734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Size

9.7MB
MD5

1f13396fa59d38ebe76ccc587ccb11bb
SHA1

867adb3076c0d335b9bfa64594ef37a7e2c951ff
SHA256

83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d
SHA512

82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc
SSDEEP

196608:CtbTP1ErBwMQjd1YTHdmpCP2PVgP/acIE/xQ0zyZejVk+YzbRdTZ:C1E1+dYx6OP9hdyZwV4zd

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	[email protected]
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	NavaShield.exe

Executes dropped EXE 3 IoCs

pid	Process
4524	NavaShield.exe
2224	NavaBridge.exe
3996	NavaDebugger.exe

Loads dropped DLL 12 IoCs

pid	Process
4524	NavaShield.exe
4524	NavaShield.exe
4524	NavaShield.exe
4524	NavaShield.exe
4524	NavaShield.exe
4524	NavaShield.exe
2224	NavaBridge.exe
2224	NavaBridge.exe
2224	NavaBridge.exe
2224	NavaBridge.exe
2224	NavaBridge.exe
3996	NavaDebugger.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NavaShield = "c:\\Nava Labs\\Nava Shield\\navashield.exe"	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	NavaShield.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	NavaShield.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe
3996	NavaDebugger.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4524	NavaShield.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4436	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4524	NavaShield.exe
4524	NavaShield.exe
4524	NavaShield.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4524	NavaShield.exe
4524	NavaShield.exe
4524	NavaShield.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 4524	3244	[email protected]	89
PID 3244 wrote to memory of 4524	3244	[email protected]	89
PID 3244 wrote to memory of 4524	3244	[email protected]	89
PID 4524 wrote to memory of 2224	4524	NavaShield.exe	94
PID 4524 wrote to memory of 2224	4524	NavaShield.exe	94
PID 4524 wrote to memory of 2224	4524	NavaShield.exe	94
PID 4524 wrote to memory of 3996	4524	NavaShield.exe	95
PID 4524 wrote to memory of 3996	4524	NavaShield.exe	95
PID 4524 wrote to memory of 3996	4524	NavaShield.exe	95
PID 3996 wrote to memory of 3556	3996	NavaDebugger.exe	97
PID 3996 wrote to memory of 3556	3996	NavaDebugger.exe	97
PID 3556 wrote to memory of 5368	3556	msedge.exe	98
PID 3556 wrote to memory of 5368	3556	msedge.exe	98
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 2632	3556	msedge.exe	99
PID 3556 wrote to memory of 5568	3556	msedge.exe	100
PID 3556 wrote to memory of 5568	3556	msedge.exe	100
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101
PID 3556 wrote to memory of 4596	3556	msedge.exe	101

C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\NavaShield\[email protected]
"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\NavaShield\[email protected]"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Nava Labs\Nava Shield\NavaShield.exe
  "C:\Nava Labs\Nava Shield\NavaShield.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4524
- - C:\Nava Labs\Nava Shield\NavaBridge.exe
    "C:\Nava Labs\Nava Shield\NavaBridge.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2224
- - C:\Nava Labs\Nava Shield\NavaDebugger.exe
    "C:\Nava Labs\Nava Shield\NavaDebugger.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dream-marriage.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ccd546f8,0x7ff8ccd54708,0x7ff8ccd54718
        5⤵
        
        PID:5368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3510271343599524471,4779006266209625280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
        5⤵
        
        PID:2632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3510271343599524471,4779006266209625280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        
        PID:5568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3510271343599524471,4779006266209625280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
        5⤵
        
        PID:4596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3510271343599524471,4779006266209625280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:1132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3510271343599524471,4779006266209625280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        5⤵
        
        PID:5348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3510271343599524471,4779006266209625280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
        5⤵
        
        PID:4236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Nava Labs\Nava Shield\NavaBridge Libs\Browser Plugin.dll

Filesize
96KB

MD5
912924f628e277be9cc28a5f2a990cb9

SHA1
13c0166469a271497043a2f13e9a6a610dc2b336

SHA256
bd474c5aafcaa12f20da5ecb29e17555b953eca46b4f56588a72672a36d4a8eb

SHA512
b33b430254f9ec32ecd6224124db69af93de3cbfbaf422a0045641f7961834a67cba1b9fd97f4e0e903e27e3360301c5dba214a6b9156c4cdf8a25115b860c39

