Analysis Overview
SHA256
8670668e7b410f649ae2615b353d0fe3921fb29a1f6c74e9889965340265ea15
Threat Level: Known bad
The file New folder (4).rar was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Checks computer location settings
Drops startup file
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Enumerates physical storage devices
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Modifies registry class
Creates scheduled task(s)
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-09 14:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 14:57
Reported
2024-06-09 14:57
Platform
win7-20240221-en
Max time kernel
0s
Max time network
2s
Command Line
Signatures
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 2760 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 1724 wrote to memory of 2760 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
| PID 1724 wrote to memory of 2760 | N/A | C:\Windows\system32\cmd.exe | C:\Program Files\7-Zip\7zFM.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New folder (4).rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\New folder (4).rar"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 14:57
Reported
2024-06-09 15:08
Platform
win10v2004-20240226-en
Max time kernel
627s
Max time network
636s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\New folder (4)\Nexus Release V1.6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dllhost.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\AppData\Local\Temp\dllhost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\AppData\Local\Temp\dllhost.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" | C:\Users\Admin\AppData\Local\Temp\dllhost.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6D6F31C7-E278-493C-969A-B0F6F0789B66} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "3" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 6600310000000000c958257810004e4557464f4c7e3100004e0009000400efbec9583b77c95825782e00000000050000000006000000000000000000000000000000a81614004e0065007700200066006f006c006400650072002000280035002900000018000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "4" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 6600310000000000c958187710004e4557464f4c7e3100004e0009000400efbec9583977c95842772e0000002be30100000002000000000000000000000000000000216a00004e0065007700200066006f006c006400650072002000280034002900000018000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dllhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New folder (4).rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\New folder (4).rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe
"C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe"
C:\Users\Admin\Desktop\New folder (4)\Nexus Release V1.6.exe
"C:\Users\Admin\Desktop\New folder (4)\Nexus Release V1.6.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHoAbgByACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAHAAcwBwACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcATQB1AHMAdAAgAGIAZQAgAHIAdQBuACAAYQBzACAAYQBkAG0AaQBuACAAZgBvAHIAIABzAGMAcgBpAHAAdABzACAAdABvACAAcAByAG8AcABlAHIAbAB5ACAAZQB4AGUAYwB1AHQAZQAnACwAJwAnACwAJwBPAEsAJwAsACcAVwBhAHIAbgBpAG4AZwAnACkAPAAjAHgAawBsACMAPgA="
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGYAcAB3ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGUAYQB4ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAG0AagBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGQAZABrACMAPgA="
C:\Users\Admin\AppData\Local\Temp\dllhost.exe
"C:\Users\Admin\AppData\Local\Temp\dllhost.exe"
C:\Users\Admin\AppData\Local\Temp\Nexus Release.exe
