20e2ddce3a4773d1410518c70df018c7cb12e7c2f55a702599a72bca89a586a0

Analysis

max time kernel
1799s
max time network
1587s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11/05/2024, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tweaked_dWibsha.txt
Size

5KB
MD5

fc47d3ea86f7f9979cb117d23bb2afb5
SHA1

a1824c80520a16a4988b46f2b8c631ede32a38b8
SHA256

20e2ddce3a4773d1410518c70df018c7cb12e7c2f55a702599a72bca89a586a0
SHA512

995b828eaef264faf34b0e59b7b253dd5691b9db223d2c7bf0fb8cf751eafa422559066c90978a0631b2a91e32fc3d16de62e12755bf86ae13e2a48ba104e25f
SSDEEP

96:77bobJbvb+Ub5bQhbiibZ/bNbzcrycb2EbtbgXDpmU3bOveCrX/1DL5EGLzDbn5X:P5nP/CT/1iqrrL7E7B5n548+

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1756	windowsdesktop-runtime-7.0.18-win-x64.exe
1780	windowsdesktop-runtime-7.0.18-win-x64.exe
1316	windowsdesktop-runtime-7.0.18-win-x64.exe

Loads dropped DLL 58 IoCs

pid	Process
1780	windowsdesktop-runtime-7.0.18-win-x64.exe
3632	MsiExec.exe
3632	MsiExec.exe
1612	MsiExec.exe
1612	MsiExec.exe
376	MsiExec.exe
376	MsiExec.exe
4696	MsiExec.exe
4696	MsiExec.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe
1032	Nezur.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{9926fb6d-a007-472d-b0dc-38d7e8c475e0} = "\"C:\\ProgramData\\Package Cache\\{9926fb6d-a007-472d-b0dc-38d7e8c475e0}\\windowsdesktop-runtime-7.0.18-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.18-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
407	api.ipify.org
412	api.ipify.org
413	api.ipify.org

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\pl\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\Microsoft.VisualBasic.Forms.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\PresentationFramework-SystemXmlLinq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\Microsoft.VisualBasic.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.Requests.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hans\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.Sockets.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.ServiceModel.Web.dll	msiexec.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Web.HttpUtility.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Xml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\it\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.Primitives.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\pl\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ko\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Diagnostics.Process.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ja\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ja\PresentationUI.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\DirectWriteForwarder.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.ComponentModel.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Windows.Presentation.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\it\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\it\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.ValueTuple.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\Microsoft.NETCore.App.deps.json	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.IO.MemoryMappedFiles.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\es\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.18\hostfxr.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\PresentationFramework-SystemCore.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.CodeDom.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ru\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Security.Principal.Windows.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Runtime.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\it\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Windows.Forms.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.IO.Packaging.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ja\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\cs\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\Microsoft.WindowsDesktop.App.runtimeconfig.json	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Threading.AccessControl.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Security.Cryptography.X509Certificates.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Security.Cryptography.Pkcs.dll	msiexec.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.18 (x64).swidtag	windowsdesktop-runtime-7.0.18-win-x64.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Data.Common.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ko\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Private.CoreLib.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ru\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Diagnostics.Tracing.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\WindowsFormsIntegration.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\ru\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\System.Security.Cryptography.ProtectedData.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Net.Security.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\fr\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\it\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hant\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.Transactions.Local.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\zh-Hant\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.18\System.IO.Compression.Native.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.18\Microsoft.WindowsDesktop.App.deps.json	msiexec.exe

Drops file in Windows directory 45 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5e9230.msi	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5e922c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA2DE.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA513.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAA09.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Installer\MSIA00B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5e9231.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{97B1AA87-A6DA-474C-B607-7627F2D7B98A}	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\Installer\e5e9231.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA192.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Installer\MSIA485.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA67D.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\MSI9383.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9559.tmp	msiexec.exe
File created	C:\Windows\Installer\e5e9236.msi	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\e5e9236.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F91C5C9A-FDEF-44D0-88D8-40113345FAA7}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB0A4.tmp	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Installer\MSIA22F.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2BC88C2F-92B5-4BB0-B40E-EC88F0EEA057}	msiexec.exe
File created	C:\Windows\Installer\e5e9235.msi	msiexec.exe
File created	C:\Windows\Installer\e5e923a.msi	msiexec.exe
File created	C:\Windows\Installer\e5e923b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5e923b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA8C0.tmp	msiexec.exe
File created	C:\Windows\Installer\e5e922c.msi	msiexec.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\Installer\e5e923f.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1C	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1d	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599376607579385"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{3B833788-4237-4B22-ACB6-6274E1F319 = "\\\\?\\Volume{39CD0EDA-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\windowsdesktop-runtime-7.0.18-win-x64.exe"	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7e599635eea3da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D58386B80972EE14D8C7B3284BFDE287\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Discrete;Continuous"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2C88CB25B290BB44BE0CE880FEE0A75\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nezur.io\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\1cheats.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "769"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\1cheats.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 366c1eefeda3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 9072304feea3da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4b74304feea3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9C5C19FFEDF0D44888D04113354AF7A\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b2a538efeda3da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "407"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9C5C19FFEDF0D44888D04113354AF7A\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\1cheats.com\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Japanese Phone Converter"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex\HubPane = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2113b1f6eda3da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\78AA1B79AD6AC4746B7067722F7D9BA8\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "10"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "389"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{14E74C62-DC97-43B0-8F2F-581496A65D60}"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe.plrusdm.partial:Zone.Identifier	browser_broker.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2184	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
4732	chrome.exe
4732	chrome.exe
4296	sdiagnhost.exe
4296	sdiagnhost.exe
3732	msiexec.exe
3732	msiexec.exe
3732	msiexec.exe
3732	msiexec.exe
3732	msiexec.exe
3732	msiexec.exe
3732	msiexec.exe
3732	msiexec.exe

Suspicious behavior: MapViewOfSection 14 IoCs

pid	Process
2780	MicrosoftEdgeCP.exe
2780	MicrosoftEdgeCP.exe
2780	MicrosoftEdgeCP.exe
2780	MicrosoftEdgeCP.exe
2448	MicrosoftEdgeCP.exe
2448	MicrosoftEdgeCP.exe
4276	MicrosoftEdgeCP.exe
4276	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4428	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1852	Nezur.exe
1384	MicrosoftEdge.exe
2780	MicrosoftEdgeCP.exe
4996	MicrosoftEdgeCP.exe
2780	MicrosoftEdgeCP.exe
3648	Nezur.exe
204	MicrosoftEdge.exe
2448	MicrosoftEdgeCP.exe
2448	MicrosoftEdgeCP.exe
1032	Nezur.exe
212	MicrosoftEdge.exe
4276	MicrosoftEdgeCP.exe
4276	MicrosoftEdgeCP.exe
1964	MicrosoftEdge.exe
4372	MicrosoftEdgeCP.exe
4372	MicrosoftEdgeCP.exe
1964	MicrosoftEdge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 3956	4232	chrome.exe	76
PID 4232 wrote to memory of 3956	4232	chrome.exe	76
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 5032	4232	chrome.exe	78
PID 4232 wrote to memory of 832	4232	chrome.exe	79
PID 4232 wrote to memory of 832	4232	chrome.exe	79
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80
PID 4232 wrote to memory of 4280	4232	chrome.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\tweaked_dWibsha.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffaf0119758,0x7ffaf0119768,0x7ffaf0119778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3772 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4704 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5288 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1484 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=892 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5168 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 --field-trial-handle=1852,i,8946675081136861755,4194903294956801306,131072 /prefetch:8
  2⤵
  PID:2576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c
1⤵
PID:3060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:400

C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe"
1⤵
PID:4452

C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe"
1⤵
PID:4052

C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3132

C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe"
1⤵
PID:5108

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim\" -ad -an -ai#7zMap31494:116:7zEvent1685
1⤵
- Suspicious use of FindShellTrayWindow
PID:4428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:2184

C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe"
1⤵
PID:4620

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\Nezur_Loader\Bin\Aim\nezuraim.exe" ContextMenu
1⤵
PID:2696
- C:\Windows\System32\msdt.exe
  C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWC508.xml /skip TRUE
  2⤵
  PID:2272

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zrvckbsy\zrvckbsy.cmdline"
  2⤵
  PID:1404
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC8A2.tmp" "c:\Users\Admin\AppData\Local\Temp\zrvckbsy\CSCB6E6F98B5584AF1ACF8949756608767.TMP"
    3⤵
    PID:60
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mqhk4vxb\mqhk4vxb.cmdline"
  2⤵
  PID:5016
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC91F.tmp" "c:\Users\Admin\AppData\Local\Temp\mqhk4vxb\CSCF4BC922B8CA54D8299FE1E41A4238BF4.TMP"
    3⤵
    PID:3516
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wg3njafq\wg3njafq.cmdline"
  2⤵
  PID:4440
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCDC2.tmp" "c:\Users\Admin\AppData\Local\Temp\wg3njafq\CSCD427E004F41B405095E9F6D960FBD613.TMP"
    3⤵
    PID:4104