Download Submit
C:\Nava Labs\Nava Shield\NavaBridge.exe

Filesize
4.0MB

MD5
6f89df4cde193c0636c3d497cf1a17bf

SHA1
9faaa0100195e3e81fdade11e7a476a1fd1b23c8

SHA256
e7f05380e90dfb15b91b8bbc2ae48a04ba84d573b3c9f7d81bcc12f814215929

SHA512
c31848b1dceb8f8351991051b389a38b2ca0ae7ee98ebf626576245ca1588f1f6ee14e3eff7b165ecf9879e7e11ab77888e297cc4ccbb405b0ed64ebcda304b2

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger Libs\MD5.dll

Filesize
92KB

MD5
831295342c47b770bf7cc591a6916fa7

SHA1
2c9063fbf3f3363526abdc241bf90618b82446d1

SHA256
8341ecc0938ca6d90b7e0f02af2d7e6b571c948a03a99d54af61c4557c78d656

SHA512
01419defe963a987989cddb0e21cf651ec3eefeae97cf4b257d4caa8da26436a647e8e4d95cdad22bbb0657171f6d3d9c41dc6fb217ffc7d5172ebc9a409d36e

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger.exe

Filesize
10.0MB

MD5
47ef848562a159b2ce98d527ec968db2

SHA1
56b34310e8ede0437c422531bb89b2255a03cb3d

SHA256
7d899d2d33bde1c7f55ba0fcd4630b817e42e5cd1ceb8739511a990455275f90

SHA512
ac05354eacab4252e57151e98b8845d142b258590269ef92a724818623f2912b48341555ccc604a810e89ced3178ffc896ba116805ec3d129d9f6932296d935a

Download Submit
C:\Nava Labs\Nava Shield\NavaDebugger.exe

Filesize
3.0MB

MD5
97075f21be7f099a7f76b9e3b2719a14

SHA1
1b0e6904ba12074c6d0774fdff66e19ef0f8393e

SHA256
cc34f63be0c54a6e07c8e6e22229003ba0cd4bd24ba1e0f2f96058eddff9208c

SHA512
f4e876560660ccd0c562af9d6009631538edf7fe76c889e51253868957aee5314864bc5fdf6badeee725683756d029b804bc50e129f53bd3c08bc53e03519730

Download Submit
C:\Nava Labs\Nava Shield\NavaMod.dll

Filesize
5KB

MD5
3d7f80fb0534d24f95ee377c40b72fb3

SHA1
11b443ed953dae35d9c9905b5bbeb309049f3d36

SHA256
abd84867d63a5449101b7171b1cc3907c44d7d327ea97d45b22a1015cc3af4dc

SHA512
7fc741bbce281873134b9f4d68b74ae04daf943ea4c0c26e7e44579f2d51883c635972a405dd81cee63079a5ba9d09328a1e26e7878547590569806d219d83c7

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\Appearance Pak.dll

Filesize
136KB

MD5
fcf3ac25f11ba7e8b31c4baf1910f7a6

SHA1
fb470541f0b6b8f3ce69dcaa239ca9a7d7e91d72

SHA256
e5b3249fbeea8395fd56c20511bfcfdb2b2632d3c8d517b943466a4e47f97b5c

SHA512
47c467924d64af4a48a6e640778aca1dce379d16b06bf3f60a44025034c15ce1498ef307b63cb04e5c0cbb6c2ac58022acdb0d6efb1109c5ea31f842a320aa40

Download Submit
C:\Nava Labs\Nava Shield\NavaShield Libs\Internet Encodings.dll

Filesize
72KB

MD5
de5eefa1b686e3d32e3ae265392492bd

SHA1
7b37b0ac1061366bf1a7f267392ebc0d606bb3db

SHA256
a50e56dfb68410a7927ecd50f55044756b54868e920e462671162d1961bfe744

SHA512
c71270a5275f91214444449be4923a70243a9e2cd06afcc6fd28ab9f2cd2d930219ce8ed9ec008750b2611b62ed26b65cb57a75c6035201cd9657263d157d508

Download Submit
C:\Nava Labs\Nava Shield\NavaShield.exe

Filesize
23.8MB

MD5
9d299e41bae269641af28a6c02b80ef6

SHA1
66114e20ddf19e657d29aa2d1ac56ea93c62d130

SHA256
fce1bc05fbe2de83ee535e5ce0ceee94f2b4f917cdcbe1f1f649f44be25d4ec8

SHA512
26e01252b6caea9122734485654848d31c7f3dd06cf7fcc2806ba2b0705cb914b6b7b4e38ff1f23a5c373277e23d64320844e9882bef4ed27eb68d7ecce5de28