"C:\Users\Admin\AppData\Local\Temp\Nexus Release.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\nexus.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3552_133624187967746246\nexusloader.exe
"C:\Users\Admin\AppData\Local\Temp\Nexus Release.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\dllhost.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM firefox.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM vivaldi.exe
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe
"C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diel.exe"
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diec.exe
"C:\Users\Admin\Desktop\New folder (4)\New folder (5)\diec.exe"
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe
"C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe"
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x420
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virustotal.com/gui/file/97d5fc7aa91b287c1da40b530490ba7f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x2d4,0x7ffae13a2e98,0x7ffae13a2ea4,0x7ffae13a2eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2416 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2720 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3360 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3400 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3872 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5176 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4272 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5512 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5484 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3440 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5844 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Nexus Release V1.6.exe.Info.txt
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5572 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5556 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6528 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6528 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6252 --field-trial-handle=2288,i,2426006449170487497,8036845414389911708,262144 --variations-seed-version /prefetch:8
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| FR | 142.250.201.170:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.141.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | u.cubeupload.com | udp |
| US | 104.21.9.180:443 | u.cubeupload.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.9.21.104.in-addr.arpa | udp |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| US | 8.8.8.8:53 | 69.241.92.91.in-addr.arpa | udp |
| NL | 91.92.241.69:5555 | tcp | |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| FR | 172.217.20.195:443 | update.googleapis.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| FR | 172.217.20.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| FR | 142.250.201.163:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| FR | 142.250.201.163:443 | recaptcha.net | tcp |
| FR | 142.250.201.163:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.201.163:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
Files
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\die.exe
| MD5 | 3f3aa6f3a62d1004049d900eaedd9133 |
| SHA1 | 507502edfbac03cc20e48917f94693de2be88637 |
| SHA256 | f6a6f44b119d355406d266e797d524dc7fd01bcf3d088642165501e28302ba94 |
| SHA512 | 723bef5e1b1d0242125b44106825e5bde517262400e28758f3962d63fa7ac9ae629beacf907854346dc4b1c5f006b22002d45a787d214baf450388689e862e35 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\Qt5Network.dll
| MD5 | 3569693d5bae82854de1d88f86c33184 |
| SHA1 | 1a6084acfd2aa4d32cedfb7d9023f60eb14e1771 |
| SHA256 | 4ef341ae9302e793878020f0740b09b0f31cb380408a697f75c69fdbd20fc7a1 |
