egregor | b720aa9c58b19eec96664d807ffeef3518655dea880cdc71bbb6b037e1da7c2d

Analysis

max time kernel
429s
max time network
437s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

entry_1_0/installer.exe
Size

162.5MB
MD5

28cbc2fad63f2102520cce77f889a5d4
SHA1

0cd0972e886c0cd24b29935d76d047e89c3fa15f
SHA256

dcb1ffc5c1f1a67d1d6b4e9cad95e629cabd2533da2882eeebdef10f1692e3d0
SHA512

f5b3979d5c4d7bddb6ac2655b22397e6a1c8661aae8eb1dafa3606da9ea1c7aeb5eb3488f2cabff7b2bea511f7b087664436521a1611aceb76c7cf87bbbbf1a0
SSDEEP

3145728:bUjOi1gUrJsaeyFtANw5MPCbhDGUM5TYYNB0Ho9pAGT6UdHC6u6O:YjOWrJsadrAN8ysO5TRMo9pAGTHHlO

Score

10^/10

egregor discovery ransomware

Malware Config

Signatures

Detected Egregor ransomware 1 IoCs

resource	yara_rule
behavioral2/files/0x00070000000234d1-625.dat	family_egregor

Egregor Ransomware
Variant of the Sekhmet ransomware first seen in September 2020.
ransomware egregor

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Guardian Browser.exe

Executes dropped EXE 24 IoCs

pid	Process
1460	Guardian Browser.exe
2952	Guardian Browser.exe
4720	Guardian Browser.exe
4736	Guardian Browser.exe
444	Guardian Browser.exe
3624	Guardian Browser.exe
1584	Guardian Browser.exe
116	Guardian Browser.exe
2728	Guardian Browser.exe
5104	Guardian Browser.exe
1640	Guardian Browser.exe
4048	Guardian Browser.exe
3056	guardian-browser-x64.exe
3028	old-uninstaller.exe
2748	Guardian Browser.exe
4640	Guardian Browser.exe
1220	Guardian Browser.exe
4204	Guardian Browser.exe
4324	Guardian Browser.exe
5004	Guardian Browser.exe
3900	Guardian Browser.exe
3940	Guardian Browser.exe
364	Guardian Browser.exe
1852	Guardian Browser.exe

Loads dropped DLL 51 IoCs

pid	Process
1028	installer.exe
1028	installer.exe
1028	installer.exe
1028	installer.exe
1028	installer.exe
1028	installer.exe
1028	installer.exe
1460	Guardian Browser.exe
2952	Guardian Browser.exe
4720	Guardian Browser.exe
4736	Guardian Browser.exe
444	Guardian Browser.exe
3624	Guardian Browser.exe
1584	Guardian Browser.exe
116	Guardian Browser.exe
444	Guardian Browser.exe
444	Guardian Browser.exe
444	Guardian Browser.exe
444	Guardian Browser.exe
2728	Guardian Browser.exe
4720	Guardian Browser.exe
5104	Guardian Browser.exe
1640	Guardian Browser.exe
4048	Guardian Browser.exe
4048	Guardian Browser.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3028	old-uninstaller.exe
3028	old-uninstaller.exe
3028	old-uninstaller.exe
3056	guardian-browser-x64.exe
2748	Guardian Browser.exe
4640	Guardian Browser.exe
1220	Guardian Browser.exe
4204	Guardian Browser.exe
4324	Guardian Browser.exe
5004	Guardian Browser.exe
4324	Guardian Browser.exe
4324	Guardian Browser.exe
4324	Guardian Browser.exe
4324	Guardian Browser.exe
3900	Guardian Browser.exe
3940	Guardian Browser.exe
1220	Guardian Browser.exe
1852	Guardian Browser.exe
364	Guardian Browser.exe

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 64 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
42	icanhazip.com
458	icanhazip.com
542	icanhazip.com
360	icanhazip.com
398	icanhazip.com
470	icanhazip.com
510	icanhazip.com
525	icanhazip.com
554	icanhazip.com
574	icanhazip.com
329	icanhazip.com
467	icanhazip.com
528	icanhazip.com
557	icanhazip.com
60	icanhazip.com
83	icanhazip.com
110	icanhazip.com
170	icanhazip.com
254	icanhazip.com
375	icanhazip.com
461	icanhazip.com
311	icanhazip.com
54	icanhazip.com
202	icanhazip.com
326	icanhazip.com
385	icanhazip.com
522	icanhazip.com
69	icanhazip.com
196	icanhazip.com
300	icanhazip.com
401	icanhazip.com
413	icanhazip.com
433	icanhazip.com
519	icanhazip.com
346	icanhazip.com
369	icanhazip.com
134	api.ipify.org
152	icanhazip.com
297	icanhazip.com
332	icanhazip.com
207	api.ipify.org
317	icanhazip.com
320	icanhazip.com
93	api.ipify.org
238	icanhazip.com
282	icanhazip.com
560	icanhazip.com
567	icanhazip.com
142	icanhazip.com
210	icanhazip.com
272	icanhazip.com
232	icanhazip.com
323	icanhazip.com
149	icanhazip.com
214	icanhazip.com
248	icanhazip.com
251	icanhazip.com
304	icanhazip.com
363	icanhazip.com
392	api.ipify.org
410	icanhazip.com
424	icanhazip.com
436	icanhazip.com
102	icanhazip.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	pnputil.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1244	timeout.exe

Enumerates processes with tasklist 1 TTPs 5 IoCs

Process Discovery

T1057

pid	Process
2540	tasklist.exe
3992	tasklist.exe
1948	tasklist.exe
1744	tasklist.exe
2036	tasklist.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
232	taskkill.exe
3308	taskkill.exe

Modifies registry class 14 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\ = "URL:proctorU"	Guardian Browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\shell	Guardian Browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\shell\open\command	Guardian Browser.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{A4D271F7-83DA-4F2C-B01D-C8520221E941}	Guardian Browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU	Guardian Browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\URL Protocol	Guardian Browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\guardian-browser\\Guardian Browser.exe\" \"%1\""	Guardian Browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\URL Protocol	Guardian Browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\shell\open\command	Guardian Browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\guardian-browser\\Guardian Browser.exe\" \"%1\""	Guardian Browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU	Guardian Browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\shell\open	Guardian Browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\proctorU\ = "URL:proctorU"	Guardian Browser.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{11EC0959-9191-44FE-904A-0BA7F84FAF45}	Guardian Browser.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1028	installer.exe
1028	installer.exe
2540	tasklist.exe
2540	tasklist.exe
4736	Guardian Browser.exe
4736	Guardian Browser.exe
4736	Guardian Browser.exe
4736	Guardian Browser.exe
4048	Guardian Browser.exe
4048	Guardian Browser.exe
3056	guardian-browser-x64.exe
3056	guardian-browser-x64.exe
3992	tasklist.exe
3992	tasklist.exe
232	taskkill.exe
232	taskkill.exe
1948	tasklist.exe
1948	tasklist.exe
3308	taskkill.exe
3308	taskkill.exe
1744	tasklist.exe
1744	tasklist.exe
3028	old-uninstaller.exe
3028	old-uninstaller.exe
2036	tasklist.exe
2036	tasklist.exe
4204	Guardian Browser.exe
4204	Guardian Browser.exe
4204	Guardian Browser.exe
4204	Guardian Browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2540	tasklist.exe
Token: SeSecurityPrivilege	1028	installer.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe
Token: SeShutdownPrivilege	1460	Guardian Browser.exe
Token: SeCreatePagefilePrivilege	1460	Guardian Browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2036	1028	installer.exe	85
PID 1028 wrote to memory of 2036	1028	installer.exe	85
PID 1028 wrote to memory of 2036	1028	installer.exe	85
PID 2036 wrote to memory of 2540	2036	cmd.exe	87
PID 2036 wrote to memory of 2540	2036	cmd.exe	87
PID 2036 wrote to memory of 2540	2036	cmd.exe	87
PID 2036 wrote to memory of 2024	2036	cmd.exe	88
PID 2036 wrote to memory of 2024	2036	cmd.exe	88
PID 2036 wrote to memory of 2024	2036	cmd.exe	88
PID 1460 wrote to memory of 3396	1460	Guardian Browser.exe	99
PID 1460 wrote to memory of 3396	1460	Guardian Browser.exe	99
PID 3396 wrote to memory of 2520	3396	cmd.exe	101
PID 3396 wrote to memory of 2520	3396	cmd.exe	101
PID 1460 wrote to memory of 2952	1460	Guardian Browser.exe	102
PID 1460 wrote to memory of 2952	1460	Guardian Browser.exe	102
PID 1460 wrote to memory of 4720	1460	Guardian Browser.exe	103
PID 1460 wrote to memory of 4720	1460	Guardian Browser.exe	103
PID 1460 wrote to memory of 4736	1460	Guardian Browser.exe	104
PID 1460 wrote to memory of 4736	1460	Guardian Browser.exe	104
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 444	1460	Guardian Browser.exe	105
PID 1460 wrote to memory of 3624	1460	Guardian Browser.exe	106
PID 1460 wrote to memory of 3624	1460	Guardian Browser.exe	106
PID 1460 wrote to memory of 1584	1460	Guardian Browser.exe	107
PID 1460 wrote to memory of 1584	1460	Guardian Browser.exe	107
PID 1460 wrote to memory of 116	1460	Guardian Browser.exe	108
PID 1460 wrote to memory of 116	1460	Guardian Browser.exe	108
PID 1460 wrote to memory of 2728	1460	Guardian Browser.exe	109
PID 1460 wrote to memory of 2728	1460	Guardian Browser.exe	109
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110
PID 1460 wrote to memory of 5104	1460	Guardian Browser.exe	110

