173c4c01fea3fdf72eac91bb533a7b2ccee6fcae5ae00c56c5f945de70c003ff30838c62a211a837fc

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_el.dll
      Filesize

      29KB

      MD5

      62a99787a2c037f72588c10af0a4f97b

      SHA1

      376981b7ab0da3a63dd324fb679046c1e2fa2542

      SHA256

      b2b41c07abdc47d8670ae0f0c109450de99e95888cc2a1589bb526ab5c6204dd

      SHA512

      23c9eae2398adc8ebd15ae8067d528650612d2ed7afc3378bf7bf86453139ae1ec77283f15c1872f553e9461cfef4a5b0b4e7111b86124f628f19ab1e4cf6251

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_en-GB.dll
      Filesize

      26KB

      MD5

      8816264aa944a8f17e3080af13badfe5

      SHA1

      a200bdac7ddd6e52dff02530bdb6bcaa7c0ec271

      SHA256

      6d059098bdc372b4cf14b3bde4832ff2c68e4012fe5bf6bfdc08a39c5f746178

      SHA512

      89eb5ce3df70977d257f8524df8fa3f3f45432e7d9000db371f228f0d574b7dd844682eda7cd8a511d44bcfc4731dfad053db86ad5570abbb6d9a7db103e9bfa

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_en.dll
      Filesize

      26KB

      MD5

      c4e594d01bdcefcb1b71f06697e13c89

      SHA1

      26a90b0912332fde26451e2efbbed6bd8c4bd02c

      SHA256

      a1be434cb4d92a01fa3b43c1967f254be29dcaa25ceeb6cb13fed711f90b81ff

      SHA512

      1d0a1cfc7c8e10bc6b2cc9dcf6db0e204877439fa4cde26e6b1464cedb35676e67416956ca1b2873a10f0ab00a6049d000097c254ede77b06b1f329c34f17d0c

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_es-419.dll
      Filesize

      27KB

      MD5

      a3a5c7c28cdbe9ff4df338f6f9718944

      SHA1

      4c73b46b2076a16f8b21257865ce8b3d9ca94263

      SHA256

      c2eda53aad3225b73496c9eec5f933d902dc9a3e7c90530f77b5bbfa269ae09a

      SHA512

      1db7979e99b207f7c31a5db1cdcb76f6738c622c9c9146ae07a232c40f3dd2232f031c295d802bd3472006cd384ae7739ad6afd47fc31984b2101c6a2a0ecf8e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_es.dll
      Filesize

      27KB

      MD5

      0444405f398facffb9ac93c90bd61a80

      SHA1

      1fe865393a4a9967966ed4310f342280b6c9487c

      SHA256

      83a11402bb26ef3a58c1bdf550a34faf76758a8a84b423a6f0a94a9692fb584b

      SHA512

      a5df3e52a4169acb1c89b060e09fe5e6c18fdbd0c597c8b55e843895dc8433f5804613dfd2f4a16d656593effe62a8821742b6226abaffe9c2480b9b9da0de25

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_et.dll
      Filesize

      26KB

      MD5

      657c0184668515f256a8011c162f0bc1

      SHA1

      ef56129d4edaffd59342ac2e94be2c570f44d23b

      SHA256

      453597b38cb5e06b4596d8ad3763b08cbcd806fbcab0228179b40c065a7523fa

      SHA512

      9340c5eebab4376b7fafd32985ce625f808311ab58d028c246095804c8022bf6e7e7dbc366974e5b80bb4117558ec566c1d40839ae451277d97cf8626693b223

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_eu.dll
      Filesize

      27KB

      MD5

      b12325fe45848101245c164385c62205

      SHA1

      a3c8d6938978c30c23534515bcdf45bb27eba40b

      SHA256

      0fad2dc2ec7c313cace9afac3e645ed0b0d34df468a6f51450b15ab71793c3c4

      SHA512

      1f5e63aa4061f9b1ea9f7fd3e092d8d978df6c34416e4139f7a7eacf8976ef8a5dc1b89a69e276e6e02d7b15f4ab50a2b958c98585563cd51a582561f1f6ad93