| SHA512 | e5eff4a79e1bdae28a6ca0da116245a9919023560750fc4a087cdcd0ab969c2f0eeec63bbec2cd5222d6824a01dd27d2a8e6684a48202ea733f9bb2fab048b32 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\msvcp140_1.dll
| MD5 | c060bb176a671f068362db2673a08c5e |
| SHA1 | 1d6b4ae5e778f1daf3573d4817777a51c35cbac4 |
| SHA256 | 768e0829decea713afb35a7de07e276f051581c8ff2c17e1bae9b07dd1445dd0 |
| SHA512 | 78a6c8f76d3ebd8db9c784d7775ec44647c4776fcb11d0b32ae2b3a6f2837c0b3be12f053ef6a25811a68da17d0eea83077521f496e238757f5539b445a58a7d |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\msvcp140.dll
| MD5 | 0d89995cc45c7eb40e5a7e287506c1e9 |
| SHA1 | 096c27b06ee7fff2bcd290af0264cdafd04cded9 |
| SHA256 | e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b |
| SHA512 | 3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\Qt5Core.dll
| MD5 | 817520432a42efa345b2d97f5c24510e |
| SHA1 | fea7b9c61569d7e76af5effd726b7ff6147961e5 |
| SHA256 | 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a |
| SHA512 | 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\vcruntime140_1.dll
| MD5 | 9f4eac207cb58e8d110477e7fd19d565 |
| SHA1 | 687051b863f7a7178cabf9c06ab3b534b1e23dd3 |
| SHA256 | 7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e |
| SHA512 | 9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\vcruntime140.dll
| MD5 | a4cf5c1f71c540c69371c861abe57726 |
| SHA1 | f272b34182db8a78ffc71755b46a57a253fcd384 |
| SHA256 | c179d8914ba8e57b2f8f4d6c101c2c550c7c6712a7f0f9920a97db340f9d9574 |
| SHA512 | f2b53f28a6369f76b22e99fddfb86730f3d33e87c68dae7aa3d05808223693bb86ade263cccb99d5462cf98eeeaa6a6f1cfe5ea3aa1739f8ad6eb624caff1045 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\Qt5Script.dll
| MD5 | 03c6c0a60c0d3e7fa86b4388f4cbccb6 |
| SHA1 | cddaa47fd8c1a7de32c2376f27edcfc594e92074 |
| SHA256 | 0b58e5e79df13110a8258f14d7b3658d1dd0c8dddc337a164b89d4ac12a0638f |
| SHA512 | a297db87ee1055190580ad2bc539e89e38729dcb9ea9075dc535b05cb45c62f1b0fc99d8866047383cf519d7dde4016cc4ee0d5796190635aeb3d5c2f5e7cd2b |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\Qt5ScriptTools.dll
| MD5 | dd9fecbf34374972577a058e5a4c7c3d |
| SHA1 | 16c3114a75a2eced0104428dc779a3dbda951cc0 |
| SHA256 | ad25c27bc99075b4883a9bf7943954094885798969038d46785e0fd1ec1ccbc2 |
| SHA512 | 8aeeca34b63930564d42056ca1b7d3c59d6fe017b19e86fb294fafab982a014b09bbc40f32a9cc5d36c8afa13d7863ba4f144ab6a4af465acbc8a6a72f6d8554 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\Qt5Gui.dll
| MD5 | 47307a1e2e9987ab422f09771d590ff1 |
| SHA1 | 0dfc3a947e56c749a75f921f4a850a3dcbf04248 |
| SHA256 | 5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e |
| SHA512 | 21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\Qt5Widgets.dll
| MD5 | 4cd1f8fdcd617932db131c3688845ea8 |
| SHA1 | b090ed884b07d2d98747141aefd25590b8b254f9 |
| SHA256 | 3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358 |
| SHA512 | 7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199 |
memory/3928-3547-0x00007FFAE2060000-0x00007FFAE25A1000-memory.dmp
memory/3928-3546-0x00007FF7DFA20000-0x00007FF7E0660000-memory.dmp
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\platforms\qwindows.dll
| MD5 | 4931fcd0e86c4d4f83128dc74e01eaad |
| SHA1 | ac1d0242d36896d4dda53b95812f11692e87d8df |
| SHA256 | 3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85 |
| SHA512 | 0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\imageformats\qtiff.dll
| MD5 | 9c0acf12d3d25384868dcd81c787f382 |
| SHA1 | c6e877aba3fb3d2f21d86be300e753e23bb0b74e |
| SHA256 | 825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d |
| SHA512 | 45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\imageformats\qjpeg.dll