C:\Users\Admin\AppData\Local\Temp\entry_1_0\installer.exe
"C:\Users\Admin\AppData\Local\Temp\entry_1_0\installer.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Guardian Browser.exe" | %SYSTEMROOT%\System32\find.exe "Guardian Browser.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Guardian Browser.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2540
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Guardian Browser.exe"
    3⤵
    PID:2024

C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
"C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3396
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:2520
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Guardian Browser" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Guardian Browser\Crashpad" --url=https://f.a.k/e "--annotation=_productName=Guardian Browser" --annotation=_version=1.3.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=26.1.0 --initial-client-data=0x490,0x494,0x498,0x488,0x49c,0x7ff72b461ef8,0x7ff72b461f08,0x7ff72b461f18
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2952
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1688 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4720
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:5096
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    PID:4692
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:60
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:2472
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:2800
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4692
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:1840
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    PID:232
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:1932
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4124
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    PID:4692
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4804
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:1720
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:3064
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:1740
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:5020
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4940
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:2016
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:996
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:1244
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:528
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4404
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:3564
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:5024
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:3152
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:2600
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:3320
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:3196
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    PID:4648
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4744
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:2400
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:3600
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1740 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:444
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2240 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3624
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\guardian-browser\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2488 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1584
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\guardian-browser\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2700 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:116
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\guardian-browser\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3496 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2728
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3660 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5104
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3636 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1640
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3400 --field-trial-handle=1692,i,13965374281222228591,3827834471588551855,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Users\Admin\AppData\Local\guardian-browser-updater\pending\guardian-browser-x64.exe
  C:\Users\Admin\AppData\Local\guardian-browser-updater\pending\guardian-browser-x64.exe --updated /S --force-run
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Guardian Browser.exe" | %SYSTEMROOT%\System32\find.exe "Guardian Browser.exe"
    3⤵
    PID:4632
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Guardian Browser.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      PID:3992
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "Guardian Browser.exe"
      4⤵
      PID:2472
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c taskkill /im "Guardian Browser.exe" /fi "PID ne 3056" /fi "USERNAME eq %USERNAME%"
    3⤵
    PID:2884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im "Guardian Browser.exe" /fi "PID ne 3056" /fi "USERNAME eq Admin"
      4⤵
      Kills process with taskkill
      Suspicious behavior: EnumeratesProcesses
      PID:232
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Guardian Browser.exe" | %SYSTEMROOT%\System32\find.exe "Guardian Browser.exe"
    3⤵
    PID:1496
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Guardian Browser.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      PID:1948
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "Guardian Browser.exe"
      4⤵
      PID:4236
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c taskkill /f /im "Guardian Browser.exe" /fi "PID ne 3056" /fi "USERNAME eq %USERNAME%"
    3⤵
    PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im "Guardian Browser.exe" /fi "PID ne 3056" /fi "USERNAME eq Admin"
      4⤵
      Kills process with taskkill
      Suspicious behavior: EnumeratesProcesses
      PID:3308
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Guardian Browser.exe" | %SYSTEMROOT%\System32\find.exe "Guardian Browser.exe"
    3⤵
    PID:1932
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Guardian Browser.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      PID:1744
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "Guardian Browser.exe"
      4⤵
      PID:184
- - C:\Users\Admin\AppData\Local\Temp\nsw993B.tmp\old-uninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsw993B.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\guardian-browser
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3028
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Guardian Browser.exe" | %SYSTEMROOT%\System32\find.exe "Guardian Browser.exe"
      4⤵
      PID:4640
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Guardian Browser.exe"
        5⤵
        Enumerates processes with tasklist
        Suspicious behavior: EnumeratesProcesses
        
        PID:2036
    - - C:\Windows\SysWOW64\find.exe
        
        C:\Windows\System32\find.exe "Guardian Browser.exe"
        5⤵
        
        PID:4276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "timeout 3 & rd "C:\Users\Admin\AppData\Roaming\Guardian Browser" /s /q"
  2⤵
  PID:4300
- - C:\Windows\system32\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:1244

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4c0
1⤵
PID:5048

C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
"C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --updated
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  PID:2932
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:1720
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Guardian Browser" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Guardian Browser\Crashpad" --url=https://f.a.k/e "--annotation=_productName=Guardian Browser" --annotation=_version=1.6.2 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=26.1.0 --initial-client-data=0x4a0,0x4a4,0x4a8,0x49c,0x4ac,0x7ff6ce381ef8,0x7ff6ce381f08,0x7ff6ce381f18
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4640
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1700 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1220
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:60
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:1124
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    PID:5100
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    PID:2580
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4644
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:4420
- - C:\Windows\system32\pnputil.exe
    pnputil.exe /enum-devices /connected /class Bluetooth
    3⤵
    - Checks SCSI registry key(s)
    PID:220
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1680 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1784 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4324
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2224 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5004
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\guardian-browser\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2500 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3900
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\guardian-browser\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2696 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3940
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3552 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:364
- C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\guardian-browser\Guardian Browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Guardian Browser" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3676 --field-trial-handle=1704,i,133309808007579965,4461556537145457244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\guardian-browser\Uninstall Guardian Browser.exe

Filesize
163KB

MD5
fd09d9963c9f8a9d8b0a2afe15582198

SHA1
df293f250cbb1380b3604f95db69f694cf767c9f

SHA256
b723fcc97e54e919c7890ad7f7f00acfeec021c958511035156e55101a5169c4

SHA512
6668096f6bcbdcfacaf6582339f55ca36ef17d2970aa4721e99c697a5d0cdc723474cb4a970279940bc60cc8c99f2e9bc9dd61fb81ff3c3f16fb053b07730ba6

Download Submit
C:\Users\Admin\AppData\Local\Programs\guardian-browser\chrome_100_percent.pak

Filesize
132KB

MD5
e4cbb48c438622a4298c7bdd75cc04f6

SHA1
6f756d31ef95fd745ba0e9c22aadb506f3a78471

SHA256
24d92bbeb63d06b01010fe230c1e3a31e667a159be7e570a8efe68f83ed9ad40

SHA512
8d3ea1b5ca74c20a336eaa29630fd76ecd32f5a56bb66e8cef2bce0fa19024ea917562fd31365081f7027dde9c8464742b833d08c8f41fdddc5bd1a74b9bc766

Download Submit
C:\Users\Admin\AppData\Local\Temp\3857b328-f290-437b-b9ed-433cb707f3c8.tmp.node

Filesize
702KB

MD5
518ce124b8b0a9b4572fee6c63d11884

SHA1
52e25f11fc6c105ba36aa0ddae261df51aea3b06

SHA256
2593a01e30d074426e44be366c1cca03b18f67eda0db950ee302b842f5c3f446

SHA512
f27a9344a3af8aa26a066b99ff69a3e1367afbac29f5ae7438be418b972770c2d9099be39bd9a4cab571813408dbfe0a15db884432b25c2a0215c8a9c244ecc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\LICENSES.chromium.html

