bcc8812a2385f7a4db7d7633eb5ce0770e5cc3b5093873fd3e0a7c239f8daa1d

Resubmissions

11/04/2024, 06:06

240411-gt1pxagh4y 7

11/04/2024, 05:53

11/04/2024, 05:51

11/04/2024, 05:48

11/04/2024, 05:44

11/04/2024, 05:39

Analysis

max time kernel
166s
max time network
176s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/04/2024, 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hone - Installer.exe
Size

2.0MB
MD5

67d529ffa7aef6629700ce3a9e990ac2
SHA1

6ba55f541defc22f92473a45d2187848a0d4126a
SHA256

bcc8812a2385f7a4db7d7633eb5ce0770e5cc3b5093873fd3e0a7c239f8daa1d
SHA512

bdda91b0d95292ddae966754c6b3af618b60f4e575033306023db5e923b4a422b7a82bca1974645a15d8631221f7e4cacb399a34737c2c1f1961416c74ae7c64
SSDEEP

49152:6Dr+mxE87vxpsrFpIvPBDurAaMs/Y6NTTCca:6H+4PN+TIvyMZ+O

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3912	OWinstaller.exe

Loads dropped DLL 11 IoCs

pid	Process
1116	Hone - Installer.exe
1116	Hone - Installer.exe
1116	Hone - Installer.exe
1116	Hone - Installer.exe
1116	Hone - Installer.exe
1116	Hone - Installer.exe
1116	Hone - Installer.exe
3912	OWinstaller.exe
3912	OWinstaller.exe
3912	OWinstaller.exe
3912	OWinstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{F81F5940-4F4C-40DA-B884-24CEE17EFBBA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GitHub.LoadTool.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3652	msedge.exe
3652	msedge.exe
3332	msedge.exe
3332	msedge.exe
1912	msedge.exe
1912	msedge.exe
3848	identity_helper.exe
3848	identity_helper.exe
4304	msedge.exe
4304	msedge.exe
3224	msedge.exe
3224	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3912	OWinstaller.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3912	OWinstaller.exe
3912	OWinstaller.exe
3912	OWinstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 3364	3332	msedge.exe	84
PID 3332 wrote to memory of 3364	3332	msedge.exe	84
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 1772	3332	msedge.exe	86
PID 3332 wrote to memory of 3652	3332	msedge.exe	87
PID 3332 wrote to memory of 3652	3332	msedge.exe	87
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88
PID 3332 wrote to memory of 1360	3332	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe"
1⤵
- Loads dropped DLL
PID:1116
- C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\OWinstaller.exe" Sel=0&Extension=mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc&Name=Hone&Referer=hone.gg&Browser=opera -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://download.overwolf.com/setup/electron/mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --silent-setup --app-name="Hone" --auto-close -exepath C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff992d23cb8,0x7ff992d23cc8,0x7ff992d23cd8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1632 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11295569918653510362,13438580372131099472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1b766d3c70846f26c55356f42e0c07cc

SHA1
d52d2c34a00d19f45ae84e4ac1db477e0e8df955

SHA256
e9771c0a8f61fce66b9a3b8a65e97d82626d3ccb8acf33c36f790c8bc6504b38

SHA512
48b42d78217067743dfbe9a2a5e8bd96d5ec99e856ff023abefcd3ca92da12ee54074f5e83fcc853fc6f8c3187b7ac8aa4dade582b88cb0aaea5ce1dc526dc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9b7819fa35ec56620b741d7ec2fe7a74

SHA1
f0f484206c19d89e6e493d8c21ecb7db4201981f

SHA256
2d0e6bc6549694f29afd5604c263b031204f56f0910d4762afc12ddc856023aa

SHA512
37d5cb55523cb28299db54b3f5be4a43e50f22127fea04a03b8bb33b649b516e6de76ef2400e2d90c162dda86a9fc2e712537b069aff84a3854bb1b5d57b3c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f54cd9840e4af0d58ecec44acb572a83

SHA1
e9d7ac4292b7aa57774365284f2412575ae3e53b

SHA256
1d1290adfcb0ad5fa7dbe99aa94f5b959cacf5a7932d07df5a394fb8511fe3a8

SHA512
3cc976ee1a0af3eb39bf34095db08d8a26402776597de3b0575bd760163c9a966303feefc759914e5c726d6e5bce40c8cc2f8855af8248d3522723232e107385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
50531072df8e787d3999e613afa8fc51