| MD5 | 16abcceb70ba20e73858e8f1912c05cd |
| SHA1 | 4b3a32b166ab5bbbee229790fdae9cbc84f936ba |
| SHA256 | fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158 |
| SHA512 | 3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\imageformats\qico.dll
| MD5 | a9abd4329ca364d4f430eddcb471be59 |
| SHA1 | c00a629419509929507a05aebb706562c837e337 |
| SHA256 | 1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b |
| SHA512 | 004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\imageformats\qgif.dll
| MD5 | 52fd90e34fe8ded8e197b532bd622ef7 |
| SHA1 | 834e280e00bae48a9e509a7dc909bea3169bdce2 |
| SHA256 | 36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d |
| SHA512 | ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b |
C:\Users\Admin\Desktop\New folder (4)\Nexus Release V1.6.exe
| MD5 | 97d5fc7aa91b287c1da40b530490ba7f |
| SHA1 | dd1a0d2d3bd7a6590b361b8afcdca781803a7791 |
| SHA256 | 6abd91cfcd50134df5b2d0b677c13e672626dfe7bcadff65e125c93cdee3c2bc |
| SHA512 | 2d42f62703303e744456a9ff6924fe1cabe40cf9b3ca298ac504cf3bfd0695e92289f2045c41cae15cb3348fad4682b41840931abed489bd8b037110d5e41d55 |
C:\Users\Admin\AppData\Local\Temp\dllhost.exe
| MD5 | cc7686bf7c7d81f59196d5cc3cab3348 |
| SHA1 | ac39079f223f87d404c421c48239f913b12f00a8 |
| SHA256 | 49c175257966f191a2abce16d8533d359fc27ecf6512da870a9c59937914d5f7 |
| SHA512 | 940cfb37c1f5e5dbd86cc14d5a0a85dfaf889754051d4fc0d0afbe7bedceaec91b5f36b873b5e24cd081432db1b7d61df72a198681b9ab8e3a9b57197cfb58ae |
memory/4828-3576-0x0000000000410000-0x0000000000428000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Nexus Release.exe
| MD5 | 967adda3e5738fc034a1179482e09581 |
| SHA1 | eb96afbee081846bd8af1e173cd2ccc371cb3e9a |
| SHA256 | 14329ef35eb26ab12b38f7da97707125f5f257b3173342f9dc90b20dfc760ea2 |
| SHA512 | fba760d43c51f8bdc979edbd68ca0716f432217ef4cfe5cc345287adc4f25e491604e65b3a339f15b7c0754cc56a7976b2b3deba66e4312aa08f87f2770aa732 |
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | eb3f111d9fda949162305e4f364f613c |
| SHA1 | a4233d3889d0962df1cf5b95d63122036014698c |
| SHA256 | e48df2979184435aad09306596e4207dbd15a3343633800437d5fd88c20e5bbf |
| SHA512 | 387ae3f06cc13f6b4017e481a9ec6b6936929afb98021fe16327cc4d8f13a1d255294e8f1eb01df7290c58d1ec65586b9849e870e443b2db5dfd7c2a5d033436 |
memory/3368-3631-0x0000000005340000-0x0000000005376000-memory.dmp
memory/2684-3653-0x0000000005580000-0x0000000005BA8000-memory.dmp
memory/3368-4024-0x0000000005910000-0x0000000005932000-memory.dmp
memory/3368-4113-0x00000000060E0000-0x0000000006146000-memory.dmp
memory/3368-4118-0x0000000006150000-0x00000000061B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_j1xmclrz.erz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3368-4486-0x00000000063C0000-0x0000000006714000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\python310.dll
| MD5 | 384349987b60775d6fc3a6d202c3e1bd |
| SHA1 | 701cb80c55f859ad4a31c53aa744a00d61e467e5 |
| SHA256 | f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8 |
| SHA512 | 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5 |
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\nexus.exe
| MD5 | c6ecb950084247ce60fc3b09adfb62c8 |
| SHA1 | 79f8379f843bf7c670420b50ddc4a0b99b918246 |
| SHA256 | b30a422797179d7f11549f9dd60cf2b5c72995afcf0d81f357a35cfd74c7bce5 |
| SHA512 | c4729e239db284f6d10e69d62c06970876b88d3fe4527cfdf639a496bb99a6c4416701d3a0d4a0ee7a524c9f05c2d985f872bc9ab830b6a01d2b2c8fe0a211d5 |
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\vcruntime140.dll
| MD5 | 11d9ac94e8cb17bd23dea89f8e757f18 |
| SHA1 | d4fb80a512486821ad320c4fd67abcae63005158 |
| SHA256 | e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e |
| SHA512 | aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_bz2.pyd
