1f1ad9c1f639326946f39129cb9ff5015669a0a3dd9e21db07163fb48cb6b709

Analysis

max time kernel
110s
max time network
114s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
14/07/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZenStudio_Setup_v1.5.0_Build_76.exe
Size

17.2MB
MD5

2b8322f747ed7623d698c524ccf2ea16
SHA1

fae3a00cd6334cee7e793aa6bb56bffc45c0bca0
SHA256

1f1ad9c1f639326946f39129cb9ff5015669a0a3dd9e21db07163fb48cb6b709
SHA512

e1a3070b760cd7999339a21e72618b7614c1b26bf5b2acbbdfd45c27eb115d0d566fa5d835cf505d274025366a2a474450bd49b3607340cf52731c7f26e784e4
SSDEEP

393216:DaLCsFu4++WuIuffxPvMFQFgs20pHOMOv59/dWnnETyNS0yRMtEX:DaBIETfMMuMWHlo9vyrX

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
988	ZenStudio.exe

Loads dropped DLL 6 IoCs

pid	Process
3488	ZenStudio_Setup_v1.5.0_Build_76.exe
3488	ZenStudio_Setup_v1.5.0_Build_76.exe
3488	ZenStudio_Setup_v1.5.0_Build_76.exe
3488	ZenStudio_Setup_v1.5.0_Build_76.exe
3488	ZenStudio_Setup_v1.5.0_Build_76.exe
3488	ZenStudio_Setup_v1.5.0_Build_76.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ZenStudio\ZenStudio.exe	ZenStudio_Setup_v1.5.0_Build_76.exe
File created	C:\Program Files (x86)\ZenStudio\uninst.exe	ZenStudio_Setup_v1.5.0_Build_76.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654254026441610"	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\URL Protocol	ZenStudio_Setup_v1.5.0_Build_76.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\	ZenStudio_Setup_v1.5.0_Build_76.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open\command\ = "C:\\Program Files (x86)\\ZenStudio\\ZenStudio.exe \"%1\""	ZenStudio_Setup_v1.5.0_Build_76.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\ = "URL: ZenStudio Protocol"	ZenStudio_Setup_v1.5.0_Build_76.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell	ZenStudio_Setup_v1.5.0_Build_76.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open	ZenStudio_Setup_v1.5.0_Build_76.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open\	ZenStudio_Setup_v1.5.0_Build_76.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open\command	ZenStudio_Setup_v1.5.0_Build_76.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-514081398-208714212-3319599467-1000\{9CE241D0-8130-453D-A3A8-6685325FEAE8}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio	ZenStudio_Setup_v1.5.0_Build_76.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
988	ZenStudio.exe
988	ZenStudio.exe
988	ZenStudio.exe
988	ZenStudio.exe
3672	msedge.exe
3672	msedge.exe
2260	msedge.exe
2260	msedge.exe
3188	msedge.exe
3188	msedge.exe
2272	identity_helper.exe
2272	identity_helper.exe
8	msedge.exe
8	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 5100	2268	chrome.exe	82
PID 2268 wrote to memory of 5100	2268	chrome.exe	82
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 916	2268	chrome.exe	83
PID 2268 wrote to memory of 1844	2268	chrome.exe	84
PID 2268 wrote to memory of 1844	2268	chrome.exe	84
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85
PID 2268 wrote to memory of 3328	2268	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\ZenStudio_Setup_v1.5.0_Build_76.exe
"C:\Users\Admin\AppData\Local\Temp\ZenStudio_Setup_v1.5.0_Build_76.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff82356cc40,0x7ff82356cc4c,0x7ff82356cc58
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4040
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x21c,0x250,0x7ff6e3a74698,0x7ff6e3a746a4,0x7ff6e3a746b0
    3⤵
    - Drops file in Windows directory
    PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=1600,i,17092484795588446160,16857434527627583251,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4584

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2672

C:\Program Files (x86)\ZenStudio\ZenStudio.exe
"C:\Program Files (x86)\ZenStudio\ZenStudio.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ff823143cb8,0x7ff823143cc8,0x7ff823143cd8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,4735730778559598605,11932712645198048753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ZenStudio\ZenStudio.exe