SHA1
a71b3975bd17d2367e6502213d5ed3eeca2f122f

SHA256
021fb7e58526a991858ee939b212695ce4471f2909f53f123a2ccb79cc427945

SHA512
ec48859e7772840b1e73a8e899a8dca0e4e4777f1518a692c4078c6a5e65b4798dadc010ad198df9f7ed0e0cb6a0f545c1a5ba41d63da668af97ed2ec9c5f1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0bd4b63e91956efbc7b824ec08c3f2c1

SHA1
b4324d83f513ccfa3c836d5a875cc478cdce29a8

SHA256
b273a8ae6d9a646d64de06bbdaa301170834c57afbe3825c0ea348d2eb7640a7

SHA512
7b3511a633b8e33cc765ea1e88ecf9b7ab5aceb6bc7ddb84efa7430347eb097022f3c0690cf4fb4b6d9d7ece73b77894036fb09ad3b22b092c982d89db7954bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7756c19ba2ec0a049de72841463b632

SHA1
87fed35f4b4604bcb3ef09db56a3afa82eeb1b46

SHA256
e7d01d1da8c93dc16e17168977b440205e365703c466c5f8bfa77996da02d6a2

SHA512
df77515a769bce3b31721cf23cc95529cc80976d9dc0eb24b4d93cc15d12273bd5bdd2ef2a91ad6a20dfb21eb8bed3ad250b8ea3ae5db93527461c5bce37a217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d917b3a062c973398805537d5e511cb

SHA1
8571a17e09f4a191ae282e1a29420bab8c327cd1

SHA256
2f4bfddb3e38fce3da0c5ef2f3baed3be82c7f7e645259802dc6f3f6fff44021

SHA512
b88ec2db3d81905f66bb5d99b2b85cd9c393f0303265ffda9e681451f21fb6502d83bf8974b1ac06cec2e8e37e6e04dc819a53f0a2c4c75e30bd85bcf5d7534f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50a50f38212b6564ac7b5a181ec33c57

SHA1
ada1fdf60b5b7426bf35497723ff0de7b4285208

SHA256
75b52c8a6c373b422bcefa92f93b694cda509680620538827b100c3b7f9b498d

SHA512
af4e5e6f72cd276f493429645449265e9ab8ea65ed085e60781f1af9535182fea7e4f6f58b6534637325cac3da580c840e431e6d2bb446243391b08e3d34f197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ac2d616c7cdb7c2df90a7405b5d2613

SHA1
dff82dc9ad75a8e05287fd1f305204144c0ae490

SHA256
f433057247032ed48d65e2b343e1e0782a62e467ba9e2315632bbbd866fbc031

SHA512
02b472e6e52e49f56e22bb80113e226ddb5907ea04c7b5b4ae1a75464e1b2b80b77a752a0a5fb9f1571fdd319ecd54d280b510ffe60365f97ac07f0ff8311b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a654e846e8741c0b6882f34d626a6cf8

SHA1
b1d33e1ea1ebe4e94ce7674b2c1b359da530928a

SHA256
fec4f94b7b480382124181c37db5c3dd02e8bbf9e6855ce423a4e012c7282ef0

SHA512
45c3a937477887a0c6d6dba25cb3e600020b8d3fb05090c2c1c0eb8ed98bd4b72f17ea76ab83a0b830d9e1719dd0490ce7e8ac495070d4f136e7e7a62de0c222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7e69765009850919d5c9e00b131f18a5

SHA1
f024b4a2ba6d853080dbd0f32385bba5690cfba1

SHA256
ad439f70d53845a9aeb93f577e6dd43c67060be40bd6590f7cd5e20dff49b028

SHA512
94db25d436cd5c07dc2f0e56ba95de05d43db15a9e0807c1a1e22f1d61a57ec36a69a59e3b6a0d997725a6515c3aa5b280a1588481b3124faaf1150c33b3a28b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c679b69baf41db2ede4777e7847e36ac

SHA1
b9f5ce84a2382ef8c02a2fe72aea477d39a4f25a

SHA256
6f7fc59bd8fec58996d33b40c6102961121db7462445ff727874eda9659f382b

SHA512
117c2effbac6894f264d8d91b5c13aa9412a4e9a6c68058a6fc48219d1510fa6960bc32df0d177e34b1c59bccfb16bc402abe5324e10787f7cfe62919b77b6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ccfe78a2115ec919e68903cc88e98f9