C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:204

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:4088
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe"
  2⤵
  - Executes dropped EXE
  PID:1756
- - C:\Windows\Temp\{B56546F7-E66A-4AFD-8318-3921BC3046B8}\.cr\windowsdesktop-runtime-7.0.18-win-x64.exe
    "C:\Windows\Temp\{B56546F7-E66A-4AFD-8318-3921BC3046B8}\.cr\windowsdesktop-runtime-7.0.18-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.18-win-x64.exe" -burn.filehandle.attached=528 -burn.filehandle.self=536
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1780
  - - C:\Windows\Temp\{09562C48-0350-40CD-8EEA-F23CFE6770FD}\.be\windowsdesktop-runtime-7.0.18-win-x64.exe
      "C:\Windows\Temp\{09562C48-0350-40CD-8EEA-F23CFE6770FD}\.be\windowsdesktop-runtime-7.0.18-win-x64.exe" -q -burn.elevated BurnPipe.{3CD01130-A543-4240-9E1C-7CD2C13A1C47} {5CBE7B55-D1FC-4DC2-9490-64FCC66BEC41} 1780
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Program Files directory
      PID:1316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:332

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3732
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2E7954824324DDAD18DAF4A6A922734E
  2⤵
  - Loads dropped DLL
  PID:3632
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9E9A1736A6C7C1A4AA9C8D502A876BDF
  2⤵
  - Loads dropped DLL
  PID:1612
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C6CF783F11F1750EBA78BE1AC3516436
  2⤵
  - Loads dropped DLL
  PID:376
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2EDB214BE419C9028EDBD0761AF89531
  2⤵
  - Loads dropped DLL
  PID:4696

C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe
"C:\Users\Admin\Desktop\Nezur_Loader\Nezur.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:212

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5e922f.rbs

Filesize
47KB

MD5
45542baf4e30f57458db4f56ce2260a9

SHA1
0a9b18eb52c3d2ee5fc9fb1f6ba964808d0416ad

SHA256
a95bdc544147a09f750a8ed99cad468f7e8033c8d00fca3710da42fbb5568469

SHA512
ea43059224f45f2cb41b67b20785c92b0befccbc71b0f59463c02cb038a1b16a17ddc6ce853e9e879b79c4214d25c10e4042cbd6d423747beda49bd35fffba6b

Download Submit
C:\Config.Msi\e5e9234.rbs

Filesize
8KB

MD5
7e92bf3f6ef9bcdd550ff15350882347

SHA1
895c650d251a6a01dc6d48c0d7fcde08ecddcc03

SHA256
bec4f38716105d372edfad45c74ed8e21dbd613c71a8a4142b4883fbe8c61aa9

SHA512
789d5afd231e6fe645f9a8e1de54e58b1ad1e0b09fe61f84f1a853e42cb21d021bb3fa5a2faaadf18206d73d4999c63e44f81b52859bda844159b03ab71b803e

Download Submit
C:\Config.Msi\e5e9239.rbs

Filesize
9KB

MD5
0a019b0bd946647d96efffe09f3f952f

SHA1
edd4dc191d1f71d0d0b006c1cc72e3677cca1786

SHA256
fca41efe46a7f64c86e7ff5e013465dfc609f6d4542a3d92d9f619ae20a8ea3f

SHA512
21816f34bd93bcdb2c054a056f334d7e07d3199555b15647e4f9ff238e3b0bef50733ea9d5553abe6306ef8f00b5906e5af1b59681763462ed0da684fcd76d07

Download Submit
C:\Config.Msi\e5e923e.rbs

Filesize
87KB

MD5
0ca5afd75ae9943c6b1cf3b50bc0e499

SHA1
81bbe17f23aa8939d38ea50c6048a8e87629a0ab

SHA256
86dd077a4b02b0a8a3b58cfed11a97eac46fc8e41b693e1bcc5425de6c4bb21d

SHA512
21ccff0ea0f8ec065211502a3b3c0797dd65289df850827275a26d99b31d10dcf019d41c52c0f9d29e75ea8f220cbd569a2e024902727d36855f52f58d542d73

Download Submit
C:\Program Files\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
85KB

MD5
5c13a5ea8c8cc3474240981d0ffa88ff

SHA1
1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80

SHA256
4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da

SHA512
32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024051121.000\PCW.debugreport.xml

Filesize
3KB

MD5
6affd7b9fa64662b1b501d74832a2d80

SHA1
19ae10ff49c325bcdd3366fa5e70e070a9f5dc9e

SHA256
a87e6ece90ff2790539469ad73b4056f2b841986a5e12cdf7f92bf5b4ba88980

SHA512
bcf4374bdcfa179ddff6cfbadf8b45b742d70610e8bfca41e0e5cca52077b439dfcf4d4e88f2b9e77eec9d0213f7fb87171ccbc0fb85e6de342543b2105a5e29

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024051121.000\ResultReport.xml

Filesize
1KB

MD5
11e1f53fc3c1b43fbbdb2584d4d5c2f5

SHA1
9eb882031350e165b3bb5aa1b5631923d124e90e

SHA256
05729bc7e59f4f91aa7a1957a125a524fae8e7a497ffaa3c2bfe1bec059b10ae

SHA512
c720a03e53a0fa7fa58f88e4890e7bf601911ba7a968a2b2e9d82c66df7fb04afbc4516cff2c2b81593f2f6590867ed1db477302532ea0181560e997d6741e5a

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024051121.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\04b3474a-a039-48fc-9bbb-2adf1f2cc61e.tmp

Filesize
98KB

MD5
c7a3ca36a5021b580cf4007c0804c8b9

SHA1
23562174cbad4ac697b9d067cc67f015fe9c258c

SHA256
c46919650aae7a9be238dd061f1b2f5abe9b9b9d39a59db8296bb1854be49cb5

SHA512
037d109fe951568789698483f10415ab3f6a1a3fde03224cfecc39ce5a93248a546deea208bab61b43e3f2fd235c43a2d96eea6c6af5f961b354b0f4f3cd15c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
114B

MD5
257f5857c5edf7fc7906a2634742f9f4

SHA1
fc7639485245b05e622bcd6809d14deeeb08755b

SHA256
4725f14505320f09e2fc190c8b6b05775eec5cc7e33fa1dc6fd931a30d63f72a

SHA512
6d1c92a94f65bcf44771a3e53053fc143a8847e962b9481438408e37043b20920aa6c1b2d3f6280ca086a7d172900d7c9680853fc44c0527808a31fc0befd76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\25ca7b05-c448-44c2-b2d1-9f45c3fd9308.dmp

Filesize
833KB

MD5
c31a93efce1c1b91e7d1fd5ce2f3d20e

SHA1
d8d86b6ab27de44b3a99fa3c597cf5a1ec42cf85

SHA256
0f6c86533aae2f810ebf3a4d432bee466865e5c3e395e413ad6a1d39c1e70007

SHA512
34413d9eaad76100dc58f0ecdb2054a69e295d73eef8faf8ab967a876267c282dd7f92d1ecb6c8c9afa7a7717b05c87434a0ac8bca5537996551a90c9c6ab0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c86640aaa33658aa24db5a9e946108b5

SHA1
42a8819c961a6db7e165a84bab0781ef72e71d81

SHA256
bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717

SHA512
5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
1024KB

MD5
ae78984688bad532c4b71ec4da822f3d

SHA1
64ee212978d5a0fd7578f380a50fb6f6ec0a0ca9

SHA256
17f2e5d353360de2bdb79616bd05d6cf9a96f09e949ec3c0de4abef71fbefc92

SHA512
6f1303cd2d05f551859cbd486c81377a47ca3d2da9ace7a85e76974599f8666507bee8a08764f493e416185d5e2c8477c0ec24969a4bb25146c7005422c35aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
1024KB

MD5
e3726be5903bdc3e755a9e49b13b4d75

SHA1
5bb50dda728ee519d473bc9691878ff2dd113082

SHA256
c710a0335a5fa28c7c208872aca114129517ff48ecaf6476e28ed4f52e3a32f2

SHA512
e51c2a02621075920a8a4b9584457d3f3ebacb70ed3709c105c53933781f2fc1fe682fa114b3b5a242cec1429655e392222b962f5923c58ee864089ec63234f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
1024KB

MD5
312d78d27a06cee1223563ba4b0887ca

SHA1
e9bc03c9b4c6648860a4b69ba982516375390be9

SHA256
e670013f79524f44843c77d418d7321a04c38367b7f6dd3b7aec7f2c2a7572af

SHA512
333ee385de4981614c3f75407fee69b7eb6bdd007731af99b43d0b948fbbc261f473066b1a91829bc499630bfc471d52cd0ee58e83aeff45f446fae5a5b9cf7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e7a75c108d2ff5fdafe3dfe30a9f76f0

SHA1
ce94a08c7e2c948df9463a984fbf5cdc81ebb436

SHA256
9697e2b6619d85d719cedbb59b90a568dcce9b69a6b03aa2ddba7b4900900294

SHA512
1becaae5720bfe48a87438e59137cfab89f14a9ab4bc37fa7e3019a3a4515f5fc6477367d04590e9a23e43f3ee295b6e9f18f8f5184eeb3a3c332cd718a8d0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b1414593fed6350cad2fa2d69b138291