Filesize
19.6MB

MD5
1fae469528fcc28ec48eb939b39f8a69

SHA1
21f3642dbc8a5b7bd60cd285490f119aacdaa1a8

SHA256
49e2e48406ae2b43df1e04c20c2fd13b9b25d7d16eb07bfe268f471ee755208c

SHA512
16eb03db6c71770be6b142949f1eaee6ffd5839543d781b8870455cde089db643538c3ed12c2e03da43ec1e4a71ed0454343e23915a2ead9dcb0ff09432f17c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
55ea8ab6fa48900319c9102bf37ad258

SHA1
e90130ad170ca7083f4bf93505fe50bbba6a2f5f

SHA256
96adb49443060f5abacb9a030d5776d446ec480080e1058b538cd8062584a067

SHA512
ef44172fa8195787f439f0e3e8c509ea7a1875fb406d36e986ef644199d5374e74a3c70c85251df85f23ea55e0fd22f6cedc048131228d34c40abc73d1d5a1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f65e4b13c5f2bed233327962468b2b6b

SHA1
736eb2518e17c4870518196374a52db426923cb3

SHA256
2efcc5386694ecced430b82a92060d50711e28881fda78043c0b24e227fc5e3e

SHA512
10c8f0e3e04ecf8a8c23877e703d5af3a382b2f5f2b55e0630c4717a157910028eb4637ce25da32ed2d18b4772042e5bc2c015ace988551b0136c100c4b072f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
60a4c45ea20ec591f53e9fb092d63cd1

SHA1
a4f7e188303510ebe4ff97a3c40b29adcdc37fe2

SHA256
cd1a8681e5fabd46845c08c6aaae737e1bfe08f9a3f23122f8e2a182050e661f

SHA512
8a8ca4670bfc04d23c207ff75fbd60d1b06fd377bfdb1bd036b19b6d6fa2063df850d0b0338d9702d0058c41d032805ad2c3dd1a205c83da44b3567213c9ba16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7388f74b99fe10aa8ec81e3cfd4db6be

SHA1
9782516ccd62fa9cb1d785a9250e6246e0e0ba20

SHA256
4310877aeef0d3717ffce4cdea8d3e24f5c695c1ba6330dcf58fd15c9f274c1a

SHA512
7cdf7c818b89204806a3297c9915baf449784682362487bbdb9436b125bca6c8410c70c855efdb833a487a670f210f2982196750728bc7f3bf98e9b03cebb7a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20d94d6e0e27a44c58089af9cbeacdea

SHA1
95c898bd958540a7e6edea6f4857ded1e1f1f959

SHA256
d5b060b0969997f266f3cda2aa58079dbf00f7a3e8127c2b65b8d9f04108ca77

SHA512
f1b0cc0b01beb1f7e5374b14a3fde654b36c6c7a8b0888256f9d72c0ce8cbcff032a5b3eabe2d93995f348be77ccf4b4b564f5c1dcf9bd1c44d0a873585a3b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7ff315ef11ed733660d71fec0b6cf90c

SHA1
fed2935dc8f15dd9c9b71d8e3a3dfed86ae91d02

SHA256
2bbccd266f7eb3d648ff0b2a002bac5518ad70cce184a509358ac1e3a1382896

SHA512
6fa20c648b53b04cc09f740f8fd909229a9894d8b479e620590648b99435d7996970cf1c2a9ce77989df831c3486eecc63b7d13052115c099cecb8d817772b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a32e8ead00bf6c45b8534c32bb900a68

SHA1
1d17ef0215eceada6231fee2ada94b01ef548525

SHA256
cc7ec0407c1f9b8872ab408aa4c5c1afa0e5053c08813b6fb75f52d4bc2eda35

SHA512
27d780424eab515024269a6eee00365d78c4edd433e0e2b5d575445e84480672c25a7929f34b8cd2c58f8ebca56c0fa1a54e987b3f6fc81900309844d9c6d914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8810c5fca2f6c07dd0d0f24013aace55

SHA1
4d1444fc5408a8abad1c2b601ed8f4db70140b2c

SHA256
3d155d7a572e957ac1500681056c3f1ec4ccb95c15b6081fe057118ab8ebece3

SHA512
0557af3e3295eabccba5bccbc74cd071cb41639826a7288e4e5aab0793429d6a0abc279e6320278b39f43763a5915f7260e5a18b02a3dea2fb2125222db3ac36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
e6a7ced39092c62160facb413f2555a8