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_fa.dll
      Filesize

      26KB

      MD5

      8ac4c8e4072943915105e358f3b53193

      SHA1

      0badce4b142c3ee14ac906bf6be7d19f4af46641

      SHA256

      abe601ab7930302cd675f3ad1582b9fea3837166e74f23f24765eabb7ae86d1f

      SHA512

      267795330e1b10e29d4a7e54af14f3f621a612eb9b2bbd336cb2eec3e4feee29baa9e87c08136cafda891a3729aec4669cf55684d27f950695195bc20ee752ef

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_fi.dll
      Filesize

      27KB

      MD5

      0b6513b1eeb7193ec6561ee4c82f0315

      SHA1

      fb5a8b42698aa4250179e5070422fd8adbfa9e6e

      SHA256

      46c2c90780924935d4213ece24151f07e63d6c1dca4d99ac0542967a56ee9f03

      SHA512

      37dbba2e969534dea488a64aed6b9a3e2ccb079b36865dd00f5e60f87699f60e7626ff85861aef2d52398fd95cda1637e39a47e037e26dd6feb26268fbc40ad6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_fil.dll
      Filesize

      28KB

      MD5

      c020597034e8e3f1a06744195ac08468

      SHA1

      67a9485915cfbac21d4ca172f685448e89bde928

      SHA256

      6ee5908725a1780779a72022a1e0d9bca32a2f027907e7ec1b12a964221dfb96

      SHA512

      d8ee3eb3f810b35dac344828cb920fe5fd0a1c8a17ee72b5a9b7e253b054b7bb43b65d2f1fc4232aac4364597c6fe8cce68e9f2867038661b1421343234a4824

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_fr-CA.dll
      Filesize

      29KB

      MD5

      4df8d16f45846075e652ca9b701faaff

      SHA1

      a605eaa6cf9fd4ff2e46aae331d48cbda1e50102

      SHA256

      03d31c89ff1512a0671390151d0f30015fa445ba45364cbc4dd6fcef07198d37

      SHA512

      3ef64490fce1702632557a7ddc24363620ca272e8b61e48c1f2b74374db83b52a59f156cdb019e0205d0d6096ec9fd73a15183eed2e3e0b8d8acc9b96e3e0690

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_fr.dll
      Filesize

      29KB

      MD5

      5b460959d67d7c7dee8966c7593e2d9e

      SHA1

      bd4e1eb217d319f9367a3134d488eb57ef7456f4

      SHA256

      7c8218e882f0b19291f8088fc1a0e9d8f793465b80b84c282558e19ee349efd1

      SHA512

      c15c161b1cf16e8549675523ab2ba5086e5e090cf7a837f2aef6bbcce201505f9ff2478c774261ddb9f8ff563f8fb41dec0c6d8eee43841ea1fa0455e9b11136

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ga.dll
      Filesize

      27KB

      MD5

      807d3b85c91a3a78d857724f6d4df8f5

      SHA1

      64fccdca9e003186890c336dc5667455b8055c71

      SHA256

      2a00e20da2ce93516d077fb52db7149b162e5a6b9fbc4b8f7ad442d3e51d3c8c

      SHA512

      66ce1ce09d055676c919f36e31d944e7c4d5bcae0b6343d22b6fd8880602b326f9fa610e7e120daddc99fafa5c8a1818d428fdc6fd206f755e81a56f73b463d0

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_gd.dll
      Filesize

      29KB

      MD5

      0cb26946b22b67acbd2348d25baf1f11

      SHA1

      9b74999efbe944089ef779d04d92579b82b4683f

      SHA256

      fe58df1b17fde8184475607bbb4367911c1ca9fdac79f256c001eaed0acb6b0a

      SHA512

      87e9cda95c6cad7f6efcf71068e9ac6c4e73858062079d4d264e7bd2f1e4126948e0d2ab57c9be7ff9f21fa59eeacab477bb455ab06f547aa3c5270fe1192b66