SHA1
a941f9d2d6a49c26020dd5930bca01b559c56802

SHA256
70662940d67840c3d7f5e4ce6f868c609fa80259d26a01ced6f0896d5e7232e0

SHA512
7c4ab253279b2cc9e3b6834c343181b53fca28061fd693589740621596a34be7255cc6c3e16ce5aa9e36a762b4cd4d95d833c5546887a035867a3163820dfe53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
b73b70ceef7ef22cc06142d0d47b696c

SHA1
2a285bd3d595589b2468c124eb8a914b84225d53

SHA256
163170b5633017330f77e37bc36912182cca21da95de2382f10eda8c7c616406

SHA512
1ca119bbd0e0de43d1548d1fb9d5362ba3d66d41db7ece52eb48798c90952e3a3248222cb4e6590fbd2a31c62742a6073c7a7a15a77c5f26e3c34585d05cc0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5f275a3be8fbffe860320abfc4ad5097

SHA1
1adf2e7f6648566008ad38704e56ee8a7b9458e4

SHA256
7669d1773ffca15c99ea109731913fd0493705028b4809dd40a95b17bee939ba

SHA512
11a68cecbc446a98bafa2ad13d962a10d67bd780962fac00fcacfd83162530d4aae2797df3ec29f0ec8d53c9416fc322e9b27b7206d860c7448d64cd0541d9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2805ab82-d8db-4e0d-b49f-1e336445ba82.tmp

Filesize
1KB

MD5
2e1a97688abbfa9e6f054906ab024e76

SHA1
ca5b37413d15e6d11386e53cc289308a79b1a05c

SHA256
21e771dd325e5c9c7ebfc3d34fa25f0097f79362a41058f9507baccb6dd17c80

SHA512
728b6b34adb033c815ee59abd44ddf226bbc33e85969ca6d4973685f1e59c72e6570cc75fdd9222c254ce23487545af97745f07a78736d165dcea1abc996e6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7ebd5e2a-eca6-483b-a3d9-cbe9934f7cd7.tmp

Filesize
1KB

MD5
6772ded7b68fcd0ff92cf40c4d9490c2

SHA1
204780c46dba5df62558c01c003a27557fce1013

SHA256
627e1f47fd1e28a46ffba403456ac562417fb478b03ce1d982e8f22de9509458

SHA512
1f321a7cbad5ef353323374610a879ad341874696bf0e0298437d230cb903ff106093216d1605fcf76f7e4bdbb3ace6c43fb30ac0ac8fd5f42917ab4224f7a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8a2fc98e479fb4bed20f84247d347e47

SHA1
7ba0b7da7bb79dc77c093de7c5598e18dbaf7056

SHA256
9cfbb2764aaca7d550dd81dbc92ab51c27015558afa164150904b866c9c03050

SHA512
e79af8653056a87a88e7f78ff791b7ad9ff860f818dc9181849961a5dbb7bbf9b8c5228f6b25821147fa3db4c3672f9ab6cec18a4aee90476d3187093648624f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b313de194783745007c24d7f31ef9111

SHA1
e226addb62736c355b502e2693b5bd53718c969f

SHA256
1d66c718d6bd535e142870d0d5863186f11bcd5750bdf090c516c496e301f77f

SHA512
2efb26e06e5fde605c5e4565be24b3415062c9ba137780c01b2f52d2cc628bc8c32f2455684ef9d8a1a02f16be86de7fd2714043d36e3a249730c54d9eb22eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
74e5b4c52b77380b556fb6c266942f23

SHA1
1c510f205bf89557d461d3fafd91387e70df3ca7

SHA256
957ba7062b6f436e37bcf7b21e958ca810f6b5063511a7d9a6c3c5a87a8a4bd1

SHA512
59381bc7b54c654c841ddadb94d13eff80888ef2253490a2de93fdadd52f05b71fb447bf34809c0fff1b2f3888ac376ad06c99a2d7372246d046593c7c0bfce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
e59806317a3125ad91e65373cf75d60f

SHA1
a496c1aa8b72fe7f34c0ee9f96abe9594e452e50

SHA256
f421e856dcbe95005bc233032d57b6e9f71f28add7548d234bb28eb355472d9e

SHA512
f754f00e62e10ce03fbce398650696d135560b34f2f821df10f3a64830c540f4b36d99ab29f5915a34af350a2a617acc2ec240d783ed4037afd7358affee93be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f740ffaa794c3fb83a0be7682020809d

SHA1
f20f65210291c23550ac749b9faefeaf28f65922

SHA256
57bbc25057d28eb410b165a19f659795d6f91d40df52b099c662f4820dad87ef

SHA512
d8e180c4ebec1ce415ce04b1cef0bb3fbb1b657c605aa6cf992f425f931e21b8fae0aa13034b6343828b0706db6dea7b9958c2ed36c7d5444819711b4343f4eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7602090da181e985607460821cdd0b00

SHA1
83c60fb2f21a6cdbabed08996c9a10b60ff986e7

SHA256
b4dab0e1c663ba1ddbc891f2a30e37ee709b024db3c16ff448529a768f0a7935

SHA512
e5538349e7271c92949e0f9457a4e7ed86e033462157206d561371a9530f0aa7bdb8bc603c7978ab2c5f88660c66a888cd302e6a298079bc33f356dddffc2e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cccba0d4-b2a8-4fbb-9225-29eef2f6c835.tmp

Filesize
1KB

MD5
203622f9df7b580a3f73aa67042d4785

SHA1
cfaef2dd29c14f3ab56f9c1707a5d83becf52379

SHA256
a763a09bfdd40291d886aea29b285ddf62b5f8e5c0d5470752f013ae4617de22

SHA512
d7725efef6b5d9540f86d255257eb50ecc6fcfb289ab65954f0192f287de5b9f4f1f660b2987bcc726b8a684d0c71cc778af1968828b4135cc1ff5f05e2247a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff2885b0b6145851703564f7a1402b90

SHA1
36323db248c56996797fdb97af4af6706fb39956

SHA256
40e4f57a35a9be0f2b24636cf1c9902fb566ee442a255c15a4ffb68a8ebd4a24

SHA512
4ba8b70a79d33665f68f25c718db7e222e72a6698786c4c32a15e28098dc8071eededc4cea6ff20e2197d33e87f2ec7dd7c82c829f7d6a291f1ba9c800560c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
27481d2338c92290ee38542ba775a636

SHA1
bbec347fe00be05321c1c331400e1b03ab938acc

SHA256
4f06102303790c0b42567d802cacd3fffe588d7ef4c3f97b64fcc250c463bd57

SHA512
d13fb42122a34683218fc371431fd16f5a81162bdc552843b2bacd19bdcdd3f774624ee93ec5075fb882a158b95e0b7aa42519719e9ddadf7fb856557d585b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
869f60d367c800ace1795dddf1222979

SHA1
64b2d30416ad7599e52f366a92e34ef4610ae353

SHA256
db137b118edc85d775f2f01534a5e8b7d20efd28b52e11789a55c1fbcabe3e2b

SHA512
98b84e8d6a02c91497b36442b850f5508413965ba62015ea2fe335323c78b4940e40b8d9899cc9d29043355b6219c71dfe6510134031fa0179842e7f758d91f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c2ba383e055aff39b0ced731ed04b02

SHA1
f3fa64418d2cd28f444dcd025dc75325981331cf

SHA256
4a9bbb650a75cffca318a1c3ca2679b7ec0b634fccb427b6059cae4f0f975cf8

SHA512
5a4fe5e2f8f9951ed2f427a79af2834e1901b5cf0a65e172aaee56b0f6ad20f97d0cfc1c5a5d8afffee571924825266d0f22564757497d8f2196f276216d75ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5009b501d8e32ad23321e3e0bc1c8430

SHA1
5835301074022e644047580f90c367c2e4d5af08

SHA256
2830e231ce82b6d69e6a629ce037dfe352583caf3896a8ffe43ca1c6591f67e2

SHA512
8e27654e2b3f7d5ae69bcd77783df2702426a3f5020edc8154ba50b44b0d07c8430e8f6cb7cad90ed0becb42320f0424fdafb5bf740972ef8510c920a4bc3e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c5eb9afb16a0fd30309c1febeb4ab3e

SHA1
b84b538e18fb8a30222c07d3d6d68a8c1a892c25

SHA256
1e6aa46f71906baba3bbae87c6f266eb29a91a3b9c308b6ee85c3f48d030d006

SHA512
79535342f9be9c7daf7bb03ab25b53f601567973e55fa584ff7a0c364d06d21c54e399ed72b572714fe2ffbb210066b70fa8e4054fe636d4ca96131ed9ac2c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
4f4ae584c1c90882a1b3e206bb7f9053

SHA1
7aaaac029f50e91f7496bcc0ce359a27044a337c

SHA256
c8c53e16b7a7ab417ce2a029ad6e7dfba91d54df4d8d1a3fded980330ec8373b

SHA512
f108576ac67a8f17318a56e4cc01a808fd6e884268156ac96dcf92977c7d940f81e9be01f8efc3795e5c57754d557c8fe75521d2fa99c5c84c675a2f57c4b4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
3c0ad50068bf74df7b770697f85f03a2