Filesize
8.4MB

MD5
e400cd908b8fb7c13985e2f5cc7a7044

SHA1
bbafebdf5b067a7d7da130025851eaa52ec3c9d7

SHA256
ee3b1ab8794c749673ce9bd2dd302f12d69f0a1a4adfe40a64247746cc311829

SHA512
e7ca440f0e042d7fcfa99367426bf19899a2b227c6d7b6e2c25d4f1a40113250f21ebeaaf91067d8569dfbad1415d4fe3e5626d7254722f2778497fcb22e5d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\assets\connection-error.svg

Filesize
88KB

MD5
ae59b69edc7f5b498c3a53bf2e9dba9b

SHA1
b12e6aee70faf478c072fe3e97019067fe14caac

SHA256
c5df0abe4df58b09a43a91faee81be887711db225c5142957479e96ea664458e

SHA512
21019efc700338b00cbf525e0b30c38fddb0cd79b73bd14c8fe7ec13d9aad14620c9c38cab835896a1f7c661a8a9dc1591acc65d47f5971e492e0e374fe5700e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\chrome_200_percent.pak

Filesize
191KB

MD5
99b95d59d6817b46e9572e3354c97317

SHA1
6809db4ca8e10edd316261a3490d5fc657372c12

SHA256
55d873a9f3ac69bbf6eb6940443df8331ebd7aa57138681d615f3b89902447e7

SHA512
3071cfeb74d5058c4b7c01bfe3c6717d9bb426f3354c4d8a35bd3e16e15cde2f2c48238cb6382b0703b1cc257d87fcecfb84fbf4f597f58e64463ceede4366dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
15c3cc618663ad92e772556bf7d1558d

SHA1
49beb2598fbaf01f62fd91c9e7e90dd6583d0175

SHA256
c47a8ccae037883173e0c3c2c3face8d4d5394f7c4492449e9bcfce6d09f5d6e

SHA512
971559d0b0a01123b2ba7816ca6f7e18c78d34a4a019ddc65cc37c9975c5bc632016ca7298d6a2fb2cedaf1d5aca41e4fabc076eab5ad8c834515249373a468f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
62880b7d351a9f547b62b8da6c97ce25

SHA1
057f11003013cfb3f1c63e6bdd4f2f9949ff0104

SHA256
7c40c811d30d459dbf04a04c141b60eb4247cd58a008fb836605317df665748f

SHA512
0d6f83175a91d90f4cc3ec4d9071b7acd0cd8ebbcc592322e46fde2adb7198e035af62c45a11a622f2a908e26d4dd8b8d1af023e634a74d0824d02c791ba3c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\libEGL.dll

Filesize
469KB

MD5
8a5340cb6f4b3f2b994805377e55064a

SHA1
3467c3ee0f43e7f96067a4214b4a779047b513c8

SHA256
82d58ee19e2e9e4dbd1538b86826764127bd9c803786e3b0dd7ed8a20db52516

SHA512
3ba4804fb812e0ef002ed28bc427e9ba9d72d2ef1061c1f740be74f2d14292e40cc0f458cf996e682da9fbf506158cb1771a2b8520f29de08f0fa37762e22008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\libGLESv2.dll

Filesize
7.1MB

MD5
7ef231a60b94dc67d845879e53253a9d

SHA1
6d8d60149e27ef0e2868cc516a2b92bca3aecf28

SHA256
75c0f506a6dbe0a69baace580625974558f794258dc55d957f1f0ffe48cf7479

SHA512
7e9d8639221b9049c36723df0098bbfafdd1b4f4b046ee74c24586fc290d2ac0b25152ef857a6bf2619a40e6791abdd62c46e36f5be5326b115c414aef14681a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\af.pak

Filesize
425KB

MD5
2cad5db5ea641da992fd53a7b1a3a323

SHA1
d378fb0efb1d3872730e6e6754c15dec85715337

SHA256
d92ea687eb37eb017082aafee4860d3ee703c7d31800dd36f9d3d5ceb4f86865

SHA512
d301ff718cefc54d51fb815faa0adf833231e01db7ecd9cc92119820fa853bac224022e4851257205fb6e861e5ec28ddb9e4b2001afb479757a022f4a5e67aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\am.pak

Filesize
693KB

MD5
5f442ca412b334854dd7a852973fce70

SHA1
a6859cb627fc6ed68f0a48694982f7e6b6877832

SHA256
ecdc38f8e18b0fb46ad100356311a7b1f8ff7b10060f1c2b0bb2945d5bfe7492

SHA512
4d7c528c7ffc9edba5d544efda4a077e7f6a97a42b014c90f793b9c7e28e10921316b9948d0f2f82f383c16b33bac22be1b945ea12b1083838b99e27c66c5ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ar.pak

Filesize
757KB

MD5
f78877d596c1a71cba1878242827db85

SHA1
64b1c4501af798f55af262e6cce803e58009556d

SHA256
efdc75d31b9cddb08ba85f326c105235b4e1cc9406d4c08f96f1b6ab97946ca9

SHA512
860beb924db56ae3d71d9ad74d6d6e97202035d102e68f6c67a5a53bddaf59b5f29657400fdf516387217eafb5655429b076e19b2e9f17134ab570592edda776

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\bg.pak

Filesize
787KB

MD5
10864a2c117e476957362c9532392d48

SHA1
edd3a22ead5d1a1742bdc5f03f358164eb43753b

SHA256
712e02b9245efce980ead070c1b3b92bbaebe942121f68c06743d6f5fdab6e7c

SHA512
5a5499a0ec50ab0bf30da24d11ec4aa590c774faea7880ae9f01b521340e53afd79940e05673c162566d87ecbcb15a150be105ab96e9557d2480f5999d814733

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\bn.pak

Filesize
1018KB

MD5
1b945050e4c512db5945a8257281cddc

SHA1
3274588831f1bafc26ceecc4c280b1fd4f5236db

SHA256
09f00d5b2786ff632d29cfc9cfe2d9bc81bf66442015d97eb721e2a2f331101f

SHA512
d0d44af4a82f8e14158c6e5b3aa272f16e9db7a2dfd203105f6e648298d6fff43da08081622ec38e376fba10fe2bf963d93a5bcff9a1893311afebaa3658e7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ca.pak

Filesize
479KB

MD5
099a6f0c07eeca1f3112b484a4cc8fc4

SHA1
b0af44af1fa831b9236c32a6fe65eab1e44549b4

SHA256
62444fc120fa961d2aa793718bb379e028669b24606081f2f92ca8b775b57fc2

SHA512
da2ae6dc569eda694974bdad4cffd1c0785df07c284880894d1b54145777df2726eaf7b7d014092b238c4ea1642507e62f29ce744b0e31c87906a03d928c0b67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\cs.pak

Filesize
493KB

MD5
8d211383002983edf082d8b8b711ee20

SHA1
8f0bbf9980cf7c74d716eae500d580aca0de8cac

SHA256
920de03fbb806be81cc3533ce1a2c47086c45fabf4a68368fa239a740753b660

SHA512
505d125207261d7a220cf0727fe7c4a9c1154d94e67dbc56684e588c659bace7415c0cc05b855cce7cd0777e36f910d909bf7222b06116f884452c6bc88a01a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\da.pak

Filesize
446KB

MD5
a3018946498850cbc53f0695cba18cd1

SHA1
0d72682e5710452251d7bbe05cc94b15505efcdb

SHA256
73f42be213e546b137e453e395a1898295f0d9a2adadb42742a7d65654afccfb

SHA512
55a3a6d02e6bd59ea5922a3ab6da982953ef36bed759859ed9ec7e6722f873e4ea282b7ebb7505bcf12387c2f817379e24801f18172af97da1b1cdc0371ec5cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\de.pak

Filesize
476KB

MD5
2be04da2bc064074db828194e2ffca6c

SHA1
5c91e6f4db417d889077eb3ea5c7666231216a16

SHA256
722fb8daaff00dd72120f36873373e950f9870ad409e5fb52735cc1fe762bf0e

SHA512
5b246febadd828c619c144f330529c317258894c64ab1e0e11eb35d4142ad22a1a08680b73ec11bc7a3e09db63190ccb06502383569a330ae8f4f62980e3c115