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_gl.dll
      Filesize

      27KB

      MD5

      0a3eea473ed114af963258dfeac97381

      SHA1

      55fd6a61fb35eea2a34a831448b4f3a9b7d1fde2

      SHA256

      7ce39b48849e3e33e78e9a39cc84665c33677ad248de27680c67305b4e6fa87d

      SHA512

      8849621aa87728b0fcca0aed5e598019630f91b609214c043d9e7eaec53a39bd95c8cd77e7eb5382ec8231df5f4742a7f59e031d8efb4643ebb4f27bccba0cab

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_gu.dll
      Filesize

      27KB

      MD5

      d75d2279ebc522f7b88d8e388b55a6bd

      SHA1

      ae532f5cf3630fd164458ee2b9178805c93064d9

      SHA256

      dc9e53b4d5b7cc6ea74effe897b6958b5991ddfbc60baf3ff5af74fc71fc138b

      SHA512

      741fb93967b31091905df55899c33303e80b1273187e296a10e4b85d7f93f53bca55e3f76ef5031d63716615e4c258b11efe19355874cda3624db39b0770039a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_hi.dll
      Filesize

      27KB

      MD5

      8088a0a302b58718eacc92fb787c74f4

      SHA1

      61dbe98e235723d82d7daacfbf3b0512976798e6

      SHA256

      bf81c79c7a6f20e7c5d28d4384129d9d5a61c1df5fcf1e249802e3c979c9d7c0

      SHA512

      41877350e92d46792f78984158557ef3cf78b7def79eb3b917e896e30c7865591406bd0245dc12220275bf4977aa25352e77eec037c46aa713e01a36d070ecfb

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_hr.dll
      Filesize

      27KB

      MD5

      af2042a5338884a7b07ac78fb14091c8

      SHA1

      99c545e0ebbfb382918955519f88fc1a68aba125

      SHA256

      31143a690e4c51859e18b4f9221468042e705817d52170ada0dc1d508c455cb7

      SHA512

      5b00c5730c0233c196043b05ab4462c79b30d181ae7cdafe18713be881e09538b4f58cfa5c0a8c17f31a1b9459100dea3ae1adbee42d77f407b94fb25ed4575a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_hu.dll
      Filesize

      28KB

      MD5

      2f8083b85f9c4f588cb8843e21077198

      SHA1

      b21d1cdfaaa7b93064659614b3f27c8b4d5ce5ae

      SHA256

      9de51be04b9b01664132c174bc2567fb2fe15ee4b74a6e68c2c7e8c8808ab184

      SHA512

      296a6ce20a253c7e77ce94dbf46ec96b305df153915f96e338df21fc140bedcb9d4ba29b7faaf280a0dc607a870ee96254de9dc469c071c90fdd8c499ee8ef5b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_id.dll
      Filesize

      26KB

      MD5

      41ac4e817c88a1fc008a43e25c4d71a3

      SHA1

      ffce205ffb01a54f96b0191b7c15dc3cd769e337

      SHA256

      d4009d52a419b3870036dac6f40202f3670530d574829ad55616d7a00808d9d3

      SHA512

      4d867b4ef9f33d93b67497ab52b826a31c130bb385734a5fc6278aa3b93346cf148713b36fb2eaa0b8f1196109b7975c45cf40ae3a69c1f109a9da2e42d3e0d8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_is.dll
      Filesize

      26KB

      MD5

      74d1be37b419bc050be7107d5320b8fe

      SHA1

      98d9868042a4671b0a9f5abc17289ce42a685077

      SHA256

      5a379b8d3b188c8f321c4f58c9589a1e8e53dddfadd493fbea84bd14532d8c4e

      SHA512

      e26e0c72b14b835abdecc0185eb4a0c664ab749ab75b178fae687538bfa6607896674900403ce38e5aa594f6e78f1c4bc3c61db49a568fc89c0242c8605af62a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_it.dll
      Filesize

      29KB

      MD5

      cdd173c3f540c2fa198c84657804d969

      SHA1

      2278b71961c16c366760c972467d57e11354eb22

      SHA256

      c381989587679bd6e6b90632bfe57c20c987127fe5743dea3ef278745faaaff7

      SHA512

      01fc2e45183932c5b3029f3ee625d6c5fc4449f5f7cff11a963aeaa241fa2a510ba455dc4a408a9a0b0b0f127407983395545d0f8875d9a13ef1f368ddbd15f3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_iw.dll
      Filesize