Download Submit
C:\Nava Labs\Nava Shield\NavaShield.exe

Filesize
18.1MB

MD5
03207b0861ad8b61d58975fa2ad55b9e

SHA1
09163b5ba1a621b540de54e08dc0fab68a533ed7

SHA256
c1b9569892185a20e9c2fac53a30d751df58df582a8eb4bb5a95a050b8b69310

SHA512
11d61c8ac22fed2262e58ac1f62b8c9545664d8d0048b24ee4925480abd81c6e01d646dad16837434a44c735b93ddda038efe1c582df93abee503315e26620ce

Download Submit
C:\Nava Labs\Nava Shield\bridge.dat

Filesize
176B

MD5
e66f1107f995d52bcd90421b3cdc0dde

SHA1
245acafa2f3dab3f2b7f183d34267dcd976199c0

SHA256
45fa6eacea58e682c2ef2bb9e888cb6bf396c37b957fd144ca73c95699ad3c74

SHA512
0500f9dec5cfdfb80bc5763943deb3111ccde4b35f19ac124df2e5abde2681154977f160a42e9ef50698b0ea0cc26fc09361a3917534038f141dd047f0287c1f

Download Submit
C:\Nava Labs\Nava Shield\config.dat

Filesize
4KB

MD5
21bc14a039e5ae18d6573bd604a6e8c7

SHA1
7be93cc84d8cc14bfe9359b8222ffc9a21ed5185

SHA256
e821a3980435659da572ccc6c5ff8138321a8c8a5ebb254c380e1e30bbb1a361

SHA512
063a0b9f690e64e84dbc8a7ead514707edebade489e684c43ebdb44a5b262d413a80340745946a6a2ae1828bc826b1d8f8c847dd76eff4a527dca874118d4812

Download Submit
C:\Nava Labs\Nava Shield\config.dat

Filesize
4KB

MD5
2778ef59314743fd5f3f48a61182b19b

SHA1
021cd79d262706dcd6049f3fedea5b197ce768b2

SHA256
9ab6bcf06b46176e8d434a5b810e86624bc475f25017a237b315760f44c22c48

SHA512
fc413210167e6ac164303b939dbc4fd86415750f32409a957fc5821d4f69efc40d6547e9c9eb7a0eeb1d66f0d1c72e3354ce7261711991eb73508e16ec9fad66

Download Submit
C:\Nava Labs\Nava Shield\navig.dat

Filesize
255B

MD5
0bf850cb9d0aa0f4c778cc515b79bd13

SHA1
c0cb8a58cba046d2c7539025a39c8a1af81c3914

SHA256
9c4723ecb77e39e58eda9c60f532724aa3bf69de30047cc7b6522534cd423f00

SHA512
649c13f9f4fccc03ebd6cb2c3752434c69b5a8d7e9b94cac80cd98a7624bfd00648949b18cd720faf89fae050f6b523221db589a550c6ce4513e76ff0895da5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59dc2ae9b2748089b6e206b38cade64b

SHA1
08e3774263929fe6cdc946dea6c3bae820ea8988

SHA256
ab6a8b19216a1a3c2a8c9c3669d016eb3bc5784104d567e1592bf2eb0843b82a

SHA512
e761685b922d6e805f05f054e8c9db94af0650d2ab3e9f7bf95ed13b184b86d9dcc00d6d29c09ab99564289adae68246b42edb77dce0f1a6add71408d68445d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
1.1MB

MD5
d17bcf5544969f599bd0f576cc2f7433

SHA1
af75c2bc68bfc8508ef340fb0633ce9e515a9b52

SHA256
e68cfdc69d7c4ad2f7f9d4e1b59806445647911f7319e6673b81f9e8dfd4f83c

SHA512
ad318205ea7340c949c97330c8134425e22026be333af7398fb284aa9d5fed0ac15db55b0c480772a5c45cb9dfcd76a03121f745cb8f3de5ac613da493f33a64

Download Submit
memory/2224-141-0x0000000002640000-0x00000000027CB000-memory.dmp

Filesize
1.5MB

Download
memory/2224-140-0x0000000002490000-0x00000000024A2000-memory.dmp

Filesize
72KB

Download
memory/2224-145-0x00000000024C0000-0x00000000024DA000-memory.dmp

Filesize
104KB

Download
memory/3244-152-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3244-46-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3244-11-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/3996-151-0x0000000002570000-0x00000000026F7000-memory.dmp

Filesize
1.5MB

Download
memory/4524-153-0x0000000069F80000-0x0000000069F88000-memory.dmp

Filesize
32KB

Download
memory/4524-117-0x0000000002620000-0x000000000263A000-memory.dmp

Filesize
104KB

Download
memory/4524-113-0x00000000027B0000-0x0000000002ACB000-memory.dmp

Filesize
3.1MB

Download
memory/4524-112-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download