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\el.pak

Filesize
864KB

MD5
7345a82a438aa762404138a5db51bda3

SHA1
9d90cdfb56169ac146bb7484ef2efec8d11e3104

SHA256
13bb17c673bc45195663f1a4f20172d6dd9d789f0e07600fa4e2f5d304e6c0f7

SHA512
d19517fbdd330af1c950508eadc3af91a8abcfa835fe18ff96ec7964d21254f21cdd3eda4673caa81162acc0a32b13c8c60212a92b9e51764a135e9436f40631

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\en-GB.pak

Filesize
388KB

MD5
89a238cb2ae63d6ce1a9db2ba4a8aa52

SHA1
7fe5c3f236d03e1aaf536fdd080022e5563441f2

SHA256
df3b00fea2883d6e82ebf9180f78daf0589f05d62c1c1de4c05072e05793ceb7

SHA512
684944a83fe8c9e3d49f3cf011900ba2c2ba4962104bcc8050cf625061f280ae7acbe1771a951edd236512a025402c0c31ed9564b6530d50b28a9570412c7321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\en-US.pak

Filesize
391KB

MD5
7d44956c8b87bbc66fa3cc4877b8575c

SHA1
1bda88bac8f372cb854b42d4c34c3e13fc819184

SHA256
b17f0513da0133b71e6f3f6b1c519c7faafcde3cf03742091b394156cc668014

SHA512
376df4f5f33941701021b75e5c089a947c6e2021d0bfa785f81dd0e1be323d22e72e31c65500b52f32624f974b7643300d2b0b385a25fa6081c7bee1139de0c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\en\translation.json

Filesize
9KB

MD5
27028251571124bb5c91a8b80e1bd884

SHA1
6f343ea5624c286f69c86ad4a45d192b4cd69f7c

SHA256
fcdd878a7541e46c9f019b2c6f6485d290efaf729b24674d7f2677aa38411611

SHA512
3e0e2bb2ea273256620ccbb7f64c8d4f3aa1ff1c71d31ff29ec38c878841e77985e54ff9cafa67d298584694028a05daf0fde7d6a8d753216b38b609faeaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\es-419.pak

Filesize
473KB

MD5
c440104556d6904f5e08e128da3b34a0

SHA1
c0fb37e5ea17d4162297996c62173c3bbd8e11c6

SHA256
a247f2020b3eabd4980a0d9f155162b8b647cf692a10fa6aee53e1334cbeac84

SHA512
a989c15a0a0fe2477a3d4802de4bceb8416e24d0787b81b96941d83eac91749ed47a2feb4c5edfb8a6f29f80499cbfd408b4e99e87d2640fe3a5698be5d47ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\es.pak

Filesize
473KB

MD5
e20b08182c308456d3e828acda61faff

SHA1
1688d392002f7972b5945e4dc3fa3ed67e6220df

SHA256
71666b2f0790378c2390e35c8e2503c814de34902cc990d7bd513fc0e7e9cd49

SHA512
3e41607dbbf1e7f6a257ad652a64db250db497273b16b14e57f41cb21ae357335453a7ceaacc0ba820af8e034d1682b838fe7789b43421c3ac3fa1ea7228aba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\es\translation.json

Filesize
5KB

MD5
93acc410010888a47ca5c1985873269c

SHA1
d4eeb91eb0dfac4de23e18b3d63397e8a848a780

SHA256
97d9abfb2dc35638436170390b39f1d9ed4c47cb5a9f0f9c8255cc2767752636

SHA512
dd3c33d2170a742acebbc5415b873e3343b73c95336439118dc8871e5a03f724a520518fddd5636197dda4aefd4c2bbad5d160fee44be1a0b5c9ddfedd2593e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\et.pak

Filesize
427KB

MD5
dfbafae98055df9ac82dc57ac012666a

SHA1
32981479c3bc09bc3cf5630a1b9737a295350774

SHA256
3c685d37274dfee7e5607185b9621e2f4a8f12a24f8d37742c2e11416e347544

SHA512
168bd50a4a38c0be06f614545d1212076905e5b745cb9ce894f8938e7d9d9f6cfea691c60e71b0d6bf674270a28133fb4c77ee3370d0d47d7c621bc014c1bf7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\fa.pak

Filesize
703KB

MD5
9d4c64590f6bfaf4364bbda9ff95f113

SHA1
bcef7ab180e70d353a78327abfed3d33a27447fe

SHA256
5992e3d1c6e998509550fb9be3ccb485a31e36b7730277879a96d9d0cb07b598

SHA512
a992052793737768917605d662c68a9329e7876cf9c4127df326e2d24e3609d5750d534f54d3510acdc9cc6a9cb46cf8f4c5a06c74cc8b11fd62eb08142ac310

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\fi.pak

Filesize
438KB

MD5
c1c7456d0618a216012dc4a6e92cef5f

SHA1
f0aa7152f3531cb0bb059ef5de3ed09f91d3ca0c

SHA256
c2e7afbd5f28e3360c0ea2d57664ba54e3f7d187e1fe30907c3b40d96880f82e

SHA512
52361f26eb345d41f93a71b32fcb7be547f99d56210d8eabd70ddebb51c2d69dd903fbef6def3dad8895067b6390de498815fc592677b1010ef849f880b4ae9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\fil.pak

Filesize
495KB

MD5
563fc69f1369d47e363f17ba7ee3bd90

SHA1
855c36edd5cf012cb0e52a1cf93b97b4882a3595

SHA256
af00b57e13f47a9d2a9e0c6232db38c09fd5c33ed3b93a2b09699641438c8a48

SHA512
fe31ba90e581c736f27bf9f97ea8f291005ccadf6094ceb5cc01ab56ea0d6bd0ac0bfc60981021a18e7c3a76a96acc0f61e6fa5aed8bc28ea95bee472851a79c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\fr.pak

Filesize
512KB

MD5
758be81bec00452bb28b1f646a77e62e

SHA1
3c613321fdb3b9eb4f19649a46a75e8f5608c2af

SHA256
62bbfe8ff17d80dec68156256ba3df2c902a2410df8a7dbe9c1e10b6ce6f5501

SHA512
ce60e0a7486b95290a6df37fe5b57ed23709a595c92af12dc3b300e0b73cadc15320e8f5668c1bbd385a505c57a94051754407f0d8d7e189e0fdd9cd7b041ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\fr\translation.json

Filesize
10KB

MD5
3b09052d635d58fbaf19c5b50a70b2ec

SHA1
ffd16ebe3bdcde774bbce7cf7b51ee624aa3a96d

SHA256
3a130a47e15673b956b8a8ce7a21f0800f81df444d416509b22981bf72dc5280

SHA512
1775b17248bac0900ca1b7fa00db77e9e12a83f7d434beb529b9c8e7aae104da4d35aade5392d6b86d63e4325f3375a761d5206a3216e467869a294f0857dce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\gu.pak

Filesize
995KB

MD5
9d7b2d26274d431f29b6f527d7c1272c

SHA1
9e3d28b03216333f11ab314285b3586c38d1b041

SHA256
c7fe8df76e7fae94f3a9754ee28fa098faeaa30388d5a1773ab50cbfc9ed342f

SHA512
13cbbd57dc5ff5f7b921a247b8b1eb055b8f570ba92f377406e16334497f4d01b6bb6277264c24d02fdfab524d5728247250c8f67cc5aff80a257b1c6fc8c59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\he.pak

Filesize
615KB

MD5
cc5971cc17fb0dcc130e78bd8fc3a2d6

SHA1
0824e9a24e4aadd252cd78b97d037c401b698202

SHA256
fd984e6be7bcf4ab9551fe791825c26b12470c1f80ee38c8e5f338fb83be0ff4

SHA512
7a6033474392e796ad7c6cd938c12837d2b87b8ffb81438f40321f7f4ccc58e75b90d73354f020df8cff19aa7983cb75be7bb3937ce55de2841991431b2a0198