      24KB

      MD5

      0ec86b4b2f37b6d19b7f884852730da0

      SHA1

      d39e6b0e1fda1e26b873ca635266b87bf41667fa

      SHA256

      637178fef36bcca7ac50b10091731d86d0b73892d60b98531d21614fed28dc30

      SHA512

      f49f9db37fbc1c47bf614ef391205a1a7da29045dec4f15ecfe38472c62264e5d107181d55b27f471b626fae7b6328ce05e8e60bc61ede271fc4c47804c0a4eb

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ja.dll
      Filesize

      23KB

      MD5

      02ef894b4b4b6d8c071fffff05f810ec

      SHA1

      4c36f9c8a4f5e22726f87402826b69cd29087a9f

      SHA256

      d0b824b90377e1912c349923d3cfc63018bf96f96ad6a46b0fabf5897fb248cc

      SHA512

      99dc3dbb5eded5cb369fa080bb03299e816a51d541069d93982b85f68bd1ff116483d51339d530cc475015510e9186d9794aae0caa389cbc97a63cea2e39dcac

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ka.dll
      Filesize

      27KB

      MD5

      df96e9023cdb8cb827703e1fb9c592de

      SHA1

      eda83f777bc404c3bcc0c3eb7a12d5561238ac28

      SHA256

      415ab15b6a48176f3bcd09672de89ecd39684a482c9ee0d45bce366fb3450d43

      SHA512

      23698883a68259ffb36dd932f6b74a2257e8499336a66a41fe0b2a98d6e866a90f4e071f5d41a3942d3e4884a6dd7488b458879f8379fdeb4676edf593226e43

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_kk.dll
      Filesize

      27KB

      MD5

      9022a388f56e7f59270dbd0ec1e36583

      SHA1

      9a3103a02938bf873e0398c404b3b6efb27f60d5

      SHA256

      2e54385d95fcbfd998d5d83ac408c0a45af2329930678bc822544a46fd7390fa

      SHA512

      68455fd649d03927eb484b515838c2c5fb24eb8ae1adec80e60f83c5e150bf701b9adb43972e5a9050603af68cdbded152150c5dda5d90b04e2a942d053a7c62

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_km.dll
      Filesize

      26KB

      MD5

      a351a85e384b65bb7b5260eda1aac709

      SHA1

      9446d97d7d32deef18a9e1c62167747aa316fb35

      SHA256

      48423fa045bd50175e297cd0642335aafa57d16ce4eaba59734f12f88d2d526d

      SHA512

      0dab0dd012c53426feb07ba55dac3d8fbb718e1146b8cc495278b3a432277ecb454d181f48013cc86ee9e26d722c5e070d418a0dc86f9594e0c9a017126ccd94

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_kn.dll
      Filesize

      27KB

      MD5

      5ff19e69a260367c9f4e667d283da5d7

      SHA1

      e54c111fb7a02baadec488c358297a877aaeccd3

      SHA256

      c5fe72e4bf6ec76ba7f4d14374a2b15873de9a5815227ffb303a0b165dfe790e

      SHA512

      17a4f5a6e927146dfb3690d8e5cae29bb898299953734b1c1d8391c38106dfa96dca0246dff83b2bfabf9840661828fa7131df74a69b1ccd1470ce01f07fb99f

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_ko.dll
      Filesize

      22KB

      MD5

      7a79d9fb7cb385c79c5cd7fee302d9d2

      SHA1

      0c2ec8d27c8faaed1a184929e92dccd1182b0e32

      SHA256

      9463457928689d87aa7a52cf5a205bb8bc67c0f94eeeed681715125582cbc2df

      SHA512

      224a3a960577afdbe47bfb42fa6059314ae16cf26686421603d1276bfa3bdcf58a9a26fc6dca298f9ff2f6e190a3008edf8a614d28cc354a8bc253b65b180d95