SHA1
c5eddc6d0d2fa3a6fca380cf7f72b72c3a83b4b4

SHA256
331a67138629437583e25d2a37bff58f35b37732d01e1ab6d5b09cd4a9cb76ad

SHA512
2a011f850e2c51437194b5fdef353016079381ef17147130301152e659b5a16f529b1a9fd003737d07663c6463abbc1078eb73f8e142c493277a991925e4e3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
c04c4e002cf546a83ba3d5b736919e6d

SHA1
688ed6a743a9070590bb5ba9fedd7effd3337f2e

SHA256
8f7741a5fc347d89cdad94c8e72f787ab96d1de6c3e8ca54cf09a7ef4e7e7912

SHA512
c2917ef0bee165251f71684b16fd9005e35e883a8f9a25cf2378123d4479157fc22bb931b53085cf0a66dc865bf982ff5b944f63df74c78a4d2ca6b5e8c380af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
4e98b507bbe3e6fb2f1a4de0b8f092f7

SHA1
e9d89f65eea3365f5c77b3081fe19549c83db67e

SHA256
b9d7ba766bd705bc4ae33bbcc5ec39311cef28e087c09ea76c1e0850206862c0

SHA512
64ca0c9a060d49c64c06f24a357becedb35553a3bc6af4a0ecf75d90938f59ef04a003b528959f974fb895a96c1b2d04edac6e6c60b4b4357c2cb845c4679d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
6d4ac69bf5733687e282853531d8391f

SHA1
608de642c87121618cc7aecc58c80f69893bb912

SHA256
42b96a553a18e1db642880bcb197d338e67b2b4a6807036d6c89687b4dcd4324

SHA512
2e5c830f9d8f53641cb7801e6e03e279b5795a1a77aa140956b0a50f612c3b6c9514bff7c327ee128eb2d55cb326aff48b8719fdd14c14884a2c1bcd6c17f3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
016597179a98b3a348a8bd9c6f9ed06f

SHA1
170fae2c64c7dda628c55ef4e2b03e27961b5e92

SHA256
09598f718aed7ecb070779c044be94fb8ab7c629c4b0eb169c840d8c98962f6e

SHA512
90e7a6b1b505f6fdd7399ea9d1bb0e1500789cb660b0ea461f6810064d5090e07d74f4dd68c719ae9397a40ebbd059adb1d80534cf280e147b8297e73538766b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
c43e31c1fbfd16e9286dc7537673c263

SHA1
6fcd5254cf43d917a1074c724dca277f235f9c31

SHA256
01430dee735d0d102897ba5164b4a57a49c4f16d160efa519357d760d6aa9051

SHA512
6d7e4f91e700172d32877a9607dd4b81b547481e473dbd86b946a61f928b9a0db662bd6029f5c2588f0885fd825b8200275044648ed53ccd957ceb57c8619ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72MTLAGL\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA[1].woff2

Filesize
22KB

MD5
2a4c97ec45ef9f6d47fb0e7cd47ae67c

SHA1
4b7c2b478c629a59e8a0abee34feba0654392c66

SHA256
7b43cb86a0e63bbb55376b4ea60d8cc9527a1421c367aa09962725e0c5140f5f

SHA512
749ce9fcc89b8d8a68be776243b81afeaa95ef709d1eaa6cb7810e7185ee189bba8ab03007502d4c0241ef81a9acdabff080a3ba83ae4e4d90ba7c399aeff9f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72MTLAGL\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuGKYAZ9hiA[1].woff2

Filesize
22KB

MD5
0bf7eadca131e06ec47943f8b4981f72

SHA1
d0be123f34a4a68107328c916f9421afe72560ea

SHA256
3022fadde78fd30c384797bcef8bebc18c96083527a850f62a58d8957a8b208f

SHA512
a748ad5d9edffbfd2992b96d225b45bdb23ade975edfe9cba2833ec41682e13ab7fac8efbff553fb97675bd8dbb6114bb61900a8353bdd5232bd630a881b36b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72MTLAGL\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyeAZ9hiA[1].woff2

Filesize
20KB

MD5
3e8055911b7872f6dd5c89d6e8bfb257

SHA1
81bb97925962acb2b07e314bdd1b1918307b4a6b

SHA256
427261e286680a3439632d5fbc64a86ffad5f5531efe68e188c858f8355ceb96

SHA512
6fb90d979f925295824f3cdbace9a161f4cbfa12bf795447cef1864a6bf6d27a7cd7279e87de35f9c85c0c50c42d3f7f434554e4faf635f6c93ee90ba205281c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72MTLAGL\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA[1].woff2

Filesize
21KB

MD5
73aaa95eab3115ea5a1e5c1cf16ea645

SHA1
2f00c608a688cd2b2e6ad37637726b0e081da1c7

SHA256
2301bb030a2bcaa9c763cc4771bd717aac16709c29eaba00673fcbe7cdf99a59

SHA512
687974f4b96baea3f1c7aa31bf779e631165d0c928a0d006576034477f6de591b446d2683296ff3a52bed9450c43d6284f1c660e860db23465fe499b9fc3a42f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72MTLAGL\ovo-glossy.webflow.865908f14[1].css

Filesize
139KB

MD5
865908f1462004cba14be4151a0ab55e

SHA1
00473633b4c33748fadc344476fcae96262116a7

SHA256
d358d74735a9197791bf8a89f764aa67a63aac115a6de5d168bb6cce320762ed

SHA512
d4b38730dd03ddb4e775b03ff71ce41bc6380585714e1a4415f4e7a300a32026d52a1838d2b6aa2f69d79a00ca1e00a7dd6786ae256dc8dc8d002e2246db79a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BQKARNO7\windowsdesktop-runtime-7.0.18-win-x64[1].exe

Filesize
5.9MB

MD5
2fdbffc35ebdca320ded2c92c3e01644

SHA1
8f5282c8b566d31be7970c07fffbce531e45515b

SHA256
7b75321a32e133c3a32b4c4d19e1dd9431c8362975a712c531458d365c74d8fb

SHA512
4c55f57683db5fd88f324a22a63c9d5d0c28ed3392e8de3d8b93a73775dc6e7a01f2b97b13fe8e841b7914edbb5aad5bdeb6d7172743aa6d83387a6931c7462b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GFQ4522N\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuI6fAZ9hiA[1].woff2

Filesize
22KB

MD5
96948ea7ac03e6e7bfb59c582357ea90

SHA1
218bd5602446de8f1a30bcc84da6f47b7b9d1f67

SHA256
eebf14aba456b89b7e899584e076588a92e422a45b37fb5fa36ce17519a3e8c5

SHA512
d1d6d460a4a7196dc6248105fed07950e5a3918d4c02698550b1ea99bd7e1b7126bda505d3f3b88145c0335337e7522c214beeb4ea47fdf660903bc3f4ae85cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GFQ4522N\jquery-3.5.1.min.dc5e7f18c8[1].js

Filesize
87KB

MD5
dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1
c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

SHA512
6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GFQ4522N\webflow.7dc28d4ee[1].js

Filesize
1.0MB

MD5
7dc28d4ee15c6e003ebede1006933ca9

SHA1
edf1022fd2a64c96379317ab96be10cb50eb2ee8

SHA256
f04931d91cd8921e5a0d4ac17d48930ecd0de58013026dd85ef285f1176455e0

SHA512
907914c60a0f82e72752029572dbae65adc9c19a7078abad1d7a51c5a9f7e3e671466b4dacb93e26d42966deb68b2b1c1fc3c6db6576cc8ee52d4cb02d7f5438

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GFQ4522N\webfont[1].js

Filesize
12KB

MD5
7c96a5f11d9741541d5e3c42ff6380d7

SHA1
d3fa2564c021cf730e58ffddb138cf6b57ed126e

SHA256
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

SHA512
23c162a2e268951729b580e5035ad6ca9969cfcc5ce58a220817b912e76b38be6c29c3ca7680cb4e8198863d95a72ea65bd06ff7189b5c8475e4c1ce501aeab1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7ZUJ4EQ\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuBWYAZ9hiA[1].woff2

Filesize
21KB

MD5
360288f2a48cc8bd09648ddec768f780

SHA1
17c06fee7dd92f4ef866b4caf6286879eb89acc6

SHA256
c67b5d31c8074814edc02b9dcda89f14a534540713c27b4637dd56a4692b4efc

SHA512
8236980b0e672cc87d573c975c084e1d6805b9b749e7393c0f5e60c51178d145f7bf3b1b77ebc7d8b1de226ea3cafb364b35630b7d3baffd447e66fb5ca3e2a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7ZUJ4EQ\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuDyYAZ9hiA[1].woff2