SHA1
91b3be8f75d21ad306cd264e13300c9a133627e4

SHA256
7696a55425b01efdd535e7fad46044414cf36568be762e9604dc4e7faca769b1

SHA512
e29f3317b67c31207e56ebb8cf1b25a05645b2895cab1e760fc7dcbd028ac7f3f7e4a7d2326359eef76b8f6752c3721a05b4181e4b73f814ad55abc84eb0d651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
43c1fad502e4dad7dcabf51d90e2826a

SHA1
b04103f98eae65d1cfc99f3346198d8cb417f8b9

SHA256
fa90993ed387d46f144f2db4a8fa663a1bd2ae84ab64ac3fdd80f12e25db6d9a

SHA512
b1e6efea64b5ef0ad10e16622a71967f975be179dbe15c1cd0366b6af612531960d1bc2c1b0257f69bb769bf68379618a72bd8f098d072bb03804c0419b49edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a0a0.TMP

Filesize
538B

MD5
b6ee042f713c07252d393c60feff92c9

SHA1
892846f09ed2ee838ba16ddb215a9c9aaeb6b9ec

SHA256
6c5d9a0fc1c3d4487f44d4b850130756f46b284cf4d92701e07bf76c4b889a51

SHA512
818a00e330d69ee32851adb295cf30dfdc463799e56fb7e84b19d3e3a8292c3050742bb4af363d2e7d6c0ae4b1a908c6e8fe75b4ec2f04f86eb055912614735d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16a62a68b2db2e27f9235c11b164daad

SHA1
e0cdabdf577c7304e4f62729d060318d6f944bd1

SHA256
8aed7acf551e0336d43de8e83563c0513f79248d893f6de938c70fd3df85d532

SHA512
5d13393825ca0f90951de8cc97e58faa21952ab7921bd5dd46ee128d675c327e08177c1367de70baee63b3414a84b7720f9c0235fcf6d9fb6cbaada7fe467d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d449842a51cb68a0b1c521c15805f95

SHA1
390ebf010b65d6454920806e29d8387f1e494e2d

SHA256
29c29624b77b279cf0440d22bb9e5596b7d4d421921e5a395065957006910064

SHA512
fa4445a45bf36d03b5bf4d474c8493f5109198a462cf844c1974771a920c3044119bf78eb9a67d0566ab00872aaaa5a2fe7e792a7a352d87a3d3ae57a750e8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3fec7439b1831b0c62618aaeff0f4a51

SHA1
71de2bd845620e958407b1c7cd7cbf8456784b1a

SHA256
19aabddc1ada78241ad07ca6b64c972dd50ed9ca38d0d81a20fa1ff2ccb19a57

SHA512
c1393fc403a2ac03656e6dd3f73d4a794d08e368a2c9e7c7a36e84ecd8bb196f941725c0b2b139230c94d273ba51434bba13afe8db8c0852a3429e8cf206c084

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
c49d92e3db054d50a38f3051c5d62c1f

SHA1
815f387ec4cbb2dd5d10ff86b6293b15c6bcad65

SHA256
c9ac240e2dc66a587c51f335d26e2ca49f543a571a1bea3aaf7d64274d37ceec

SHA512
51dbc474c7f5354663de6b122b6f8caf678a02b38606c3b4b0499da1be88171ce0f0d28312ea7ec4971c97751538485b45c37164281a1e45367f5536208e8f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\CommandLine.dll

Filesize
68KB

MD5
a68e017222aea5d2ec74111404e908d0

SHA1
b6afde07da7e8d4c92e44424cf69269369bc4815

SHA256
db072dafd56c8e71353ba12ecf5751723c65e56db70b90c57fc979850da7ea2d

SHA512
c8526970c5288dd6b9bd44f8a2a25e8b22565e2cbb5d77e70e866d9ce19e468a879501a8f29dc7bd60e259688d421c879f894510c75934b4b23ca24488f6ef34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\Newtonsoft.Json.dll

Filesize
692KB

MD5
98cbb64f074dc600b23a2ee1a0f46448

SHA1
c5e5ec666eeb51ec15d69d27685fe50148893e34

SHA256
7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

SHA512
eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\OWInstaller.exe

Filesize
298KB

MD5
698245574b5bc050e19cd1b3bee62439

SHA1
d0a48d07f102966f80c01186f70ed1f56f44a6b3

SHA256
971e35ab45daed3b5a837508fd151854db7b5f448785518c9df85f3d298a2c07

SHA512
ca4446593cd5372d1b0fe6b6280a32ac92b8e04c2860d5ce2c4ad41f12c6f72ecf77ef8f59e20b863ef689e0f93dc46701ea012899996777df7d22034187e72c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\OWinstaller.exe.config