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_kok.dll
      Filesize

      26KB

      MD5

      ec003a7505d58aa0ec231415267c97ef

      SHA1

      43f4ce1a7c859b571042f2f23cc6a758ed806c95

      SHA256

      eb324b717e98ab6f47eaa65a7ba9e0e7ef9c7563fd05613ec149eab121edf86f

      SHA512

      20f61759938ed69df7b40628587915dea21e2ded3c9901ca9334b6add5f21995afd8d90ce7e290b6b51b9418395f526acca90f8071b6564f85a08d1253031bfc

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_lb.dll
      Filesize

      29KB

      MD5

      7e830cc3d425a9d58f47b67f0c0284eb

      SHA1

      e7535444087b1c43f2414385bf77a59afd4ffb28

      SHA256

      3a99e182cfbae7e5909a7b35408db26ca16d987aeb5f068d0961933a5a4a7a5d

      SHA512

      90995fcb27bd58b9c0d6b08418eb66405ff5287ab9a4b27d08a5183efb54828fd3a9acbabb7aa146a6eb0cfb0c9aa5ce9f32451a35a9e0f5064850cc305f5dc3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_lo.dll
      Filesize

      26KB

      MD5

      20125fa0aa6057fe9483195d98b53b6a

      SHA1

      b90a5dcd8e65be58c4c8d6276aa1364f4d0d7e1d

      SHA256

      a909ffd028323697edc04d824a9de5e4e69f26fb6c8e9c11b0e311bf5b940d17

      SHA512

      460c0ebb18336391c25a60e99ea0927b36833ca2c91de6fc9cf3f32ac90e7e45527d95f668c03a859d91024ae7ae5372719ebba2e2c7745091b768407e2e4f9b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_lt.dll
      Filesize

      26KB

      MD5

      91c5d6031932f5d0cfb2778d08d6f63c

      SHA1

      9ae092d7b0b189eb24a2d4282f6598577a39eace

      SHA256

      afae45e481b705702da9b8c6b1cc32aef6e1c5df3a876dc8ad8b75fbca8a16ef

      SHA512

      aeb8675a78a48069224d0ce13ef69d2211b96d6e9c7fe75d0560bce03091ef9efdfb085cc616097072dd952e605e73e2493d6b38b03e01e7f8e85987b0e680b6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU562A.tmp\msedgeupdateres_lv.dll
      Filesize

      27KB

      MD5

      47de5673add4c9043d0890e27afb273e

      SHA1

      efddeede2791e5ab1e57c3afd4399b0a439b7497

      SHA256

      6d3918c43a0eee94053e38c9b45dbf572af62ebd076c1317a5af8db10868ee34

      SHA512

      0a61f73b67aee5f980dedf14bad2df4cde19d0cbee83c76932a3936e5d2a9b66c131bb367d74e030ca453a4772d2beb5f72e79f6f3c0bfb9cc4856c3ba26de4a

      Download Submit

    • C:\Program Files\MsEdgeCrashpad\settings.dat
      Filesize

      280B

      MD5

      13c95107f267682a95bcde70ab7181d1

      SHA1

      b1a0a56347e2dfe77356720f4306938c1fb93ef3

      SHA256

      f0f8d089e6bf43e626c12ebbc9414c5f3f5ada41731503d429786778a4189bf3

      SHA512

      922415797a915d3759cb25132a692f1e40deaa3eff7939416312da53f6824818123f06ce51c625a5741a8e6333f82b7876ec90fd76a9356248436d0f13e600a5

      Download Submit

    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
      Filesize

      76KB

      MD5

      9be9ec15fd071b58e5661726fa7d4438

      SHA1

      c3dafa5752658b0faf17b0e0e9ada26e706f0058

      SHA256

      626687e4218b94e112241afc1ca79cc8fb9606b0248ab4e1dec36d5e5c37d0d1

      SHA512

      89bcbe3fba52b194dc5eb10254f79e7ac29d7cd2e6bb03d9184137e00ecbddd09f26906376fc92d704264545bc4204ffef863d809908f1c20ef3f241ba4de1d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\PowerToys\PowerToys Run\Settings\QueryHistory_version.txt
      Filesize