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\hi.pak

Filesize
1.0MB

MD5
c5a8a66837827141819f610ff6e24287

SHA1
a08d99121dd9e9cb9f74eb9c03cb006732bd48c3

SHA256
a99e7155acc1dbfb31209ce4042124ee6e867571cd10dc01f34152613f23acd9

SHA512
69862f3e108cd0ee49bbdc010d2e014e5213dc47d8baff7e38ebeb3b36b4bf91c8b3b490cdf0bc46b35c12d14844d24f7a2ccf1e9be66af5ffbe0c42a38f10af

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\hr.pak

Filesize
477KB

MD5
c10130c26e3c02524ef294bcda43f4a0

SHA1
94ac094fe5b9d2d0cd29bea7a5694196fef4f777

SHA256
ae6103631df64e56623d92d65a3372b0d787c27d72ca18e9080c0aeb28d83b41

SHA512
1b3acdc524e96363e1639152c45b222cb7e3a8e77fa030f165b9634ae63244f7056ced3e079176ea89d9e2ef02461d85244e6e8b3c8d752bde4d32149732e063

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\hu.pak

Filesize
513KB

MD5
20143c05e209e587f43ca6908d7b5edf

SHA1
f11259e17507ae063076525a3caa8a9fcfd7c96b

SHA256
ab80e87e7202cc56335ba1d0a7770838d8d478d3128e46c9d30f38884c650671

SHA512
2d2c4936b6af6f5a29738db5688acb6cd2ac8aa48e886a1e32dc450edc95e357ccd6616155d631f68cb7478107cb47d02bd0c13192f6b4e33a47a7c0771b9942

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\id.pak

Filesize
421KB

MD5
529affd46bd5d0a6ae12d4d87407651d

SHA1
bf148f7873f17082e66444607e9937343e2cada4

SHA256
1d8f4f7519f4add8f5f4a2eff21b6e703acc49f9ceceea293114cd040e9b5d6d

SHA512
ccd8496edbfaca0d47a4e2fb924820d10ba05f59a7e7a4b1c65bdf1e51ba82ffc1d71fa07d4e8cf07b8f626f804b345a31c38797edfce79dda5fba0e298b6c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\it.pak

Filesize
466KB

MD5
3b2dbf6468414b8baea5fa241917e688

SHA1
5cdd39b14d21c193ec6ec9f14d671b37e67859f5

SHA256
202e8961915e6fa6a910dbf7dee705fb2e71b98a34eacd34a7c317d3a12b15af

SHA512
87fd024be7ded242742d64ce53d769b0b2315432860ecee91d423eba9194ae34a8ccd1752a3d407ab3ee8fb632b130c40ae6d5e349a5e8bb9a9b3a46f8fae452

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ja.pak

Filesize
569KB

MD5
e6a4668568d691547d3a9d92985f5c37

SHA1
d43c9adc391e219baef9221062bbb8a7327ad6a9

SHA256
5f3cbcb09862f54a20580268baefc79a65183e95e8935877a834c773a458de6e

SHA512
79a063b5d47f9f49056831f6565d99d1ce56bc73a22d9794ca85bf3780c69c1ef29392a0b735de984fbab77e83ef97f9c730a3b03d296e292afe64b559797012

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\kn.pak

Filesize
1.1MB

MD5
11960cc947442c7e8fbe7946f518a3b6

SHA1
b6dfee9ac101ee2c2cdff2f8755c1f453f9bb686

SHA256
efab8245113da2f602c21eda7a16ca7b967e55925289a6965a19ed3f5c80b449

SHA512
077df8a48e69d4e144ad91fc06a66274da06f0a4fa27fc9e339da80e7ff0e4a29aa9c964c9261f1dafd1450678a268abc231e8e43b0bde6e514553cfb735f82c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ko.pak

Filesize
480KB

MD5
d19e0fe749813eec84e8e8830c35db7d

SHA1
e676a3524dba2d1b0d8da4bc508f4cc579dcce72

SHA256
cfe45b518c2e5d77c8c2c567481acc6a7f56b3b2d365c8f9b699660711f75738

SHA512
636fa8d8730b8235423d2d3e49329ac8b109659f1d930b56c9e0e7b5da9cedac9814a2b34dbbae3e2da2e95e0258fd9b4a17c112172f24b5b4c2a42bb62be63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\lt.pak

Filesize
518KB

MD5
0dfc077d51fb6f73a09fbb0b04df2dee

SHA1
b8b14e4ee2557edc13df68d2bf0d5469642f4d6a

SHA256
6f86e008a84a0f1f0f471ff891014b3c8dd19831cdbb5cf3ed301b2477b5f552

SHA512
1b1c0bf62e87657491106a970d2d59bdb7b8876ce901466687b499902ffe136e6409dc705ce49417fcfcabce3e134a2a85e2aaf71161b839b31325874b7556e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\lv.pak

Filesize
516KB

MD5
f98e3517560753ab21a0436c74ef236e

SHA1
104dc9d23ce0c2c33788276e9beff4746367900a

SHA256
a9c0abf7f2056c2ac265ca802e46c30f9320e983c7e683885fa0ddcb51b46a02

SHA512
7b5db4b03c231059c20fd160d8cdf8c0946e8903caf13e401e57fb125422a9a0f724d4ce4d9e06a1f051c905188100890dbdc161042e74628e1dbb8c4c39d1fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ml.pak

Filesize
1.2MB

MD5
3003e662a7ca1384782a039d78f0bb1f

SHA1
f306c49febfdb76714f3feb0c03a84939f471a19

SHA256
99eb2ec5820f961a1e70700fdd8ec7f91ad670a513b59a49fea4d50c869b4525

SHA512
ad8318291dbbb33b2bad9be81f82032c807220bb921cf8b9f7ca95d0b903610dcefbc0e6339afa72adef66b2293364c4b4a3c8727642a5e52d932984a5821c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\mr.pak

Filesize
975KB

MD5
5f6ea652adc1623509872e31b636ca32

SHA1
90712685e8e2426be975ee500ea6a1c038583ab7

SHA256
400494aee11c22936c8fe9cb8139c6025f7c0e1ec985d702b5045fdfb98ef940

SHA512
301ae1ee946fd30276f0c3db0d2056241cebd767efb11b1fa6d07a0c8e44cf6fb3f6b6e954656b80f372d470312fbad2d3fd247a617a0abe06a74bde0f71426b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ms.pak

Filesize
442KB

MD5
0c8cbb712619936c253bb6f5ee3ac0f7

SHA1
0cf5938bc3134ab64cd729c4bf5227966e11ccab

SHA256
810c0399d63b4fb95b729db3e7e2fc7d30dc15a32c20cf8a3bfa153d28397de0

SHA512
528c827784af8772104a1abd47c0591b642f7b10d05bc4a16b6945e9767805827a265f9cf2af72631bbe713b0d9f1aba0c5904bf8b8cda642915c9f7fc8f1fc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\nb.pak

Filesize
430KB

MD5
21b40c03071574765a76bc7a99b1e7c3

SHA1
0bd4f467c6509ba85a2b249fb9b99428a01ccb66

SHA256
f27e8dc3a38984da22792403089dce4c46126377ab581cf53a96007207e6b7e6

SHA512
6501e94a842aa26e376272aac58f318c4858772225e2f609df01716de79a72d2dabdbd2d41243eccd3c413071bcd79f2cca0e0423f4c1932173dacce9125ab3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\nl.pak

Filesize
444KB

MD5
d20a7273031dc45fa61f74c3be3696e4

SHA1
6d3fbb3ab5ee819d3211c1eac3eacf0ca1afd031

SHA256
9ded962c949661cb698c350afd42fdae14926edaff9d30fb40001e20d4c37c21

SHA512
6587207c043f958e0c6aafe4ebb84d64806a407ad94e6d6decebe5f946a05bfe7506e43f78d6b0c4540dfa8c82f16cfb31d42cb324d89b8a1206eb1dbc68e001

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\pl.pak

Filesize
497KB

MD5
79caf07d9d41518798ed25a31e160bc6

SHA1
fc8f73f74a6f5fee4920d93abb14ec18c18b3ebd

SHA256
8433f29111cc6dc2c73c64ef5da4978cf0023c95bfa9aa892ac826109bdf224c

SHA512
e3ddf6a00fbf892f7190a2a7c476e8a7596bc6dcd3b866a3735df537593146766709b934267433576348ae1c7feaea54cc91c92f973f04df57776bdea887c830