Filesize
22KB

MD5
9b96e5d17b9b517c40252bf4ea408121

SHA1
22c231dc86f5485897d65aaff10d8f1d0168da05

SHA256
03db2737c800eb405b5bb0223890a116eda19c56bd7fbe20b709308c767ef5f6

SHA512
872722a90c0dd373cd9566d4e5c4d649a5e893907eff46cbcdce1c8793ce36179b4fb477b16e87260e03486f491fafdfa6ce02fa2f24eab99bb1a23212d044d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7ZUJ4EQ\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuDyfAZ9hiA[1].woff2

Filesize
21KB

MD5
2a1938cd178e6f6fbda42817059bc3c8

SHA1
811c247d7e4229c2392e46fd84f5b129c2a91172

SHA256
63325fd509f01cee3990fa6d215537365b2e87f90b2ccbf2060bd46c382444c6

SHA512
6296596b1c8b07433fbab43aeac93c7a962494a500d230757a3ec9a88dfacbedb5a4a6cb3fd45237025885b4abf04e5f9423019581920cb5df4922ee9419e0ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7ZUJ4EQ\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuOKfAZ9hiA[1].woff2

Filesize
21KB

MD5
dbbd96470df8fd37d0f322fc66128bda

SHA1
0f05694cdc691e21cdb36d692eec48b3d5a50e12

SHA256
09eea703e2e860332003283cd9b21cabe959a765e0f5571e0bafbe22f2423c56

SHA512
fe3993c5d9c698a0689cfe6232e633ebff90706f8d559dd83e4b2fee904ce155bd1ab5612709aaead5ad873faa26e75b7ad5d18876f12467a15cce4761480792

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7ZUJ4EQ\css[1].css

Filesize
1KB

MD5
c68f17af05141f1cbb87119cf5d6d863

SHA1
d35b7ff978c6d34eae60f8cb841238dd6d672aea

SHA256
6d7bba88c9e5f9776c80669d14b1bdde21d4646d83cfe5f2b819b5f0862f76c3

SHA512
d91cce67cb2685f00d0d048f3f4c27ad918d34f448f74f5e4031efd018ad91f81b30f1a9bb908e5feb630459ae57861c78ec1f8cfc7985cdd6e3c304e29d3d57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\H2N83DQW\dotnet.microsoft[1].xml

Filesize
84B

MD5
4207a52e44cb532a9ffac789236b41ed

SHA1
3da55ca5ff6b252fb302b71e9ec401a4b4f855bf

SHA256
0abe88aac8a24dbd43f8a8a2b9a16ac9bbad6a399fd2090dd95421cc0edc5eae

SHA512
8393b43ff2511fc14d327246dd869808b0fa043b8ccb98aa398ff5aeb9930b2b7339632eb33b4361776bcde46007bdc176914e25a8c67b81d5e88747a531ea87

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\H2N83DQW\dotnet.microsoft[1].xml

Filesize
765B

MD5
5a2d89454651537cd2a0429e63056169

SHA1
1da1e60512ed0c633c228713ce37a471c5fbed06

SHA256
f4c0e58564fb346288c1c10c25ab1131b8d02b63c817e56804bcd9a3161789cb

SHA512
e7a118e86fc7ed454ade38f6a2466ed8ef77fd43601e323b75da22f54edfd11b2bd3236a0fdca665925916d3b205de7da3ce2f7b9d6c9c4a3ccc3e13dc6bf551

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\H2N83DQW\dotnet.microsoft[1].xml

Filesize
1KB

MD5
c331d5bfe4647d5e46cf28029b24ed49

SHA1
12f5db0edeab6b3d3b1ac8fc579d1517c8936ee8

SHA256
1ae972e49bf8cad59f69daf683ab6f8514b653db1a885613d51c3f2d318f10af

SHA512
1ddc149f55dad8f683e1759001cd646d1ae6008453ea1ddd9f2e66fc7c47d2e1c9c11c1e6b7e32e4945ad7da27e74d60dd599cbae1b2ee5fba67f161a5bb4419

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\H2N83DQW\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5N950JB9\android-icon-192x192[1].png

Filesize
14KB

MD5
ed46a7ccdddb0893ada7535c3924c3f4

SHA1
562c8354b302540427a85381bdb663c66aba3cbd

SHA256
a6717eaed7cb05dddfdc4803fd85ef5cf6a96e0cde11800961b6f713f460d302

SHA512
1c09226f03618f6d2da6ce430564d136c1620f53e8dd7779eecc55ce0e0b7fa8f8338b3f51ec51c4f59b65e7b01139ae9d545d5a3f1f15d43f0c4e90e417ab08

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5N950JB9\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O7QJEWUY\nezur_logo[1].png

Filesize
8KB

MD5
36759035852ca6f209645e707066b095

SHA1
13fad6edc525a388b1f081292d9733a8c846a8de

SHA256
cfdeb8034548f2f019dfe7ce607ebdbf998162989fc738f64cfc90e9457b6d98

SHA512
f1140d3e8cadc7e900360e2cfc2431f025fdd990e2e015349cf21c4fb82f67f34b6422ff4ad904048b186eb7e1fdea9aa1dbd8fa5a367abbd46eefb55a096bf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U2P3OKWV\nds1[1].png

Filesize
49KB

MD5
02c982265e63c204b11d8143af1da94c

SHA1
39b0a164762edbe222cebfde0b7a15dfb6189749

SHA256
655a0545fb2a1e573f9aa3f0d18b79ebbdc5f268492124f2de67016261b2b359

SHA512
e44aaa2cd6bd9747558fbc0f5060cf2ca3806f180fd7c41aa71e76bf8eb0a9898ec61705af0b1210442fda0b5bf750d8dad5bccafe8f5f2cd1efe3199f581b7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UVG95ZB5\favicon[1].htm

Filesize
44KB

MD5
dc5f589ff200d91a903cd75fad4acb56

SHA1
9ff22d9259706a7d2fd808384e0f8d5a901a6580

SHA256
bcec3ce349452638e0590c9d11034c76cd5d66f7c51780e46694b8982db99ce4

SHA512
2b8b31d603339d658d3ebca30b1c90f74bd5f75fdf4c46734dd82d56e3081ed21a2a65e4921cf29656316cad27907e5a1db450d49c0df98eea9ae0c1949d3c42

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UVG95ZB5\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
77e88b0d8927b01c51d6ab8e4a001263

SHA1
c6117641e02b3fc75ecaf05771222ce7f96d31ee

SHA256
4987650c4ff87b1d59f8939a63705b0a308b2700aa94a930234da0e5f38b0fb0

SHA512
77c366efa05257fb9d4f0657fe9861916e4534f68f0549645f6c3062b542f7e0ae18b0d96a58b68e9bba8aee46407c78b53ff6bb2314ae5ebe7e4059f5b68d4f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\avw9kth\imagestore.dat

Filesize
75KB

MD5
070069131f1e7bfb1d73b160473eeab6

SHA1
4e3ad70f72791ee570cef060c89d87c1b9b39302

SHA256
6108b949b7abae33d147d6aa32754aca254e478599da1a9e356b6e78a38a4cd7

SHA512
f51e040632a8edddc99b842efc3f0b3291be817a45b64bb2ebbbdbd5a12271cd8337c3e026de0b3a0bdeaee5a18ee2d42be39252170df9f89b338a059112abd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF60272DE37F475E1.TMP

Filesize
16KB

MD5
197f57b09183e976e72d8d5c6af6ad2f

SHA1
7c902b0fb97efbe7c89f57eae06f26a6d6d1f89d

SHA256
5ef51a0998b8fb0ffd9532783e25732b081ccf6fcbadb0a470c4014f7721cd07

SHA512
190ea5883d35fbb73a34a82a1399c7ffc5875b2141cc1db449b61b08793efc2b67fbdb6ce2c9c1c6eb1c4e38677196298b42f3efe85fb4ddf5808fc750e1ff51

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72MTLAGL\bootstrap-custom.min[1].css

Filesize
232KB

MD5
b35590e4d3bf1b0b2bf9b986c30a7183

SHA1
fde573711c2c27e6c2824e3f3ae1bf6e3d216330

SHA256
1dc203879fb2076f320b714edd1d9d83f605ad9c50d341d4dc695f821586f96b

SHA512
2d2a6bf3828d402c66215977220643c0c6dadd55216c41951e9e71147e87f3df3562576cbc384b5c6bca8aca1f90d49f2cd5ae2a9c10c4dc057847bcf8f743ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BQKARNO7\cookie-consent.min[1].js

Filesize
2KB

MD5
2ad93f6c4dd71b579f187d1463457ee4

SHA1
55720a32d32781f421f8a2c70c424a69e2fa7c21

SHA256
d2d1b9863e393a6a8ac95617470d67f7d21044004e4f08d7cd65e480a05204a8

SHA512
1cc6445bbd18951ce30ca48fece2560a3d15e8176abf91a54a1819ad28fbb2fbf28d30ef9d08ac83fb1f3bfffe9178c07642bdeee056f202b8dbd6e5b71b4305

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GFQ4522N\ms.analytics-web-4.min[1].js