      7B

      MD5

      afe4405d6bd2dea6178c4d401e155fa6

      SHA1

      819ad2e50a1e779b81e51b7d0912e3e76d83245c

      SHA256

      77f3269d6572eeffdc1677b514f6a98ff3d2eeaa815b54a05eb8d04815336729

      SHA512

      2eb436876e30fd55ec1c31ffe6fab5d1a832288f26e4586dafdccbb5d02fae01f77793c1f12d7ad7723c07739a2f60d2f4ef8c75e1f42dc7ad8476f50eba6e34

      Download Submit

    • C:\Users\Admin\AppData\Local\Package Cache\.unverified\PowerToysUserSetup_0.78.0_x64.msi
      Filesize

      2.9MB

      MD5

      2c797c4c60d7476ab01a8af62c13cf69

      SHA1

      a9398e1ef58faf12e4ae8bf987e68ddf854822e1

      SHA256

      d3a78947f6fcdab98bc9ba1bf50ba92ddc2143be2908ae3643da372192c533bc

      SHA512

      42e0d16c9f9807f87cf9d0cf834787f8b85ad7ccc0bc0596b5dd2d028f07cebe98cd4db9225e94f3c0649a379b21f7489aeb815f8e850bbd9faef2c5c74d4fec

      Download Submit

    • C:\Users\Admin\AppData\Local\Package Cache\.unverified\TerminatePowerToys
      Filesize

      469B

      MD5

      e2f355a3e84e2589d9d69d3033ba5f80

      SHA1

      ceeb2f4674ab44e9ebce9175ce716612d979979c

      SHA256

      c5bded10d9ce53431e12f6806693a67122805f0a2235b373f868799374a353e3

      SHA512

      439a8989d4069c0616dbfe7f9488ece1d173feb234706c45f47e5aa9db98d155974adb6a5e67343f6fe184210f1f581cb3cae08f4ff1142ba9fbcfa03f997ea2

      Download Submit

    • C:\Users\Admin\AppData\Local\Package Cache\.unverified\WebView2
      Filesize

      1.7MB

      MD5

      dbc06aa42fc27fd5fd0b87b2f9067637

      SHA1

      f7119e3ab3d5cb3adcd9a57f0ec227f783695819

      SHA256

      98370211f329f59b97308915790eeae4580a29a88c4285ee43a9f190a16e832e

      SHA512

      100cbfbfb0916e3658d5f8ff748c1c2368ea52f51e3c828425a9f9f2c366bdaf83612d650b93fc6cc4f4bc6d2d24efd841d761c13311cbb9293c4057907b9dd2

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.GcodeThumbnailProvider.runtimeconfig.json
      Filesize

      466B

      MD5

      13d5246b71ef06b9e87a4e3326425dc1

      SHA1

      bd122b16edb53681c1a490770e55529d1d0db6e7

      SHA256

      5b4b3b67fc753f964a98ece173b953e38bc5b02df74f3d1dbc813cdafb413d14

      SHA512

      6179286073cbb371451525ee2e19e44fa986ae4b015a0a1ae6ae6ec5c3dba1ca391b3806422a987872970a29219275ef93e5af272609863cca342c906889b7be

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\PowerToys.exe
      Filesize

      1.2MB

      MD5

      7b04069ee1146c086fb502e0a43b5a64

      SHA1

      c8b726acd5bc13568b9a81173d4e87289986b965

      SHA256

      d2bd158112beb1266248f2d9d2d3a5f0c729d9d59e5e56609e9c84d02b545b2f

      SHA512

      7697bd6ef6fa4d3b6311c99be9dc4c761fbee1b74126da4360eac5c3008c22319b10a41b5b2a8edf320e6729916f9b12a01ca7aeee3b85640e149d5c62ea8227

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\RunPlugins\Indexer\PowerToys.ManagedTelemetry.dll
      Filesize

      16KB

      MD5

      4fcf19f54a4c439b449475c60ff0b6c3

      SHA1

      6dc8f76068d97737e39095f50dd764d308224e94

      SHA256

      252646d9c752fde32b72caceff38d0518881024024ae553a123c392eea903393

      SHA512

      83bb3f2d597dccd2229b0e57a23ef232445d45b1eb3e9c9be633d926c1842ea524fa211d8c2570795828fe20ca58ab3c48a23106b93ad60fba9298ae0bf12f03