Filesize
632B

MD5
82d22e4e19e27e306317513b9bfa70ff

SHA1
ff3c7dd06b7fff9c12b1beaf0ca32517710ac161

SHA256
272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827

SHA512
b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\OverWolf.Client.CommonUtils.dll

Filesize
645KB

MD5
4ede0a9a0c751563ab155934d9662b69

SHA1
10d4e31b6ef865f8ffe9f1e02384b4d9f462ca9a

SHA256
c9d29eb4d36152fa2841d2684c8f1769edcc50af6759712ad591b9a04b3d1622

SHA512
fe83de892d0c1ce8e4188ba6d2edf2b1e234065de3477bc7d09049c36ca011330a2785063a268a7e855cb2f521fda4b1a741f1a0f68e3c5e7b83fd547327e0e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\SharpRaven.dll

Filesize
80KB

MD5
c5d79f6248a8e360e21fb1978032e009

SHA1
64644020bdeaae3a5ef37cf406a6d041ba02470d

SHA256
23d1590ca13f9bc7d6ce53a5cd5087f65d424172716de0809e61207640175275

SHA512
e133802b1e6d759283229349821776ef54efce7d7ee854b31d967ad09b5b54f548e374d6c9cee6f4a215ac6a2e4f6cdbdde17045f6da9b4722f9ff66b414e6f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\System.dll

Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\UserInfo.dll

Filesize
4KB

MD5
9301577ff4d229347fe33259b43ef3b2

SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d

SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot

Filesize
66KB

MD5
6cfad5881181ae658a6efdd68889a690

SHA1
5b54f6ccc20ed3a078fbdf94d7a68ac80002624d

SHA256
c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc

SHA512
ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\images\icon.ico

Filesize
14KB

MD5
9a03fbfd56d8e501797359aac3d72ed1

SHA1
b31e87a87486c00f9266559707e2cae4831f9d44

SHA256
81c69b545c347e1708603fb912511d8eddf755cb27f37fdc6a6fd959c6cfb94e

SHA512
29eb96fe4bdded257f3330672b1f9f2086c28e1e863a093a6fb750b6e59210b47b5ed481e3828442f38c5c6d63ef37709716af1e3913afdf37bf8e574f976fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\index.html

Filesize
20KB

MD5
6d8c9edde0ce101ce0abd73be45c684a

SHA1
ce6d94d2d1a7f4761438781affd3aa991018e4f5

SHA256
f15c54f4ac4f55bcfa281b668220eb144e63b9de2292e970095a4dc566209682

SHA512
06f35ece48e4e19174da18ecc5dcac3a7e4d7ffbb102c4859221c7c569027ca72e40c9ed945872bf4396bc02ced7ae46655c88e3ec40d0a2f2e3bd0fcec80203

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\app.js

Filesize
21KB

MD5
f718bd3f18dd499612623852cd2a2135

SHA1
9432b7898f655fbbd8132f4b3f8822959ae3ff97

SHA256
a14fcaf11a16ad7d904960538ca35d5b05e1c1b6a916f228db6b319c6195acbb

SHA512
90a697f93f239e8210ad47b6f012d3b40ea9c23a92ab909434d0e2d71bc3d9663d1aa73c64646e3dbf417f9636d1190b3d0cf20d349456dee6b6b8d5536d0338

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\block_inputs.js

Filesize
789B

MD5
b5b52c92b90f4283a761cb8a40860c75

SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2

SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\libs\cmp.bundle.js

Filesize
324KB

MD5
1de143ca1babd3c02744f478c8c05c5f

SHA1
ac918b3d2d5f9cbd9e3b3f5e075ce3c96eec16b3

SHA256
7fbc3a088ec303143109e0c1b2c04f4c5a6e450a2d6f3071fefb66e92f643ea0

SHA512
6e419e11f35a3258124127970961907ed8fe0619f618a4c15542ee7f8a01a9f4a7af4d290b634444d21b823ca1afea65f97d5788fff6665d55c2231214edff24

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\libs\jquery-1.10.2.min.js

Filesize
90KB

MD5
44e3f0db3e4ab6fedc5758c05cf27591

SHA1
2d408aa1d35661019c95adcc60b78c0727ed25b4

SHA256
bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144

SHA512
4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\models\notifications.js