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\pt-BR.pak

Filesize
468KB

MD5
c044b36ef488b9957eef793200fe9c1f

SHA1
042abca765a200dab57662d2e3dc812967f45324

SHA256
c8bfbf6e29e0c3bbfa464437d15a02f69c878b9746ca35e479f5afde2a5e7ca0

SHA512
14b5414b2e57899a12df69a05462086e1f11149a9aeb03adba5b6435edbab93f688a2515c866c03a6dfe942f02201888849626e52cac05df3df5c57f75bbe79b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\pt-PT.pak

Filesize
469KB

MD5
51c0134ba23a8a33da20194d72eebc1f

SHA1
e4d5d133a2cb77ea127a80a05221341bfd143b0e

SHA256
375e65df835b2df08087b14a3abd08ec2a798df098298d7061ab24a23cab0e74

SHA512
4a74152fbcbb5e283cc23e519f1afb44875183aa56da7b990c9a088e1eeae48b60919e98df9272e862252a424379ee37a292741d1916b300ad67da33bae6dbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ro.pak

Filesize
485KB

MD5
61e6762d98ed5f5cdfab4e5f5ad86988

SHA1
227c87c44aff4955068ee2caea819c2231e6b7d9

SHA256
270e65d21c46f62fa5f880dc6485dc2b1fb4e3bd208b6b61e3c5d3e53631d1d9

SHA512
d537965009460fb0ebf0ac56fa010d9844971cb56bc6e3075a544c08fdf2eb35da44da4565e41cbe5aaf8f3e6b4a72c4756c33b85f30913b1d0f9cb6b95d97c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ru.pak

Filesize
797KB

MD5
634190e6bac68f1704543d79a326fcde

SHA1
af9f15c78e5c00fbc9dc5a9cc105f0c406ef83f2

SHA256
a0e812c6e7b9fa7d5646aa5f3dc268ea5e5a47634c7c6622bdd6be89b195bed6

SHA512
88e98f0e6332268c8402c038b1c0551f9db56ed8ab24d6fb7c6bfe5b80abd6a82ccc1d420da333e097e1468f3e20534a04d7b9e8f0e3dd9592781e4016bb7900

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\sk.pak

Filesize
502KB

MD5
abb14b45fb6d6ef70c14f7ad4207fdf8

SHA1
7912dc3ea4f0702add5ac48ef58a9e64f6ae053e

SHA256
2ce99f386a2f8dc6c0ee334f9e9f561cf2d0e007b90bab71630621102bb6418a

SHA512
995b2f366824da52bec994803bbcfdf71d0221c294b35791f67a7658a967bbc8248d9984eee6a39e1f04620b97a5757e37179126554ab9ec4d7cd69bba46d4f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\sl.pak

Filesize
482KB

MD5
508dec1f398cf905406b8b3a5c9211f5

SHA1
bb9373e2e2f926490aa87621910de5864365d091

SHA256
b3543e1a020516f7a3cdd5e3636aeae6ffce1fc34040477679db01a1e4624753

SHA512
2d355d410e92a7170af1751ac52fd66a02463d58525e25530b3bba0a68467441a2687b4f8fffeda7375726737a0045b7fc7b727652108027e6b759991e3fc079

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\sr.pak

Filesize
744KB

MD5
34cd9d59eda1ebf2ec04d857ae046282

SHA1
7c5aa258a971c5e01bea62a6d9c83cacc51999c3

SHA256
814302959a230d1a4f77d69759bb8ae578e2b0e3d24a30b50756a054eb961889

SHA512
f8b010771dd4b27ee41837a508e1083aa790d3e5577876169c02db72ecacc9ccb670dbcb84349638062c74a50e4f7c6af8aba25046921709ea8a0eaf5e5f3d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\sv.pak

Filesize
433KB

MD5
450a3aee15d65a35bbaebee850d6774a

SHA1
c4bf0c498d23984cad3b11e78653ee814bf3d422

SHA256
e1abd731a88926ae532439f12b95121c45e06e8927b6d4d230994e5667ea68a4

SHA512
5583eacb1f688270779b662a825c42ef7e479ef182450ca895c40d909f0b1f3664ddeb2aa12360626871d6d30cffd0486d28950849a0a048dee4d1876eb97894

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\sw.pak

Filesize
455KB

MD5
a5cc00913436b9281ade4c76a3752bf6

SHA1
e41c1056228c5c88fd42257d93420841742a6b96

SHA256
6621ff23bfaf8a200e9010d8042a8fcadd775702d35b6c27cec47b0e76eba568

SHA512
2f441de1d94a8e692c45940cf7db01873d7e162ce03343106bffa4a5e714e019bdd9d854c247d8ec359b5f64ffd60135e2e3b41f27c01b18cda131cb27cf6d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ta.pak

Filesize
1.1MB

MD5
2f757dffc404098b26efe5e083fdac82

SHA1
dd503618deaeb7e895e54f07662cfb95ef216f1a

SHA256
4aa49a31e0474c65760147a4c411b65414c8b30e6b6a60194274a900a7282e48

SHA512
023667b56108dbedf3581cb1911cacb80791eedcd47f2677ea9aedea793480c1a65eb2ee8d4b5f75df215649aa9d966ddd72f51abe11e431bcf4104247f0d7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\te.pak

Filesize
1.1MB

MD5
d8b98c61ad607c3837850a1eb895e270

SHA1
ae6f74f669663dc6d2ed52007f8eae4a3e3b717b

SHA256
dd9794a9fa95eb6c67d749cc6867cdfac6da13049ef08148fc3a72ea0e5b7607

SHA512
ed07e7af5f93c4aa82ca1e216f4e3ccf8d66aadcdedcb651d8497d99d7f2cf38fc9b415310ebd376214ca0c048d8553aae0e3c9c2655c68a0fce4f82b1b51219

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\th.pak

Filesize
917KB

MD5
7e49149e6f56f852e99272ddee6bfa67

SHA1
9e2d90da4e419e3ff8f1c5969695fe45c9953b84

SHA256
bd6b84b7fbac2059c5f1bc9666c82b2f5c91ff441d667fd4e286dd653cd609c7

SHA512
30798ed6d9897e93c97944ae23350f941f611a16444a276bc33a3eba31439eebb8eb9809c35467ef2aaa4267c49e51695c382a0f4e8d1450eeebc64c875f5be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\tr.pak

Filesize
465KB

MD5
e8ac7da69798cd5b6fd2f03332f4f5d7

SHA1
f42d4d534ce766714ee9ae0ee30e19cce7d6848f

SHA256
a1d2a534e508463b14b01c9fa4fecd4cdf0e9181e9f73bd725d9a47879beaa0b

SHA512
9273106062ddb56dc78e8bba2d798441fc92da967f1f7ca61942bd366a0b614895f865cee3494dfcefc42531289f7570b1e9c57adadd9ff53d769edac338dbf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\uk.pak

Filesize
797KB

MD5
4c4eb9932cc253b91190d611ccdbe212

SHA1
2ec354336dccd3c1fb7382a81f8cb90687717994

SHA256
216a8e451d3b492fadec1ad433d0cca95830a8cc504b675d06341c4b03b9df22

SHA512
0b0034aa886cc636d429c757ed004e4670770a290f7850dec273766acb980c0a6c270a8383c3676cd02636a1fd7498a33958f6769f82e9b8af283e15a8232a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\ur.pak

Filesize
695KB

MD5
f06bac2698e9a023954e9f76fab5d06e

SHA1
59c6995373a4c4ae7ef0e5c9f831993ef6ab456a

SHA256
edfb467e0b26bc10f9085c816e92d23411fb16bb57a91434f3d435ed4bc28522

SHA512
07be0b9c80b93d8e1207e892229f31badf047d22a6d7b3b3c2bfa3dd44215fd9bfcfcd958e20b285b30836d185dabb94f207e4fd7afce246b6d574e3b935fac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\vi.pak