Filesize
151KB

MD5
4c9618b14a5860b407b2c227a12cd904

SHA1
437d3daf293fa8643b315c98e44a41fa96042962

SHA256
73fb43b1564bb12ec80d30b5f17bf924a7ad2c8f48742b7af05474efc656e481

SHA512
dbdf67c618d5f74b36652e25b5c1889c8f8eac1b11808dfaf3af963bb3c290665949e99e78d5ee0755d9ba867cfca28dae6c7dfe9433200803c411b1c5fbb72e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GFQ4522N\windowsdesktop-runtime-7.0.18-win-x64[1].exe

Filesize
32KB

MD5
a86e12512f0b5c89ce9ef6bbddcf58ea

SHA1
906c186ca5d4b9baf595b405f609029e77d757ec

SHA256
219d1d323da91ec6ffd6c380a7b669ecd5a4468b038197fd425d9d1ffd643b47

SHA512
181f27d8041cb701ce07b10d3c93cb649274e8430ea8710dfd7bd175ad9693eb959d8b0b603ce15c004f04a418c06a005965d22c83d96cfb44530db2572d499a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W7ZUJ4EQ\7a-c9e644[1].css

Filesize
167KB

MD5
b7af9fb8eb3f12d3baa37641537bedc2

SHA1
a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

SHA256
928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

SHA512
1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
91020d1b6327ff84c52d5e2aa2450a77

SHA1
fc3f903f4dbdc923c7e2b51eda0afb77da8e9202

SHA256
67839b26b0a8ca09e763e5b1c5d827a7940d16ba396e02d24770b9511f457fcd

SHA512
cc5df9229ba9c6c550c2c933b6e56bef908072aec5f5493f6ddd20f0f92a2dbb0b2c28eec95c13ed6472ab760fc6d35966573aa940bbc9a2db8a84c14b214627

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
eaeabbe2ec4eb2ab27de022311b9796b

SHA1
2596cf1bc4782a2e9c12089bbf1e6602f4cef65d

SHA256
e860343a7ab2f4cea4a68acb776bfda82b177e40c32b5d3f3d81077f9203ddcd

SHA512
d8830008e29c16a86ded14dd2e2ea68ded807bcbee9fdca92f1b1e9514f0d759c800ceaf45e06c7aa3c2061a7004fd9719a0836637df2f22a069d081e9f3abbe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
6bb09137c6cc863a4eb57c0298f97cc9

SHA1
f3b8661ecaf918b696aee1d96df1c411b03657d0

SHA256
2b6d1db5067ca670e4f1980e5e4cefbc3365ef1fda298e205c256c74f2b4b005

SHA512
1025fa40331b0df018a354ab4d1a5bae6db9a775277a7a7b8abba949a5a465c4a542e05632a2f952d3d8b9f73a0ea01389d024451c2868663a2543066f4f35aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
4039e266c2f77e9d80b655c6cb921590

SHA1
048b5a3337f47f929bcfe784fc4cdb49aedb1a7d

SHA256
3e2efbb3113ad0f758f40c78da72fc18c55e1dabe78a1b4538fcf242ad608c94

SHA512
d29e5ddd227dac20cb0996273f62f0eddecef4e22a5fbdfe005765284ee83316c3068361991dd7a81ba834c04434ac36e2ed4219eb3dfb60d0a9173c7e893e47

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
fa49fbe9a47ef695f79c32da4da002a1

SHA1
ce789e115aac1f466f231934a5939239d42f3ee6

SHA256
faf0d2a3add6e584bc794fabc5f88c8a00abe5e852f82e388324cd5e0ca6271c

SHA512
615a834bc8f3bbfc491d8204c52f85eebb010d683a434945596afc23eaf539aeb295126d540541e7f9a2cd35924f0e86acf7052c58a1fd1d71ebd7c6d64b25c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
8e544ec6a09937bf7d94c149533195ed

SHA1
385fb00c7d30705ecbaa04b4a3bec6d1c4983b0c

SHA256
e26cf2edac96f75ccbffc10f55a4474adb74d9cb34cf706c5c0de174decf434e

SHA512
411f3cbe458c956eff1c213256c48a6eaf6ca6d2d8a9f3c903b8c4d168f2a838e77c3d689ba50d3cba4d848b2dd9e875b17fbb9fd598bd00efb53cfce360c6e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
3546e7443129a29a6592a422fbf50d8a

SHA1
a7826802589e7bd438ecc53ca41b714cd07e8385

SHA256
a61d9df74403b1fba6903073fba5d2dc70a4046cab6dc30732281cd72f3eefd6

SHA512
bc5ef23352d45c6734050b61ca5fc2bca27e41dbdf259ca1725379e1f0facbd1d6a2e4ed38450c77573bc0db860a2739ca497b6356594df79b8a5342a6c714ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
ca314c5d2f1183d55437b647169f4a4e

SHA1
688174986c75ea8ab6e923deb6dd4850dbc438fc

SHA256
4108687fa5327ce58627fde00c37a910152dca32351fc4f71a829d9f4e09440d

SHA512
154bc98687bccaec506b2aa335d8e21f606ae382fbd2867a260270c9fe5d6ce0c8e2a065187145a4f5815cc0f3446c28066a46df92b87a346a71ff17f3ef71d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
121eccc2b6acf56ddd122da742b0a547

SHA1
89ffa9fd1580c51ef0a8f1721f79ba7bc23b6f02

SHA256
f73c6754dadfe63562b1a5f3a8b745179a2bdf040ab6d2767040bef27e0542ca

SHA512
683f4b3c04801ca5039b402ab76b60a92aa062ee54a35fbd02b573e4a85b71fb67a468bf85bd20751f3c68a8418a44a19a32af779403406f2bd5b6746a4da641

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
a9be9850fe8d51c830235842ed4229f9

SHA1
312bfeebd3c9006c2b72197fbc3f4b206af5f0a8

SHA256
52b71fa82888f50d065cb67de989886a7db3671dcf5fea705b895d9fa75b3dc4

SHA512
ea3ddb8e7dbcd1bd321c0cd31956bfc6eb165549e047bc4595b78fae085e577bb87b24224c56b77b58ac7d190c77ccdb0c4bf69fb24c152962aa5d62ae30b274

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

Filesize
2.0MB

MD5
2c6929d3c377149af337d555d5bcdf93

SHA1
4985a4e0c504bc9f3695513895edd4192317bcc9

SHA256
4c60e271cac37e11e5a29e9f4929df0e759091482e33daaa7d0e3b9962f31469

SHA512
fe4e10f6d9ddad7e65784b897a6c839146df04969d8554943d60726ff8fe3505a2c065cbebb69bbd103c49766417bdd4975ec2461e5b1eb5e6ba5c3d1c5dbe5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

Filesize
16KB

MD5
424c73c1106b857c88ca7ec10a0c4677

SHA1
9e2fed7066e88557863df23d5dd0cb43ada91f8d

SHA256
f788b662dc704ce262d374358fd995060e7b53f94f10d7d4c842bc50477507e0

SHA512
6452ce18b503bae812632440e3eb7b6e0e3822609455d2b3e38679dc1296cbecb8c5e83a8e14a4af14c58cd073f9a9e866a9e93c357b1112414d76e8eb300e99

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{FCEC5ECC-57BE-4039-9988-6F063D4D7970}.dat

Filesize
4KB

MD5
7f41e81a8c8f7a7ba452c14294cc2974

SHA1
e5c98b56ebc4e13a0c16cfa660b690b36a89a079

SHA256
931c9900219c0e85d9652dbf000b06b1c97ecf6ba1c6fcb06cf793d06496a713

SHA512
ba90d0735d583cc379fcdea0c9aeb8d2f5285ecdfe22a43ea87e15a4ba8faf7e60293e128a16baab7d94c2d69f3769cbd63774fa3447b38b64e2c07c501a08e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{D6AFBF0F-DB66-4C82-A9DD-8C14D4119A8D}.dat

Filesize
6KB

MD5
bd6b06f2563dab24f5e15b019c93ada5

SHA1
c6f240a73e2b5451c517964a82c5b9979e15a6d7

SHA256
3a441ce39a6d7a4dbf468170afb1a3a9b928374404799ecde710583d76fb7747

SHA512
745f31536d179f50f3973d18f2b552d8abf34eb0a451b83f6757aa60546fe635b98cdd673007ff6a84accced839714007febce9decdad6373b37d3c08c779caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCWC508.xml

Filesize
752B

MD5
558f0ee7250c7c3684eec0292ebfc5d4

SHA1
4606acadf016f1443e19e77332a939c868dbc059

SHA256
f3cd50d6696314e73b2c21a67544288b5d29cf5297469ec279e2b297174e64b0

SHA512
3a53aef1cf64420812fc54eee547c6a977306f5f1db0fa0e1cc090bfd7c9be68eaef2483dd41007f567dab7011fbf5f3b98f2b1ff9b0593b02df8fa1a1a2a089

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESC8A2.tmp

Filesize
1KB

MD5
40a53754a3813eb02236d5cae697ede7

SHA1
f02b99d219de87aff963675184647ceef2944da2

SHA256
a296ebb3ac99ab278cd47f37cb41f35f576c5f564a35bb81406e2e91969650d7

SHA512
969aea14a42de9435bd670bd8cbc663234c992c4e5b7811014867bb93891fe8283e9d32bb568f70deca74dc162f669f85686783b8728244aadcf09565965f4ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESC91F.tmp