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\RunPlugins\OneNote\PowerToys.Interop.dll
      Filesize

      199KB

      MD5

      d7c08d519ffb49c4eacdc68511dca380

      SHA1

      5769cacd99088d3dd62d86948a3431e2434c267b

      SHA256

      a30db8e010bc129d63e3edc42ec195c9fc803bec0a4748c8a4a7adea199f01ac

      SHA512

      89f0c1d25ff291ec6f02666e0d3952a01ecefc1d15efb4eaf6501c882a349c178e4e03d94aa256ee10f33dcb6d1967accfa04cc17e87e17a553505d392469c09

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\RunPlugins\OneNote\backup_restore_settings.json
      Filesize

      1KB

      MD5

      3a6fe5cc04be369f7f829b49d693c01c

      SHA1

      e230dc7932de3c576d865213d3564646ff58372d

      SHA256

      2fbe512accf83de3b28d022c08905e6450cd9d67fb12dbf633ae3366b59268cd

      SHA512

      db8d7c1941e6fc4a3227d25023cf97c44b05ae2a4272bbe373c897ddc4b2fa7e0ca35e0a875cf79601ba597a4f93cb022d665d707d085643cc5d24f5368cf18e

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\Assets\Settings\Square150x150Logo.scale-200.png
      Filesize

      1KB

      MD5

      d2b8493b3c1165de98573eb2d324a8b0

      SHA1

      ab538757b4fc36ee94a240c6394e3c90c9e7bf7f

      SHA256

      30f0c897159cced46d9af091ba98d631602728cae020dc0ae11719f2683baa2f

      SHA512

      b17ec1b1f405506e31980f29ac0019337a10b70479debed21be64bf4388b3d76fd76cb9b6a6000c617e4e00c61ec908de83457f8c7f158c685c01bfdc8093dbf

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\Assets\Settings\Square44x44Logo.scale-200.png
      Filesize

      433B

      MD5

      9847d5befe3aa972b305e7d692c22402

      SHA1

      2206e792c42b0130da89d7ff36857cd5c311df33

      SHA256

      82d03a32d62938bff429633f721b44805b042274fa504e20a9318dae13027e06

      SHA512

      1877c33b69f56a3dcf4bd12b11b332a356e6ed68d711cf4e1a4a90021bc7d6b4dc67d4d0ff080ae1e5a0aa97c86f62929b148a432bdd322b617c398c1a4fd258

      Download Submit

    • C:\Users\Admin\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.runtimeconfig.json
      Filesize

      467B

      MD5

      af9e1b9f75547fedda7e125bbec5e91b

      SHA1

      5f97c0d4d35879c6d310c6a9a7f8936fded1a9ad

      SHA256

      cad9a71e901b64c3226b2376fa5b4df956c1bed047e479284cefaeff270793c1

      SHA512

      217c28d3744ed77290bec1f6e1e37ec5e9e2fe3f4e14d0c1127d099df885b2a41d93d58098c63cad38ef84af124be1379c174a8c2e7a68e4ed1a2eac92f12d28

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)\PowerToys (Preview).lnk
      Filesize

      2KB

      MD5

      51f5d0130fd99bfd1d979dd5c871841c

      SHA1

      c0a7c0482f9f6b0ee714f81f4d5983e324cbd591

      SHA256

      f64827c2c35b7e57cc65de6265ef8ab055a95a643dabb06ed623d66f933f0f1a

      SHA512

      be89681d73633dabd7e6a513bf99f61113d658e003b01bb40904b23696f4557da7509f063e95d2066c97cb6c1b9bdba4014b3df024ec10cc9e6a2cda68ab5b48

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)\PowerToys (Preview).lnk~RFe5b222a.TMP
      Filesize

      2KB

      MD5

      8c238f078a560404a415e3f20b7171e0

      SHA1

      28c2775c1216377442f00a1cc12faa0d9c8c539e

      SHA256

      80a8b017563d98bfd741b604395fe64bb6ab5f0b42999b49ef9cd16baeedbbcf

      SHA512

      a70ccfff75efaf757b5781d2bb682288a4541a3078d74951244db157dba3ca1c7934bd5e0507f8c15aaffbd70bc9ed6fbb4aed6307143756c1e5068d02803a61