Filesize
5KB

MD5
85afdf9897bb1236eff3afa40d15ece6

SHA1
4362bdd139458eaf4a2dcb34294b43e2d53f4a26

SHA256
9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32

SHA512
4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\utils\analytics.js

Filesize
4KB

MD5
525281e9959af4c1c0d11b9243c798a1

SHA1
237a84c5b57bd132f48446d718b20640cb28c263

SHA256
c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d

SHA512
fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\utils\commands.js

Filesize
12KB

MD5
65015f2e2e490f6786abc0560e33e1d0

SHA1
47b5c2b3b1f9381e4d2b9d1f3d82ba62828ce28e

SHA256
e874c959c7b8e4351d730d263231df7176b5062580a7d3e0a2684001b510f5d7

SHA512
a4ad579acfa6000fd8074893a6b45df74558c57afd5b957217491784fa25df370c59d9f92ff245abbdf3d26b42114cc22359ef95c4baa322e326c7e210f43edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\utils\cookies.js

Filesize
1KB

MD5
6c60e675f8c8c68c0174b644d3a63a2a

SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb

SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287

SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\utils\modal-events-delegate.js

Filesize
1KB

MD5
117e4fdbdb0ecf211c8bd909efd337d1

SHA1
9f8684d856b7c95bdffb139217dfd89f41373187

SHA256
267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857

SHA512
f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\utils\strings-loader.js

Filesize
5KB

MD5
9c94eb933d8a43dd3825e67a7e30c980

SHA1
7ec7b16af6f399219209ba5967d377040486a11b

SHA256
96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf

SHA512
a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\utils\utils.js

Filesize
118B

MD5
a0952ebeab701c05c75710c33d725e7e

SHA1
1da8a2e889f1213d481ae3cd5571670c01e64adc

SHA256
b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246

SHA512
5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\cri\cri-controller.js

Filesize
3KB

MD5
4e4b4a9e2d86ae3c108105078db6d730

SHA1
826946be793c999316af6c1db10523950b18ea2c

SHA256
cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7

SHA512
1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\cri\template.js

Filesize
1KB

MD5
76c1ef0cb437db144c2bed53a5a8a5d7

SHA1
aaab8fff649f8e46d1e9510018118ee9abe01498

SHA256
505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e

SHA512
822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Filesize
1KB

MD5
eb6d6bd7e05d4477e2704dd87b57ca35

SHA1
f42672ec1e23a3f4bcc2952746d87ba8deff44be

SHA256
5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5

SHA512
1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\finish-with-recommended-app\template.js

Filesize
681B

MD5
d1cb34b57cef7e28b9286454b197b712

SHA1
f3a964b319bab82d4eda07e126bbfd6dec35c349

SHA256
b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42

SHA512
3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\finish\finish-controller.js

Filesize
1KB

MD5
138240ea22084428e9e25583e9156568

SHA1
e8bef7eab5b6e7040b996ec9504436e073444bd9

SHA256
4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec

SHA512
e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\finish\template.js

Filesize
1KB

MD5
f092de7ea66d8e920b345f38537fa35d

SHA1
82d107a409f18878307ae0cefe24074db64937c4

SHA256
b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f

SHA512
14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\main\main-controller.js

Filesize
11KB

MD5
15b665a5c915004e1aa7e9e11a710f7e

SHA1
7821924e42bb19d60c572ff80bbaaa04d7aaeefb

SHA256
84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653

SHA512
dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\main\template.js

Filesize
3KB

MD5
a118c7724c208f12083240cafccfd10b

SHA1
f89c676a215b869626737862a08c9eb07d440211

SHA256
63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc

SHA512
9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\modal\modal-controller.js

Filesize
2KB

MD5
b04bdfd1c7d09bdbdb94a2455fdd677b

SHA1
f000ba4866ff16d75bfd6cf446763498e19b12b1

SHA256
4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1

SHA512
3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\privacy\privacy-controller.js

Filesize
2KB

MD5
15bbec339f5046f525e3aa96d36c30ec

SHA1
f73d40bf06584737fe327f1eec6f4b0446545226

SHA256
14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3

SHA512
2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\privacy\template.js

Filesize
655B

MD5
cf8d2c26520d7c84e560dfa79e31dcd3

SHA1
716f2ec17480d5cc9c145bc147833fbfc39d36f0

SHA256
95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8

SHA512
d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\progress\progress-1-controller.js