Filesize
1KB

MD5
ca08605d4e3fa307085b07ba55c08530

SHA1
11f2bd125f63ecab278d394388ed96f12b2564ce

SHA256
7c5f52ac1d73cc7e02a9e09811ab0c206e393cd7808e6e23873d571a848cf666

SHA512
d42b6b9fa0fa87220dd8eb7b587d54c8bfe1a0d455c6da4407dda8e08015675f546342ce77d1889ae334984549ff56509a35e7c30c038a6234c4eef51afb457e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESCDC2.tmp

Filesize
1KB

MD5
d8405b4086435d053d4c4919b5155cad

SHA1
a66c1aa3814ac4e0c884753552404414a2a8e02f

SHA256
282de7672fa75a7e221512a7547fd81b74a531559a8d3e12ad3861e1673bae6c

SHA512
81b2ceeac41392b0aa996579b7ba77059e4c7d06c9a48b00f8f68520c735e162d4ddc68202a8a912ffed5fc02f576c44d84d3be4c4dac830c7649564c2b7d8a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gtmtwn04.pkn.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mqhk4vxb\mqhk4vxb.dll

Filesize
3KB

MD5
144a1d00d769ed492e8a5dea761d93ae

SHA1
0b1f0b19cf83eed966e8f6388c78c426988020a9

SHA256
2d891114f8ac14a378522404d94509a66e51fecc6e021438639eb82a16806ff4

SHA512
d094532041ff7b23962b1b0ae1afc40a1818f5e893774588911bc8ea3400d13df27486938cb51b91dc6661349fbd3d69f1f995ec2d5f917278c09687bc09935d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wg3njafq\wg3njafq.dll

Filesize
6KB

MD5
ca327378dbfae058992c4fc355bbaa9b

SHA1
cf515866aa1bb24aca503cca2bce14a203a18bfc

SHA256
f49325bb587106772a599caf8e859baba964c46a1de3c25ba40efc353a20748b

SHA512
eb1accd230ff9c45c33e912ef5332b3f336b83188249bff44911a2aa398ff4413bc5d275fd63058191f56a9cc36333171fb09dc7f6af58b981e5edb7576c1f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\zrvckbsy\zrvckbsy.dll

Filesize
5KB

MD5
9424fa01af12623033672c1e306fe727

SHA1
0c96e26fd73c93e4f4e9396189af14132f98a108

SHA256
ea1c43bc9f9e08cb3241c28a3949bff7350dfa3a619671eb55d5be7812e46ea1

SHA512
9b4624c05c311940ad7547255a1d0c134b46ab51330e173094ed3ba35d2103428443da5fa54664c80544408255e9370ba36bd467d48fe10abc1ef8c17e53bbf0

Download Submit
C:\Users\Admin\Desktop\Nezur_Loader\Logs\Crashlog-9-55-37 PM.txt

Filesize
3KB

MD5
71d3a2e4ea672320ba9c2689be4f4dcc

SHA1
dadef140957afdea7c81a068096e27245e715e95

SHA256
85838d27bd3c4ee794c58ae5dd924ab7cc817a29d613188aa9b44131e3346774

SHA512
72604eef32837bbe424b8736f48926a41a0a35c62c7512fe0a7ee537aafa8e31eb68516338276d91b33f8e05eb497eebdc285c3195a68b37ff4afa91a3fbe54e

Download Submit
C:\Windows\Installer\MSIA192.tmp

Filesize
244KB

MD5
c0777f5c9995b8c0b08ed33cee7e1008

SHA1
12f08bb8febedb3f16b22bf94bc47c5c3910a477

SHA256
cf531f10cb410f4825bab4fd4b15df8e02cb9a18505a3a3b05c4c2f4ccaf90d3

SHA512
a3478bc42730169abcb7635f1f73bc8b1a639fe2094c7e3866d8321b6efdf0740f8867dccdd5fb1b12f73b8e89a51758280ab9c3d184d36a7b86f3f91ac9dc0a

Download Submit
C:\Windows\Installer\e5e9230.msi

Filesize
26.0MB

MD5
bcff68aab793ccaef1f80452d502b33a

SHA1
ae5306eb483ada5793711b3ea6cccb31f3afbffc

SHA256
891f48ddd30f92f01b7f45a6f5832525d65cbdcb21e55ff7b964d5aca93efcb5

SHA512
77d096716a580356e924c6f18c0838340a0242282a03d5dce00037cb3a9c22afe6236260adad0f3f3cf2b1dddf7d5d75b63258ffefed5b2eded601607396ff42

Download Submit
C:\Windows\Installer\e5e9231.msi

Filesize
856KB

MD5
6743e1a34af2252177f734579924aae8

SHA1
1fc41a87f2856f9d7baa4b530f794263c04c0174

SHA256
e39e496398ebb08b7ccd51d6e785549db9ecddaba35fc620998f0dc10c38493a

SHA512
51409d3001dd6f1321e57cc26c73b4d01e176b418847261ba4a9f305ea236a64ab4ba38014efa2374843e231fc59582a0d13ad69598e9061e1063d548ef640e6

Download Submit
C:\Windows\Installer\e5e923f.msi

Filesize
28.6MB

MD5
0e8b1352ef049507ff80d4a96b69769c

SHA1
5dc6a397f187205c8b28427b03eafbd0038e2584

SHA256
15609660284b2ee867ab6ccb75d0a446820ee23e962fa56174c5904d1e2b18a5

SHA512
ccc9abb7fb611688168bb381c2ea98aad6c83eea17fd87d1010080f7afb823c04e8af79be04e3d3f9d707450ea32deb6c1cd851ee116d13e88aa18ac27db9c73

Download Submit
C:\Windows\TEMP\SDIAG_c76fe4ab-a7fd-455a-a4ce-76e62895078a\RS_ProgramCompatibilityWizard.ps1

Filesize
41KB

MD5
a49550a947238f4e23a81f8c765da712

SHA1
0c3daf73301d87c958d7f4f840bf060d87312d8d

SHA256
baf71bcc730ab740670653283eb97a6991af6d52bc82ad83dcc66e9ce9a9dd68

SHA512
3f0cb6e664bd7a998f81b783abaf37dc68ea55360ab021611c2336999b4b61bf6797ba9c427ad93b60c6382cb016c2f8474bc3fce0af85c823583be1d3013f02

Download Submit
C:\Windows\TEMP\SDIAG_c76fe4ab-a7fd-455a-a4ce-76e62895078a\TS_ProgramCompatibilityWizard.ps1

Filesize
16KB

MD5
2c245de268793272c235165679bf2a22

SHA1
5f31f80468f992b84e491c9ac752f7ac286e3175

SHA256
4a6e9f400c72abc5b00d8b67ea36c06e3bc43ba9468fe748aebd704947ba66a0

SHA512
aaecb935c9b4c27021977f211441ff76c71ba9740035ec439e9477ae707109ca5247ea776e2e65159dcc500b0b4324f3733e1dfb05cef10a39bb11776f74f03c

Download Submit
C:\Windows\TEMP\SDIAG_c76fe4ab-a7fd-455a-a4ce-76e62895078a\en-US\CL_LocalizationData.psd1

Filesize
6KB

MD5
5202c2aaa0bbfbcbdc51e271e059b066

SHA1
3f6a9ffb0455edc6a7e4170b54def16fd6e09a28

SHA256
7fd5c0595d76d6dec1fcbace5bbcd8ff531d5acf97e53234c0008ff5a89d20e2

SHA512
77500b97fcd6fe985962f8430f97627fedcf5af72d73d5e2b03e130bca1b6b552971b569be5fca5c9ece75ab92c2e4be416d67a0f24d3830d9579e5f96103ac9

Download Submit
C:\Windows\Temp\SDIAG_c76fe4ab-a7fd-455a-a4ce-76e62895078a\DiagPackage.dll

Filesize
65KB

MD5
e99b38cf7f4a92fc8b1075f5d573049d

SHA1
406004e7acd41b3a10daae89f886ef8b13b27c32

SHA256
812ebb05968818932d82e79422f6fd6c510fd1b14d20634e339c61faeb24b142

SHA512
5637e6e949c24dca3b607b4f8b5745e0bb557e746fc17eff1274af36d52d5d7576723f4cd055fcf8fcf9fd267254e6d7fbb53cc173a15d3dfd3cce2015ac757d

Download Submit
C:\Windows\Temp\SDIAG_c76fe4ab-a7fd-455a-a4ce-76e62895078a\en-US\DiagPackage.dll.mui

Filesize
11KB

MD5
65e3646b166a1d5ab26f3ac69f3bf020

SHA1
4ef5e7d7e6b3571fc83622ee44102b2c3da937ff

SHA256
96425923a54215ca9cdbe488696be56e67980829913edb8b4c8205db0ba33760

SHA512
a3782bfa3baf4c8151883fe49a184f4b2cba77c215921b6ce334048aee721b5949e8832438a7a0d65df6b3cbd6a8232ab17a7ad293c5e48b04c29683b34ecee2