Filesize
551KB

MD5
0eec47e1c3a072dfa58ec494e13c61a6

SHA1
b07c5f7368a100fd21cec86b31cf5ec29a71a760

SHA256
175bfd7d1b70f7ebe2a8c091ba63422edba8fbf64f52707989c4a070ae81618c

SHA512
ec8e54f07aeff3b655feee6bff824e16059cced4dce9fb695150dd8ce9240335f6023d806677eb682dec8e99a3eed4a1305e4f3fbfec3cbfa3a1df2dd3e96350

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\zh-CN.pak

Filesize
398KB

MD5
8bbcb4b24c3b9d27e26d75bedb21b20f

SHA1
b82da1dd644dad253d39231d5694494e0f902d34

SHA256
300c0752e1831981f365bdc35c2fa0044df342f623c5b879cda6eb21094383af

SHA512
c6ca32f8b2f4cad9936c2030f1c412a8bf82b92d583cd62e2ea25b2e736f30b6bdd2fb9be20135bc09a3062208b775c11ae50199b726fe3edfa62196678646d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\locales\zh-TW.pak

Filesize
394KB

MD5
7ae486f1d7be0224c30cfd85bedb4878

SHA1
8b3eeddb27277174561f54bdace6034102475ab4

SHA256
0bdd3b326e09ab2a4bbfa6af08a6a18552045c0c1319e4e32374f9246415b51d

SHA512
1457531a3deab89ddffaf286793459d3143e4d945e807e7db7216fd976d85a7c74f6cf437dae7889a1e1a98bceea7781081ca39fa180d82fecf3c0aa8ecbbea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
5b0d9bdb7192808257a426a158201154

SHA1
d36b921197e88bfdbe8f0c85d4248428b28ddc74

SHA256
2cf66385c4a917de07563fac63b973936ffc7f7f3ad665ea0df489bcc74ddf35

SHA512
3312f1c75b3848404c50aa345b28c856f476a7b66756d9316734c174af3c9ad30193b9123a928ee9e94bd3184998d86ee1474a62e657e4c329f310a5f7b3207b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app-update.yml

Filesize
135B

MD5
111aaa2b332ebb0bd8d6b782dd8de100

SHA1
b42d0437993dba5887ca2a81705e8c1c088c0cdb

SHA256
9f66af484503c69ba22a7c96b9f80ba3c80e4cac288a4161cfdf55c54165a3db

SHA512
e149c788e00b6a71f931d8adf367fcadd3bc42ea23dff4a62c778ea724abd055be073958632d9395d2258a1ba7848b969a8a47ca6499d9e88301c7a3964a2d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\.releaserc.json

Filesize
189B

MD5
c896e2730f6662e1645901b01bf37658

SHA1
8aae720255ce891581077ec0993c54bd5a915644

SHA256
5ff07e0b0f1ddc6b0e6ec4a2df94939bdb14e8bb0cd07957c53afcb8a2f8f93e

SHA512
b0b47beb9ce8d704f6056d74067624487e7f4475668b89352a07aecd167299ea0fcaa14c1d109cf4e80cde3766ce0b482e816a119f0b4dfc7fac2532047671a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\CONTRIBUTING.md

Filesize
854B

MD5
3f334c61cd694d61c332fee9367835e3

SHA1
9301356c6299256d441bff7c5efc9db49a315dfb

SHA256
b18e5cc0e263c74fa1a3a23946d0f46c3be50e1f2d6c1522c27026f9fe8a0706

SHA512
dbf9ec5ee2f871da006bfe2c63cdb8dfddeae9303fbe585b1e2eff16d6475505ad0b65290465893ab55f4905393d638ef01bd136d908e4629575191e228cc931

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\LICENSE

Filesize
1KB

MD5
972f323aee98757c51dc8402e7e7f24e

SHA1
58f6c2fde51fc0d501d196eb4107555835f0b890

SHA256
365e2e848090ff97ffc97197654e8a004bd2e13f9b216618fdee394ac016cf79

SHA512
0713c51f5f738cf47e5b3525d3e98799a7f55bb85651eeecfe5224b08519f145d55add2efb283c39b1ce340a2726e0ee6b9b2178603eab90be68b4bb133f6bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\SUPPORT.md

Filesize
474B

MD5
3e4048d168919b14b51b46fb76be2fe6

SHA1
e0c51d80481a56fefb7ff7968c2a94c7bc92e767

SHA256
61214a4a79acc5fefa019b9b9063769ba52891587ea3e9cae30c2d84492aa93b

SHA512
42a1bb8c4629f26be968313ad61e2163624008a728ab0f1b77ed0be9b91645b7cf2fe54ce9bac35e3f2c583dd6c08fcd3cf9ac2d93a300d2255400acd4f28481

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\bin\rcedit-x64.exe

Filesize
1.3MB

MD5
994a67cc8049c603f233ea320f7f540b

SHA1
43bf856806affdb7b7f7233375c7b95b1d59e974

SHA256
fae0260b541a3c02b384f464a1c2ff0d1751cd0699bff49e7c545ddd578cccf4

SHA512
945e32bb9274f96e7fd389c73c8ff2dd3684bdfdc0a6180088a0206447df1ed1f1dee0d3f16b0cda52e8fdc6ae7c8bae500292244bd01763ed2b08a69f18ef1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\bin\rcedit.exe

Filesize
943KB

MD5
b8ee03943c2219b37d209c717820e6da

SHA1
7933ae8b4db0eac844cf5faa90f267a9a58b3a71

SHA256
38a96b390a880c90f8f20574bdef76cf2bd70fe9719fedecc1f63c12d01b8e05

SHA512
6f169f7571a74dea9f774cb448f6d00e34da027f2d93fae7114f8ba7a82a24b9f74265bfc9c42ffe3aa5b2aabcafaacf668745edf435073634d2d0f28206686f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\lib\rcedit.js

Filesize
1KB

MD5
ac0e80f780218e7bf9094121924684cb

SHA1
c89c3bc6287d4a6c3cbbd7a1f99e1d642c20f8e8

SHA256
d63b0d9483bc42af48b0cb3417bc8f91ad0252d40ef6ac7c1db914428d5b4a3e

SHA512
c5e7ad2296118b501a7bca2d58b641a3ef1869abb48d11f6ff9cbc8febcce1832478bc88c283fb4afcc994868dfacfddf24413187e8689e0813a3a7b3e29c32d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\package.json

Filesize
774B

MD5
e387b66cff11c8464e392157d4070544

SHA1
22070c3e708826f962de9b1031a3d477b7091309

SHA256
14163e9a74b16b557b42bb3654f12083e3af0a5fdb9d174e37cb8852c8aa1dcb

SHA512
3161aa8d60843aa0b61dce423e510a4084902c1c1e17ced564403d9142616c42e5ca435dfb7ad4dd249e3aa153fbdb2fc86eb92b4be4c1cc34550efd6e40b1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\app.asar.unpacked\node_modules\rcedit\tsconfig.eslint.json

Filesize
299B

MD5
8fcb883b1addd51fbfb6b1021954f691

SHA1
2f2b782f0917746a9727eaeb4f88c223353593a4

SHA256
02b61bd1d0b0017cf04f5c5dff699fc4ddc9f287b7eb35daf614c0996e940273

SHA512
a5cbafa014e5ade99d4b651d77a755eab51f4b58133f7e3779266f349fac27d036923f8fc1ce8760021cd961023e7a6bc37b8232d1e6079b61d5f854bc3a0baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\resources\elevate.exe

Filesize
114KB

MD5
bd620b8a4483288821ab8ac18648332e

SHA1
2e0e5db01c05b6aae6f29268bde59965f50188c7

SHA256
136b7c8007fe15ed3a5fea4eef4b23256c25a6c685ed67025fb3dc68e775eef9

SHA512
7258f018aee3b39e130ea14f62a7d6a0f731f68c890cb1631a5e18e641ee989bd13bc48278db6ee0d22e86366b2c5073a88cb946671c43da112db3467367a0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\snapshot_blob.bin

Filesize
262KB

MD5
801731c081a37a32473e0c490d7bc210

SHA1
34f2c0e0d4001cc6abba360c2593faf77680f510

SHA256
13051347751c052484db5b21b7604d20a281a2a98d66af2b856f32322b4b1d1a

SHA512
fd84cf2bf3ccdb44c988f79c66bf147f21cb1c0ead7e794120808f4c35825a613cbefafe436c9b48849eca02336f04f2732c88bb6a8c12aa95e08366de32a2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\v8_context_snapshot.bin