| MD5 | b45e82a398713163216984f2feba88f6 |
| SHA1 | eaaf4b91db6f67d7c57c2711f4e968ce0fe5d839 |
| SHA256 | 4c2649dc69a8874b91646723aacb84c565efeaa4277c46392055bca9a10497a8 |
| SHA512 | b9c4f22dc4b52815c407ab94d18a7f2e1e4f2250aecdb2e75119150e69b006ed69f3000622ec63eabcf0886b7f56ffdb154e0bf57d8f7f45c3b1dd5c18b84ec8 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_lzma.pyd
| MD5 | 5a77a1e70e054431236adb9e46f40582 |
| SHA1 | be4a8d1618d3ad11cfdb6a366625b37c27f4611a |
| SHA256 | f125a885c10e1be4b12d988d6c19128890e7add75baa935fe1354721aa2dea3e |
| SHA512 | 3c14297a1400a93d1a01c7f8b4463bfd6be062ec08daaf5eb7fcbcde7f4fa40ae06e016ff0de16cb03b987c263876f2f437705adc66244d3ee58f23d6bf7f635 |
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\select.pyd
| MD5 | 78d421a4e6b06b5561c45b9a5c6f86b1 |
| SHA1 | c70747d3f2d26a92a0fe0b353f1d1d01693929ac |
| SHA256 | f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823 |
| SHA512 | 83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012 |
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\_ssl.pyd
| MD5 | 11c5008e0ba2caa8adf7452f0aaafd1e |
| SHA1 | 764b33b749e3da9e716b8a853b63b2f7711fcc7c |
| SHA256 | bf63f44951f14c9d0c890415d013276498d6d59e53811bbe2fa16825710bea14 |
| SHA512 | fceb022d8694bce6504d6b64de4596e2b8252fc2427ee66300e37bcff297579cc7d32a8cb8f847408eaa716cb053e20d53e93fbd945e3f60d58214e6a969c9dd |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\libssl-1_1.dll
| MD5 | bd857f444ebbf147a8fcd1215efe79fc |
| SHA1 | 1550e0d241c27f41c63f197b1bd669591a20c15b |
| SHA256 | b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf |
| SHA512 | 2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a |
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\libcrypto-1_1.dll
| MD5 | 63c4f445b6998e63a1414f5765c18217 |
| SHA1 | 8c1ac1b4290b122e62f706f7434517077974f40e |
| SHA256 | 664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2 |
| SHA512 | aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\zstandard\backend_c.pyd
| MD5 | 4652c4087b148d08adefedf55719308b |
| SHA1 | 30e06026fea94e5777c529b479470809025ffbe2 |
| SHA256 | 003f439c27a532d6f3443706ccefac6be4152bebc1aa8bdf1c4adfc095d33795 |
| SHA512 | d4972c51ffbce63d2888ddfead2f616166b6f21a0c186ccf97a41c447c1fac6e848f464e4acde05bea5b24c73c5a03b834731f8807a54ee46ca8619b1d0c465d |
C:\Users\Admin\AppData\Local\Temp\onefile_3552_133624187967746246\nexusloader.exe
| MD5 | 5e61211e577a7fb75fab8b0c38ac11ea |
| SHA1 | b00d7db41af8de8d8122e65ae77eb3ef28b3f633 |
| SHA256 | 2ea85a21886caa6ad7ac3c840a903031af872df01bb42b597b5b599e2884b8a1 |
| SHA512 | 7a2114cf3f2a372e1b699a8a91bac793a80bcb4dc6886e1d137be7e3f50015e976987b034d4b9e46cbfe43f9a7acb299c1963289b95f80ed1ea6396881203fc6 |
C:\Users\Admin\AppData\Local\Temp\onefile_3864_133624187977589701\_socket.pyd
| MD5 | 5dd51579fa9b6a06336854889562bec0 |
| SHA1 | 99c0ed0a15ed450279b01d95b75c162628c9be1d |
| SHA256 | 3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c |
| SHA512 | 7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e |
memory/2684-4703-0x0000000006260000-0x000000000627E000-memory.dmp
memory/2684-4704-0x0000000006740000-0x000000000678C000-memory.dmp
memory/3436-4710-0x0000018168F60000-0x0000018168F82000-memory.dmp
memory/3436-4717-0x00000181690D0000-0x000001816921E000-memory.dmp
memory/2684-4718-0x0000000007C50000-0x00000000082CA000-memory.dmp
memory/2684-4719-0x00000000068F0000-0x000000000690A000-memory.dmp
memory/3368-4721-0x0000000071080000-0x00000000710CC000-memory.dmp
memory/3368-4731-0x00000000078A0000-0x00000000078BE000-memory.dmp
memory/3368-4720-0x0000000006EA0000-0x0000000006ED2000-memory.dmp
memory/3368-4732-0x00000000078C0000-0x0000000007963000-memory.dmp