Filesize
1KB

MD5
82f0b997ed552c52a510a9f2ab29dc3a

SHA1
92aec3a656053c71eccdde610130f5d8008fa96f

SHA256
838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105

SHA512
ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\progress\template.js

Filesize
242B

MD5
92b145e6649ba0add3dee9a69d3fa91e

SHA1
4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d

SHA256
a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab

SHA512
747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\settings\settings-controller.js

Filesize
6KB

MD5
378c18dd7d5cee6ca7c4ddd0396b535b

SHA1
d5f81d4fab29201fd1629dc4d8e6f918c0c30479

SHA256
b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35

SHA512
c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\settings\template.js

Filesize
4KB

MD5
28513de0830383a516028e4a6e7585a0

SHA1
d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5

SHA256
8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f

SHA512
0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\welcome\template.js

Filesize
1KB

MD5
17f54fca6723b983875d940d931e0afb

SHA1
01774cd5cea36bd74c80a708d6f77567e8091024

SHA256
42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb

SHA512
401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\js\windows\welcome\welcome-controller.js

Filesize
2KB

MD5
50f676754862a2ab47a582dd4d79ecf3

SHA1
1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158

SHA256
6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b

SHA512
ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\app\manifest.json

Filesize
691B

MD5
f87acaf6a7b29b4b53efe207fe416d61

SHA1
1ecff6c32cde13b1f98c08b6db0b6a51eefe1092

SHA256
b05c3a93afae91439d7d43d05c71a058339afd4914f0a77739a097e015e7f23d

SHA512
a9d3b5b2d9c53ad1fd1be006efbd374d57cda4f506fda92abf6e5cde9f6754515fbdd4d7b129b60a695a6623d78b28b928ac85b7da05268714a5e6c5b1190151

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\log4net.dll

Filesize
270KB

MD5
f15c8a9e2876568b3910189b2d493706

SHA1
32634db97e7c1705286cb1ac5ce20bc4e0ec17af

SHA256
ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309

SHA512
805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\uac.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuEA61.tmp\utils.dll

Filesize
55KB

MD5
aad3f2ecc74ddf65e84dcb62cf6a77cd

SHA1
1e153e0f4d7258cae75847dba32d0321864cf089

SHA256
1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

SHA512
8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 381328.crdownload

Filesize
22.2MB

MD5
798950f894a3969b0d69fe6d5ccacd02

SHA1
a082e7f97af48655fcf48e6dc387c1bf2f99fa65

SHA256
75f0ba20b4f2e94ef1a6a646649a60cf11143c7ed6ef3d895734e32df72cd663

SHA512
38dda84b5635f417cb21777d5430bef24cd3fc7d1cccf30c5685587b267380b0a8bb256ae61d0c3c07b02034940f5244ddf9f7c92565690dcd986ecf7a442fff

Download Submit
memory/3912-214-0x000001BB243F0000-0x000001BB24400000-memory.dmp

Filesize
64KB

Download
memory/3912-180-0x000001BB0BA10000-0x000001BB0BA28000-memory.dmp

Filesize
96KB

Download
memory/3912-176-0x000001BB24310000-0x000001BB24356000-memory.dmp

Filesize
280KB

Download
memory/3912-191-0x000001BB245B0000-0x000001BB24660000-memory.dmp

Filesize
704KB

Download
memory/3912-174-0x000001BB243F0000-0x000001BB24400000-memory.dmp

Filesize
64KB

Download
memory/3912-173-0x000001BB24740000-0x000001BB24C68000-memory.dmp

Filesize
5.2MB

Download
memory/3912-172-0x00007FF990060000-0x00007FF990B22000-memory.dmp

Filesize
10.8MB

Download
memory/3912-169-0x000001BB0B880000-0x000001BB0B894000-memory.dmp

Filesize
80KB

Download
memory/3912-167-0x000001BB0B940000-0x000001BB0B9E4000-memory.dmp

Filesize
656KB

Download
memory/3912-209-0x000001BB24540000-0x000001BB24562000-memory.dmp

Filesize
136KB

Download
memory/3912-163-0x000001BB09C50000-0x000001BB09C9C000-memory.dmp

Filesize
304KB

Download
memory/3912-215-0x000001BB243F0000-0x000001BB24400000-memory.dmp

Filesize
64KB

Download
memory/3912-278-0x00007FF990060000-0x00007FF990B22000-memory.dmp

Filesize
10.8MB

Download
memory/3912-276-0x000001C3272A0000-0x000001C327A46000-memory.dmp

Filesize
7.6MB

Download