Filesize
581KB

MD5
27eb201cddf803cfc34aa9263a3eb2bf

SHA1
f47986464c38d35458fd1ff0bf7ae70290ce96bc

SHA256
4a4801c6d845ac24aeb5b1849c51890bbff35045d41172de0cd8a296d9b9b0be

SHA512
b15a0ef36d5a907e416c0eec575fa6396ac9b8d1aa888983f6026cdf757ab1fa9eb7e59bd7d03b26ea5f4c5e551f52c36bc17a6cf07a0d961f361aec702a2330

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\vk_swiftshader.dll

Filesize
4.9MB

MD5
9281a9a4a96eaa608ee657de992f5f3d

SHA1
e663c605ee7c2f79409a784a823e0dc9eebbaa0e

SHA256
c7ce4bf37998052ee3be6c36ab5a18f2fae1ae0474f3a0d0fbad2382855aeec1

SHA512
578c1ca8523a94403f6695cf4d201fc036bce75c6dabe63f57ad2b5b1aca8d32ab66ca7df8bdee84a8a7202a539995f5128a448418d07a1589837b53e40013a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\7z-out\vulkan-1.dll

Filesize
917KB

MD5
e500db5dbb5d6bb83acc3272011c874d

SHA1
5c2f176831e0376c58d2484334430761b0fc9f4c

SHA256
538d78238812eb6d6847c26bada47ae38f9c26c035739352273e439d4a78bf94

SHA512
3d20e206c44771cc6db52a88b9048b54d8afeb5c0b4ad5e64cd7de0c3589fb5326edecc7fad931d15a5e3a07d30733f8891ab7a0555110068eb73f11de5a069e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6831.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\355edb32-1905-4194-97a8-73aaf1bc0d0d.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\DawnCache\data_1

Filesize
264KB

MD5
c104dff8dc4734ed46e002367ff47fa7

SHA1
d3932ee2be5aa1c0af98c61bcc98e167548eccb4

SHA256
46c90653e5a78fc9853051b9073ca737940572b919faa19ed25367d10ab9b83b

SHA512
2184be5557d13422758133befa8ed32f08b8b398d2acd704b2f1d9df0fdb063585a3a968dca0c245f3091ad6b846d4046334887e656c33831460726baf1ce8e1

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Network\Network Persistent State

Filesize
300B

MD5
8c4311df0f5ce985503f42e81272d49e

SHA1
16dd44da69138a441430b10a399afcfdbc6a61a7

SHA256
ac686cbe81590647182b35c5ba214bb3f569476aec22de87d615e8f762eede7f

SHA512
7bdac4c7d2b857b7f58ef351f4865cc8e11b0c8a251fad3efe865cb9c432ae62f1b0221d23a6009a50b07e4fb184b7924abc4fd997a25c5dc2843b321068606d

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Network\Network Persistent State

Filesize
595B

MD5
e9bbdc286678c0431081814b513d3022

SHA1
b815a8b956c0ea93d9937f5cc31243f39bc54b92

SHA256
f40a608a6921a74feecf285a4cfd01d5312d0efb72f9e46fd4d67b05bf9b7640

SHA512
7670d2a3c1e1ff51e557b0966cec3e64a57656ef23814d80c1d1d4797720894456858243f5fe149161aecacd69134632dcf38c7dbf2135a95b8791793cb2807b

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Network\Network Persistent State~RFe58ce38.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Network\TransportSecurity

Filesize
355B

MD5
2cca14241d5940d0beee51ed27c58079

SHA1
e4c52ee30eb6adbb0409360c68137b86632a8447

SHA256
cda5d4d486d0f7095305a6524ce13297fd76242b235479ebf5832ff88cf2e12e

SHA512
9df522e010582cd859894a3436844128ecf737841348e09768a6a05642f8df1d380ad83652d1c59ac08567a0271fb2b85560433ed1bf942bac8edb5830cdef03

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Network\TransportSecurity

Filesize
355B

MD5
5a784d441093c1e2fba2cfcb814cd0fd

SHA1
6d164121084b7671a9ec69c871fe168cc2f146a7

SHA256
196daf3b73b6bd051d197b1f0a8550252215899f1d27460ab08faf9c54d5ba1a

SHA512
1b58625d6e230e9b2fcd7d3905c970b4a1d2439047239263069d382bdaa7c1ee28db3a1eee075948eae2c8c7392c6743a09f806c95a002e81ef0ec2c1bb411cc

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Network\TransportSecurity~RFe5c991b.TMP

Filesize
188B

MD5
3cddd8f875923552fc49100430811966

SHA1
24942fc40c84172c119f20c9968e7e4b75cd2529

SHA256
c7c3a11d1722185edc6e0aded3313ffa218dee47ec319b17560b4b2f6bccbaee

SHA512
2706546d20499341f11256ea5992174a7c6d87563ee6efbfcb90d9cbd418a88809d4723f2cbed248598ae874328a824fa3fb10e9b84f6d4781cb7b8b81a24980

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Preferences

Filesize
197B

MD5
1bdd5f65ae9b53ba37b4f90310d6c27a

SHA1
66c5905683f15b2635f39c84d963842d87a0795e

SHA256
c2f451cfa3289c10d7f57842e9a0ac965910482e8b7b4fe45d91983026426d4b

SHA512
0119566cf5476756d22daee00f58f5118d28bb17f472c2b76e01af47198bcf8587f3256fce260dae80191c43d51e48e824b7ebbd7c497c4d696a4fc8d20b42dd

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Preferences~RFe57cdfe.TMP

Filesize
226B

MD5
0bdf0f068b62238bd8f8be59eba9b1b9

SHA1
63b62e9e33ee8b60c443d1a4997de52b73e50088

SHA256
dae4472b5529d48365bc676a3ba16b28dd68ffbd2fb42c8f06aa930c97208594

SHA512
0b138ed7480d5fa301b426ffab96061bbc7d2d6f20e6d6139b81308eeea9357faefc3efefc60916740501b97abf007964c606f7981020055d88ca46b46675161

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\sentry\scope_v2.json

Filesize
8KB

MD5
2438ab6d5cca93f831983a6b5209801a

SHA1
38a7d93e7d717f17a6936caedaae62f8ccd2c2c8

SHA256
767e3ccbd7640dd9903bc3de15cbd800c8333c72ad8637e2939234c23d571693

SHA512
735bbc73685d308a3013436751ce05dc494971d0cca66a233cfb8650d9d99267ecb3b12eeddf4f541e12f6fb5e331e7b78b92e7ffe0b2af23b589e4a9d9f8f8b

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\sentry\scope_v2.json

Filesize
10KB

MD5
d9ffc750910fd550f377520f3f1ae12c

SHA1
828fb86770435239dc30bae8735d5a5c5cd91225

SHA256
c045bf218cb6227d55b69fea649b36d509a4ad5e4a5b9ad31ea6a9913eb0ec67

SHA512
9d21845611af246743622b1ba0566c7c7717fa9d9b42e495bb04a44c769c0e8cda5954331f0c981bc381c7dcaa5851ff979d7d2a02dc1b3024ada6f1f4617bde

Download Submit
C:\Users\Admin\AppData\Roaming\Guardian Browser\sentry\session.json

Filesize
240B

MD5
1794252335cfd6ee40ee238b50be99a9

SHA1
14e30250bb50ad9217f5d2b166d817d3303e2ae7

SHA256
fda6ef97605edff84c343d81ec137b82997c0ad94c58e08d24cef798ee699c5b

SHA512
b6b927d47aa3c207dcd0f5e43490759c7198d18ae85b281e961e8939d07adf8ab791e54ebfbcded844e284170fe268eca8f10e45c7bf31f784e06b1235af15fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/364-2029-0x00007FFDBAF50000-0x00007FFDBAF51000-memory.dmp

Filesize
4KB

Download
memory/4048-1023-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1024-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1025-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1026-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1027-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1028-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1029-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1017-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1018-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/4048-1019-0x0000020E28F40000-0x0000020E28F41000-memory.dmp

Filesize
4KB

Download
memory/5104-957-0x00007FFDBAF50000-0x00007FFDBAF51000-memory.dmp

Filesize
4KB

Download