SHA1
62780df1fd245fd7606f693031a8819771026a75

SHA256
1240898896e109efc1d485e926598cd57c49a091e0b924ecee8f91e692789755

SHA512
1efd06cf7ad6b271f888d5ac7b9c648e39021d7fd37ef52d6f653d3d5fc91e9ad6c91c343cbf494c01dc443b549dadec80e4a7f51c192596e7aa7629d3d359e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
654bb64355932470dd67f0ddcb3eff22

SHA1
53e8638437083a1ca54dbbfce7c1483db4dabcca

SHA256
ffbf29e2b4d85b817b70b7e766ae25eec994633de934b06e9cb09cba582dfa03

SHA512
bf0f01869d9ee5fa2be43bb9f18ab81e056e735a2b99f4a5566664dbb91c9db6237b489c4be0aa98880035e3236c7aa4e30af2d97ed054d01e8af6e5077f00ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
424e66c15bcfe5411d6a19416335cd31

SHA1
731439232d948ad108e71a1936453d78c7e5c516

SHA256
11a6e731d6696b8790031682e255d9695353d42f1f81c131b63a462970019dcd

SHA512
a2b9a8b81983ce3bbe0311288b7a81492d442524e76006f52c76a056d7d5852ea2eb55fe79c9b503d58ac97ee063e1e0bdd3b0a68613adaa87b213584b8da636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
85768d57cec096bccc1719e2c57bcbd0

SHA1
a26eb84f4b8e89e806b498cd632d5b6b8d0d23c9

SHA256
373ac6f1ba2faac34813a4fa416807390f3982fdc2a0d05c0aac734844a505c8

SHA512
50c9d8ffa81a5ac8b266b1e03a77dd54f843a6223913122102676fc4a2943aeb41b9e78c754b363915246789a3d7fb85b3c7f3d4dc2f74ee2964a97731b1e203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f3725d32588dca62fb31e116345b5eb

SHA1
0229732ae5923f45de70e234bae88023521a9611

SHA256
b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

SHA512
31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0f062e1807aca2379b4e5a1e7ffbda8

SHA1
076c2f58dfb70eefb6800df6398b7bf34771c82d

SHA256
f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

SHA512
24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
de01a584e546502ef1f07ff3855a365f

SHA1
60007565a3e6c1161668779af9a93d84eac7bca8

SHA256
9ed00a33812a1705d33ccf2c3717120f536e3f4e07e405539e1b01c5a38a14ea

SHA512
1582b69b40e05bad47f789e1b021cdd5e3f75548a39a99e0db1b15138425e530e25ce6e56185b1dfa5f51758d2709e52d53f309da2e662ebc34c8d4974ab6469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
c71e53854f68266b9b7f2151cfcc5c32

SHA1
356fa2aa7d9a8c7585d846fadde297d33166ecd6

SHA256
ba4913f000f60e3762611198396ef0bf07204cb4381a74d83328e6369eaf39b5

SHA512
d261f7efb5490d0e9e11517d1e96d8d090bb0a64584565afe335ab9becb54f399e5eea088156c999004b771f4cabaa107256822bc1c4085194a35744d7915270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
199b80e9cfe12b858c5b83ee831ac03d

SHA1
e24c59f57d7f7c53d5013f12b50ea2eb1c975fa3

SHA256
7f7e397d45bc54660594d132e071f57aca3825a488e5543163d37c7acc27af5f

SHA512
a1397fb38de86e3ee1e3c253d3f1a986040a52fd2856721030d01e93037782c381f107e757cb575d4ffa4b14288e3c1af7ce13526e959ee119c2eb710d8c0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
afa20c0a72628029107278534afce865

SHA1
5deb270fec1ff55808012cfc896dbac034572460

SHA256
41548d7f6106aa6debdb3b85c55175b83496903b61030530a14c3385e77c0662

SHA512
1a339ab65348f372122df4e170d64f797b6ed4ccdf6ef2e4b38aadefc2829d4abd44a855c529a2237a40b55d3deb535d1bee23af430c0792f7c07c0982c2a2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1f9cba65ab543587d899b0c05f43ee9

SHA1
4cd2c3c00171e7bdd5aa8099f053efd38e871958

SHA256
91f4b7508da08e6d0a476f1d47663ca6183875a224c6bb65581b440a8a640315

SHA512
504c0c0daf50fb7b943ff66a06decbf3173a9b30f3e3b9ed6fd72e184dda4982a53447234a080e81d870ea1773af745af7784570fc3d81d5a3163dffbc42bf15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
302d1b980da7ea231f0a8465fd588a3c