      Download Submit

    • C:\Windows\Installer\MSI1D24.tmp
      Filesize

      148KB

      MD5

      eecafc54c8fa470babff03f88eb12224

      SHA1

      d9243705183885750219baaf97593ba01db77a19

      SHA256

      95f80b8f436641700f963490662ef09433145f21b38d1713dc9946fb7a51e509

      SHA512

      788a753e1bc46a28a74bf342b1e8af2e63cdfa68f233377570b66d9161928e0523e9de914b9b582f531dd122bb182b542b300b045ccd985d07bb0a70353c183b

      Download Submit

    • C:\Windows\Installer\MSI31E7.tmp
      Filesize

      233KB

      MD5

      69ce0f47a489fc5ed1980b43bf0eb0e6

      SHA1

      3f6d8ceece019812d43a0de767fc7bd72f2ce241

      SHA256

      b29b65905905f7d9279737fad9ee4dbfb9375109ec03c0db2d96e11b031e9a70

      SHA512

      ade5af5a8ca4716eb651d7de0f9bfd9c2f155884a022312fa808439f56b55ac5375dda3b4cd2dcf9af105d99cdc991e74250246f7c600a13b80507859bf43bb7

      Download Submit

    • C:\Windows\Installer\MSI83F8.tmp
      Filesize

      797KB

      MD5

      737291aeada46b0de9e2400c4d47ec79

      SHA1

      18891039b74397654b61b646ae35c009b62b1d27

      SHA256

      544aff3fd38e069650b5c6e6906d573046d762bd80cec94a0905765d59e7da40

      SHA512

      7d6169781c9c78115ce393afabe7db85ab5f78efd567d5ba5dcebd239eb30bf528b2c9beec807501b3dd5297e0574e8fd26fd8e5a3781ac1882599e68c8de4e4

      Download Submit

    • C:\Windows\Temp\{BF8225C3-7646-42F0-8ED1-DBE2AA08FB4A}\.cr\PowerToysUserSetup-0.78.0-x64.exe
      Filesize

      646KB

      MD5

      d24fe4694e138b86d57ec179e2dfcd9c

      SHA1

      ce0572380ae3ab9332f238b00d2087e9c13ffa5c

      SHA256

      0c56f5d7fa7ef810567cfbe69b1368ffbad4dea15adff27244799264a0be3f6c

      SHA512

      402ff5e07cbeb4d6650a9c445991421cedb173f9049c79c3649de19f18dd6b7a80bf8bdce1182da895ac556381d9eaec149b77712f0fdc83f4a60a248afe7475

      Download Submit

    • C:\Windows\Temp\{F1ACD087-D5BC-4A38-83B5-8B0C2B009A20}\.ba\logo.png
      Filesize

      1KB

      MD5

      807f899993da55765b3615a73a708862

      SHA1

      aaba81806befe73710116a477fd58634755d0f57

      SHA256

      d0f67d8dc4405840bbdef2ef78eed38db08739a773112f16d9edc2cec5f2daca

      SHA512

      394aa7e4d929fac4264a8d9e3fb2066e879a8d58d1709b838b8c00ac044265f8f6a1c2647f15e3e10e031b03af7581e89150527c95cf5376be1b193ad17a0525

      Download Submit

    • C:\Windows\Temp\{F1ACD087-D5BC-4A38-83B5-8B0C2B009A20}\.ba\wixstdba.dll
      Filesize

      203KB

      MD5

      0ba387d66175c20452de372f8dbb79fe

      SHA1

      5411d41a7d88291b97fb9573eb6448c72e773b70

      SHA256

      7b3d4a22a56cd80f19c48a321f978f728d34b8227cdc7fcadeb76b7506b2bb33

      SHA512

      13ec6e6ddc602e8053aadd4dd84ed87c23b581f2a41d738e32a522128ca4985dcfcaedc7fab192085f0eb4facd1cd7ad91ccaf8505491e29288d2f66cbf705fd

      Download Submit

    • memory/2232-2687-0x00007FFAF9460000-0x00007FFAF9470000-memory.dmp

      Filesize

      64KB

      Download