Download Submit
C:\Windows\Temp\{09562C48-0350-40CD-8EEA-F23CFE6770FD}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{09562C48-0350-40CD-8EEA-F23CFE6770FD}\.be\windowsdesktop-runtime-7.0.18-win-x64.exe

Filesize
635KB

MD5
873e39e876a0eb8a33eb28479ad956d3

SHA1
9ca0edb08b65717b82f7bc8a90c58032bb51683a

SHA256
a1017dafb5a0b6c6c1b2e1c0f79e0a2cb44493a82e490e4cb08f9362eab41a2c

SHA512
f193c7dc5ef3c99d4298294a366dbca8f6c1f667a661adf9f293b286b75a7123f7dbaafe96e324da1b908c9204d462c6e7c8bfc4e41c67dfd2618c55b83c33e8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mqhk4vxb\CSCF4BC922B8CA54D8299FE1E41A4238BF4.TMP

Filesize
652B

MD5
890dd1b3aa1f49a68b906edc11411611

SHA1
fdbb7772e3aac8c0a17fa78be9e6c1bcedbcdadd

SHA256
100772d87f62a56e9b2a6fdc38e587c77c692a2abc377eb8fe1adc3c807d4a97

SHA512
95a5f6971293c7f4277a5b117e7dc6b5d98712a92eb6568338a53f19d55f469a1aff43019708e4ef46b0854129011104f365e1c2cb16a52dbb968155ee2c87a4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mqhk4vxb\mqhk4vxb.0.cs

Filesize
791B

MD5
3880de647b10555a534f34d5071fe461

SHA1
38b108ee6ea0f177b5dd52343e2ed74ca6134ca1

SHA256
f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e

SHA512
2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mqhk4vxb\mqhk4vxb.cmdline

Filesize
356B

MD5
9d5326463eaa9b99165030e4eebf5504

SHA1
0e8e5e2631d64c0107c6dec6b929d19948eed711

SHA256
9173f22090b25cf04c1107cc8c4addc1164f6fec1bbee481518b0c5fcaddba57

SHA512
0b95444616feafb3611f2fead10f1a862c9ed3795e6bc1a1f099087961ac525a4a69342e9ca8f42e7f6fe80f38a551904fdcde9f00eccebe6008d2c7e6aba96d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wg3njafq\CSCD427E004F41B405095E9F6D960FBD613.TMP

Filesize
652B

MD5
74d318e7256d48dfa90cbc6c06ee5933

SHA1
a520b5c9b39eff130ab742becd99b94eea525eeb

SHA256
35baa170266cb8bfaef0a0d5ff828ac5c80cbd9280ea91f5cd88444f8e067cbf

SHA512
264588a1b847d682cea7a819eada039c920fc3b6c016637d194ee2369951a046134029965d69df9578e4aae46ca5a6e1803ba94271203e77aee720097c791e71

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wg3njafq\wg3njafq.0.cs

Filesize
7KB

MD5
a6a5eb65b434fd6612543820a3e623f0

SHA1
a2034ad0126c821a52d46d7c8289f136bde963c7

SHA256
5e06c62640983f93e9ec11fecd221c238f537cf110f03a61049a25eb6030c02c

SHA512
0bcd9e7662731750f90510fa9f3f83afaa688636f0e312343ed05b420e4d3311d25b08370a705e2e43b0b4619541e0af9f213b27845b4e95155180ecf989d483

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\wg3njafq\wg3njafq.cmdline

Filesize
356B

MD5
20ae0e9756a0931fa8ca6e4f187ee900

SHA1
2a608e6320d7fe33ad123dd4bb1f100a5098a1bd

SHA256
7a9883b035ba60d2811d7553dec24367ce47a6d5083d10988feb97a93dfcd4e3

SHA512
f8c8968c6f502b078922a2923652dc94644c67ab3c1f6377d095817b2241dac77ddbd7069ae6dc9916ffa5e6e1be4b2adb70e9849a642fe7e8fa3c2cd98e0a8a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zrvckbsy\CSCB6E6F98B5584AF1ACF8949756608767.TMP

Filesize
652B

MD5
fe350bd428d807637b5601f60b37beea

SHA1
5a2a5a435b75571854662e960cdcac800bb43a1d

SHA256
459d5f34c6171c687a50a5f1033c098754860e4ca34b3f7891b9712f031bcef9

SHA512
9607aaa8540abf14ff55f4f5dd4d4661c1fa3916b43209435e823c4296f4ec9bd736d0641d4d618aa8061adcf09080c360bb377b3404b6da1ab38dbfe02cee65

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zrvckbsy\zrvckbsy.0.cs

Filesize
5KB

MD5
26294ce6366662ebde6319c51362d56c

SHA1
c571c0ffa13e644eed87523cbd445f4afb1983d1

SHA256
685699daafafa281093b5c368c4d92715949fc300b182d234e800e613be5d8dc

SHA512
bc91bb591368bc511ca5169b3c23cd69a163eeb77f0d7a083fe09cc6aa15d7044a24f95811fa1518f44368dffda6d346f44e1568e7a5373a6450a63ae31883ee

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zrvckbsy\zrvckbsy.cmdline

Filesize
356B

MD5
fce51e64a7e7594cdd9fad613d3bab03

SHA1
4d9650fb222dc8e432ea3fe6b6953aeb2b1bf438

SHA256
a34fd46faf57e2de636b851fc38b1f954652f0d8cb7bcf2625c22d9d56b4dac6

SHA512
cfeed27070161ac5a1ea426b97c6c9e87d5683ff61a654301645bd1ce5bf443e9d50ea84201a73ba95b52e9597e8414478d4c5422673e2dde6a039c7a6181463

Download Submit
memory/1384-793-0x000001E789B30000-0x000001E789B40000-memory.dmp

Filesize
64KB

Download
memory/1384-808-0x000001E789C20000-0x000001E789C30000-memory.dmp

Filesize
64KB

Download
memory/1384-1342-0x000001E786FF0000-0x000001E786FF1000-memory.dmp

Filesize
4KB

Download
memory/1384-827-0x000001E786DF0000-0x000001E786DF2000-memory.dmp

Filesize
8KB

Download
memory/1384-1339-0x000001E78DE20000-0x000001E78DE22000-memory.dmp

Filesize
8KB

Download
memory/1384-1346-0x000001E786DE0000-0x000001E786DE1000-memory.dmp

Filesize
4KB

Download
memory/3132-1082-0x00000278BCEC0000-0x00000278BCEE0000-memory.dmp

Filesize
128KB

Download
memory/3132-959-0x00000278BBEE0000-0x00000278BBEE2000-memory.dmp

Filesize
8KB

Download
memory/3132-1170-0x00000278BD040000-0x00000278BD060000-memory.dmp

Filesize
128KB

Download
memory/3132-1158-0x00000278B7210000-0x00000278B7212000-memory.dmp

Filesize
8KB

Download
memory/3132-1080-0x00000278BCEC0000-0x00000278BCEE0000-memory.dmp

Filesize
128KB

Download
memory/3132-846-0x00000278A5C00000-0x00000278A5C02000-memory.dmp

Filesize
8KB

Download
memory/3132-1051-0x00000278BD900000-0x00000278BDA00000-memory.dmp

Filesize
1024KB

Download
memory/3132-1012-0x00000278A60A0000-0x00000278A61A0000-memory.dmp

Filesize
1024KB

Download
memory/3132-987-0x00000278A5890000-0x00000278A5892000-memory.dmp

Filesize
8KB

Download
memory/3132-955-0x00000278BBEB0000-0x00000278BBEB2000-memory.dmp

Filesize
8KB

Download
memory/3132-957-0x00000278BBEC0000-0x00000278BBEC2000-memory.dmp

Filesize
8KB

Download
memory/3132-849-0x00000278A5C30000-0x00000278A5C32000-memory.dmp

Filesize
8KB

Download
memory/3132-953-0x00000278BBE90000-0x00000278BBE92000-memory.dmp

Filesize
8KB

Download
memory/3132-951-0x00000278B7FE0000-0x00000278B7FE2000-memory.dmp

Filesize
8KB

Download
memory/3132-949-0x00000278B7FC0000-0x00000278B7FC2000-memory.dmp

Filesize
8KB

Download
memory/3132-855-0x00000278A60A0000-0x00000278A61A0000-memory.dmp

Filesize
1024KB

Download
memory/3132-851-0x00000278A5C50000-0x00000278A5C52000-memory.dmp

Filesize
8KB

Download
memory/4296-1488-0x000001894D380000-0x000001894D3A2000-memory.dmp

Filesize
136KB

Download
memory/4296-1567-0x000001894D960000-0x000001894D968000-memory.dmp

Filesize
32KB

Download
memory/4296-1489-0x000001894D560000-0x000001894D5D6000-memory.dmp

Filesize
472KB

Download
memory/4296-1519-0x000001894D370000-0x000001894D378000-memory.dmp

Filesize
32KB

Download
memory/4296-1533-0x000001894D4E0000-0x000001894D4E8000-memory.dmp

Filesize
32KB

Download
memory/4996-837-0x0000014FA0640000-0x0000014FA0740000-memory.dmp

Filesize
1024KB

Download