SHA1
224d2cb33a7b39f68fe4ea577d83af4ddaefdb8c

SHA256
46115dbecf4069f0037717152ede0740749c9fc65f48c89a301afb3e6bc2f8de

SHA512
a148ae220cbefb000bee90c076045a25565721c3bc80175ea1e358545ca804de15eb827d85009348b285ccba78573f0bde93b7796ffbf13ea24a1aa03af9c30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
358e8055a0c45351ffe4baded1bca6eb

SHA1
b89f4469efa7e61a30bbe48dc88d6b25f58b0ba2

SHA256
6d18b46c7c7cfc31dcef1eb37cda4ca9638398673476e7433135c9d02ea68929

SHA512
7fb7f01bad0d5c32a166dd2e36d759a4538ef5d08cacaeed124f6392bb539ac393d45e7ab63005967246edff391bf11f87022f89067a4429a6f8bc1749132306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4fea6f651637448ee385a45d6fb4c8c

SHA1
087dfbbfa1d73f002b5770dfd195f6f4316d2b16

SHA256
8c175a90fc0f24345060ee9663c7932cb366f1e1ebf568b84a0792c7dd1165c2

SHA512
03e1d9ed6be71a81e2051b028452cea659144a9b3b458211f68e07f2baa52eedd6ca75ce898c67bc2460e9648919c858571cb9ea93190e34ef7af521fb0cf5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4cd6320d-99d6-4e83-9434-0a63f018dfcf\index-dir\the-real-index

Filesize
2KB

MD5
4c6f6a24b57f1cb44db5f5869f30f85e

SHA1
893026b2babdc3054ff62f7300030b17c21e1ad0

SHA256
090e061dd2ffe4ee74d2026e06a914789e01d8b510155226cfe9c60d0218b279

SHA512
7cf82f908139481ec979683f16fb7bb8deb6a268635a4a894b9ef7d0277a30c09e9377192a4c1109a527f99eb4b38358f995754f0400aac351bc380f2f95a244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4cd6320d-99d6-4e83-9434-0a63f018dfcf\index-dir\the-real-index~RFe592d02.TMP

Filesize
48B

MD5
2990b36e29542f33994a72852fd19ffc

SHA1
59ba51c4c10ea59a11594b4abe116d68b294e740

SHA256
732c5213beacce640ab81a2e4320cd441b0cee3be873ddf91315490367cf3646

SHA512
d2bc2392428fd765a67ff5bb29ea76b58e5c130b800e749ccb2edb18439618b541cf0f18a15fa5344713a836ed01f37f21140d855c84dc5eed3f6ea82faa3abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f4c9962c-267c-4941-8389-1832b89b2bba\81081e2a44d41712_0

Filesize
2KB

MD5
c4ea8bb4266f2e30287d3f452a074c57

SHA1
7a6f9bbf209c475ca73f38e0a733051ca3fd9356

SHA256
0ece387ac28310f410da043449a050749feebfbce03e5f5ea927d21e7bd889ca

SHA512
0e2aefe3a4c017758ac0e8875eb463c1a2f757122e4ca578cad702e79a7675bedd99b0a848ec05db29631d17ca960c89323bd106a1b8415ca7545ba382044f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f4c9962c-267c-4941-8389-1832b89b2bba\index-dir\the-real-index

Filesize
624B

MD5
4f010294dc937aed87a6bb22bb7890fb

SHA1
becac3cd7258e6020a92f0837935eb298b31e175

SHA256
789a2ef1dd1f35a3092572bbd0913fd3f68c9322c3dae0725ed5bc56500481bf

SHA512
5cad5f7744a59620a42cc3bb90399eefdec1fd313397955007f8579b5b9c974bbcbbfc82a3a49dfb32547984e45c27db608b9a5d560bcaac637c33a360531afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f4c9962c-267c-4941-8389-1832b89b2bba\index-dir\the-real-index~RFe592d02.TMP

Filesize
48B

MD5
8e611a18d0a2d06c270480ac00c575b4

SHA1
46b6eb020967a5f6ed8af6e699283ef651c66758

SHA256
e9afbbaf5d0ed1125723ca5a1919534d9b9d1b81b4d55f455e7723e465a23270

SHA512
f222cfa9de775a0c54a2fb5aa0755f8aa97d6319901292b922475d9da51849b97e2a891912a63400be3b8baf5160693fe3da42a0b841ade466eff170ab65b0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
77b7ca9e55463dbce5e294d686e33610