memory/2684-4742-0x0000000008880000-0x0000000008E24000-memory.dmp
memory/3368-4744-0x0000000007C90000-0x0000000007C9A000-memory.dmp
memory/2684-4743-0x00000000077C0000-0x0000000007852000-memory.dmp
memory/3368-4745-0x0000000007EB0000-0x0000000007F46000-memory.dmp
memory/3368-4747-0x0000000007E20000-0x0000000007E31000-memory.dmp
memory/832-4748-0x000001BE3B370000-0x000001BE3B4BE000-memory.dmp
memory/3368-4758-0x0000000007E60000-0x0000000007E6E000-memory.dmp
memory/396-4760-0x0000021B21650000-0x0000021B2179E000-memory.dmp
memory/3368-4761-0x0000000007E70000-0x0000000007E84000-memory.dmp
memory/3368-4762-0x0000000007F50000-0x0000000007F6A000-memory.dmp
memory/3368-4763-0x0000000007EA0000-0x0000000007EA8000-memory.dmp
memory/2748-4774-0x0000023943F90000-0x00000239440DE000-memory.dmp
memory/3496-4794-0x00007FFAE2060000-0x00007FFAE25A1000-memory.dmp
memory/464-4801-0x00007FFAE45E0000-0x00007FFAE4B21000-memory.dmp
memory/464-4800-0x00007FF7DFA20000-0x00007FF7E0660000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bdec92a0532e7136fc4443382d4e28d2 |
| SHA1 | c140c3e3f715f3431243e2cfb7eba47db0680781 |
| SHA256 | 4642189975c5158d4b74778e0d2f1c21f80ae247908058bc42d00b63cbc94c85 |
| SHA512 | dad834d69982db0a7594cafed71c6ad41849de2fab5ce22b883b63000c0496c89cbb88b1360048899a771e56a4cb74b2f898a2f5c61529dc06fbabe5a72258b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9aa4596a4f66bbc9c9734e5be9158e9 |
| SHA1 | 354038c2d6171ec6e9fc18003bc69f2bb9b620e7 |
| SHA256 | a12c7e31ac935dfb756d86ea07a07604276e9792d5d523b65b3a9929c7df39cb |
| SHA512 | d96b950d346c658f11d4e42eec5ec0b3d9380cbeefd2b580f1e69c6110dbfeb764e4f7429050662b2e2e021d078a8f8f028c911a267829353160e217234c270f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d79eda47e2705224cdc8c78bc14b4c3 |
| SHA1 | 9cb960ba8eb226880c119be22b5693dbd11706a9 |
| SHA256 | 50d29497b0d284a33d611917a42c218198a18e0b066ced48a30822710d455cc9 |
| SHA512 | f1c8a0ac60e1b46815c3b122f70d97e413895bf57aeb0593bcdfa379c87ec8105128b64f748efacfef0bf4578ac0217236860d64f62c9c697ec983b6a8410625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e96d53c43f145a0ecc33e442dfe217f4 |
| SHA1 | 1954eb435873fb4b1ca28d8ed3895f524e1455c9 |
| SHA256 | a93b658e5dab1ee896255967b4b9abad7041df93dae10056d5577f67820e8234 |
| SHA512 | f7e5707cc4e50a4a029a66e491b9f3968a169f247ee5b140863041fffd01116e28d8de028e7c2da320ea0a5feb9bb4d0e645d920bd16bc37e370e90859a6cec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | ddcffefac58f205ea194e1612e7c22a7 |
| SHA1 | 4db6276eccafc0030490f970824b55dc327bfebd |
| SHA256 | 5f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a |
| SHA512 | 4b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 84468122cdd564621b4f2bb71db9154b |
| SHA1 | 1be7e3f02eaf62ea2c913b080ef9fcb9a97d68f6 |
| SHA256 | be62518b0e6c0794c2de91f22194171da26c367199da8584c8b24f3a586fdcf9 |
| SHA512 | 2be8faece3107258196062dd29ff97104fbd39cd62ae69974096fcd8bee2e3d7ba32af516fcbec297bd141d0d30b2d0870016cbdad3cef24c4a06a033846c711 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\38ad1fa0-89fc-4c2e-8cc4-7936d15aeb0a.dmp
| MD5 | d5ae5af56a59c237b05bcc29b1d4a1f5 |
| SHA1 | 1f7d700954bb7f1d7a939a0807865544d02b02b8 |
| SHA256 | 53096a1c21b3f6c84382f290e8b30bd6c2df9b6e6466e8bfb103c40850c93287 |
| SHA512 | 7b7ee64a2d42c0e9aac2aafec00375ef32c889dbff45245430ab28cb80d10c4cc30143cf8a9ac2b8865da5c93ef6711b441d999f30c14a9c0c1da610623d6955 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | cc331f86e44974651d16bcfd76eddc0a |
| SHA1 | ba130718e840897527af349a8fa5821a36fa3299 |
| SHA256 | 6b8d5ae01da0fcfabe02e364310c54d8356623bf81b3b96acb60c9d1fa4cca7a |
| SHA512 | f83a521d213069ecf78e0e3cbc369255aeb8e9be91f7819a6adfa2c8e7e117b46e7d407855235089db7e8bb254b2a3e4a32945164853fa1971802c9393e58771 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b882e59646fac77b4ac3c2002a4b6b21 |
| SHA1 | 181217bc882c0456c9bdc0aade1bb97dac1ec94f |
| SHA256 | 825f161ae66200d5716771665ff985801f429e7cc14462569590299e8a1a0734 |
| SHA512 | 2f8e81fe331b5618575c94bd71fe53752fbc3cde4f499f6b5fa0fba6c85511cf7aaab9f9dee291a9ca093be55e8a28a8e994fa2a1390fb30c556cf7031d6e301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9497b3569f79bf8749f2ee9ec32a4161 |
| SHA1 | 2ec0a623923d01232613f1ad8b71807f9b7c439c |
| SHA256 | a26c4dfc5b418da7ec2eed0137a9b95c3ba9224ea52a3da07d072545ea3f7a9d |
| SHA512 | d0bc356d12a0fd5ddbad2e06c91ac0cfd18f46b2c74a6d83e0f21f51b8e8512866bc1839bf3c881f789efef5d2e3a50837c3ac9cceb2b14fc9895648bdf9f330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9afa0c5f1598af07146f3a17e852cbdd |
| SHA1 | 64a404ac0ee5094bad65fa1208fd4891ea7904d5 |
| SHA256 | bddd8dda6e76bf93044766aa4b01ae292a9108db128785f606ff227e61fe09e4 |
| SHA512 | a986bebedb422be3a3fc7dbce8f77e432b91efcc6d1e1b2f745271d0b01d1e79f03da75082ee0b8808a5e1c382e1775cc6131aa7bc9be9592ee3956035c78255 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f901feb47a71be04807316b6282da390 |
| SHA1 | b6aaae2cb1f1b6702bf8dcd2875d5d4676a98748 |
| SHA256 | 088ff698c8e0848f5a4a7430b899ac24ad8183e5ac6d38d1ce98d7b1cb9fd473 |
| SHA512 | ec35d6c02fa23e7cccdc1180562cdab158f6c52fb15b163f4a8943c78777e50dadfcda612a7702f7be7849fa439c24fe68cada14ab703263bce46565aad3d22d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f9bcc.TMP
| MD5 | 61c9aaae7d096ce61ae42ed6910e55ef |
| SHA1 | 7c8996a5e07b5bff9b43fdb4470049486e86f046 |
| SHA256 | 9e3083fa6c80dd6a0bd7e451c41e561bda4cd5eecc15e822834e2103a8d58492 |
| SHA512 | f0e158024d6782f7c295ca190627e012f6d8422d6b34b19e0464b13acd064a5a6a73f28e169c2f74fe48033a243328c6dc0f9cdd11cb7c585c7cd6ac92fb5852 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 1308ea176423729a7f037ec50812b787 |
| SHA1 | 91021c515d104d73de6026c5bf24fdac01126b9c |
| SHA256 | 1b88d682480d8a40c96eb78214a89a692dc46ff21b3d01c3700b6c50c3fc8f9b |
| SHA512 | f879a642df3963b72a24791a2c24cc40ba1c60290000f0cfee74197867fa408b87df3426bc2de3293adfcb604d431d1555215b0d9379e532f2cb8552c7950799 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0bd2ff03405495509811076130eeb1fb |
| SHA1 | 47e9d2fe28fb2f84dc470cfe8260a4d91133747b |
| SHA256 | 4cd19d6d7c68f7dfc9667a703b45ecdd2d6c1ff44a257ebbc03451a7c09e92cb |
| SHA512 | a57d9805f602b023e55dda885c8069bfe97c767d03dff938fe637608df33664b69750db6556507aa2f56c63f6172fec21a0a8301c74c4ee4f052d8652471dac3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 3fda6bf05cc69dbf739d9176a8abcf6a |
| SHA1 | 8d83216747274589342e77719890f1cd6dd2825b |
| SHA256 | 1f8a68c0d6537d47de6bf30863ad6112e684552eb852e7c4eab8e37f6ae77427 |
| SHA512 | f4100b5e36839003d1a8c655146c1c75da4c83dc7fde3e3163f7691d9fb112204981b8e470ab500be92bcb2cdefa337b04560b5221e71447e163d47dae72e42f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f73de1644e923220559a4fecb9a87fcc |
| SHA1 | c080aaf20976e6cbbef0911e4f03f85af1481dad |
| SHA256 | 13be3060587e01c7fd290e0e70044fb2cb43c7776a60d21648e1b59b6b356973 |
| SHA512 | e421893b94f93c9e2ebd5f527df36ba1eef638a55149440d0f15a75dc2776064455a0e4dfdea44af0ac9a653204b4cf0dd41875827f5009d25d251f8dab36250 |
C:\Users\Admin\Desktop\New folder (4)\New folder (5)\shortcuts.iniwin.ini
| MD5 | d94ec67c76ae5b51e8903f1eb6c77337 |
| SHA1 | b783802e99d0a106b94bed8585f4b9e8964a9c5b |
| SHA256 | e56e5f47edea54b9c95d3e7a7fff34231d4c05d0bb8d998648f44a400b90bd07 |
| SHA512 | c12d01512ec0577cb30d6d14fd308983093649cda9396b45cc80aa86341af6bab8944b2b176f8875f97db7d97ee38fe2cd0ef53821a8e55450e4af0f1f2f6b64 |