SHA1
7f18883a5579c0fd2e9bd93c99637da543009779

SHA256
64e50d3060738960d98bc883e2eb18991963a2d4e4ff9fdf6f4596d598116082

SHA512
60d1dfb523fa5117314eac5c6db583edba3321700284a76d99c3ca9b516f8ba69dcaa2fdba7c9a103a15e39b9d054a852eae20790b413d615d40740b71c84f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
21880238d23e29d465ec9fc09309d868

SHA1
26f7f6fcbb25caa896885334b42984da136bcdf8

SHA256
509d0b294c08bf1731f11283cce683f509b5f8ee9e801a91328e00ac59fb9411

SHA512
8b24b2c3d9fe2d7ac8e78eb7acdf86b207e7521a8b1aa019461888ceb1c2f090d164748b152fdb21c3eef6db710adbccdfe1061a03c358543ae70aa644a710f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
e55f239f0234d2b9f18a446e0ab4f62c

SHA1
acae28a2f44fff1fb0412edd171ff5ac551d7b98

SHA256
ef81964a537010091daa3606697e5ece54af655692c7ac7736fee28231db4bbc

SHA512
5fa08f2b22f35b446e427938ecbfc62bdf9d29683dbe5f7d63ca8c545e9b996636bb1b3ca57c8b862a99555fa031fd48aa316bb2cda20c846ca9309a215d2ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
58367afc9447208d282d8a9e97349553

SHA1
2d037bcdfcb2bdc2afc9ce3bcfb9b7111eb39168

SHA256
273351103dd1d73e81ed2b248405a83d46ef8abe3661ee316d2617099adb5112

SHA512
fa436e0380f3049b0ce2c7c4936faf181c9f48fd78e189c9fecb196857ce23941bd5bae9f3a6f23d5981ff30db24fe922c95156c89d03596154b3317bca7a7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3dc89d7e055090c55f73ecf43c48b911

SHA1
f321fd9c1bd5f8a1e344c7c12db02664b4e1e9f6

SHA256
96c0c0cc6c21ea6689635cf5a9bc0e10d40d5e7a6248bedc0c0414857d1ea4c4

SHA512
41a2a4401b0f662828dcee3ede1af6f31ce728bd57ba175b628b7d7b81a8dc7b8e42fe2b76aab884c222cc0a4ec618aae318ef3820f29a8f4944cac676c8a166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
94e19937c3079643149bf40fa4ea2ebd

SHA1
1afaabe1b89e2f3ffd6ed781757c851885fabbbd

SHA256
4015379026264c55033a745bb49f57ee119c724c13f721a5dd357d536becd435

SHA512
7c6e2c003f66f5701e6a1d51d888a2b9bc1052649199ac4a00076ad1ed15670fd50b048428e2232e24ad53a57b40857130d0352f13f58b35d0d75dacc1451433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592d02.TMP

Filesize
48B

MD5
48ae3752efda1a52666aefbaf820de7b

SHA1
0a9e8887847bf053fe620a4302fc2ee2a084315b

SHA256
87525514aac403bf711ae498576c5a594a960f8fc09270dc37495b5dc093025e

SHA512
cd469c681481faffe07621cccb3d7128e723a6b53bfb28e4e887bdfe3053d0bc847c08f70b7d7e063540ee3723823db838053b695a47b43889cdfa53cfd07648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db6ae2c28a1722a7877612834217a6ed

SHA1
ae7295efb6c6d7b107bcefb7626940434607eefa

SHA256
44bc06fb7aa0d709cf68fe576833445acc64d5a4b5f53a9a53cb187dc1137935

SHA512
a6bb29459a6e207db006f6b32ac8b1b759d74f8a2162e676ed45682b960f2b412a350bd128842eac162ef2d014b3d3d280b334065a65e56c49e55db015a1f22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5916f9.TMP

Filesize
704B

MD5
05c0ce76170b6af63e0fcbd42e56ddf1

SHA1
27d04dd22bdebd6c06c690658829b1b9984f839a

SHA256
1feb8a3c00c75bb6b002c9d8455b8cffee15b35666929a31f34979eca58ab237

SHA512
b79ea211a16d465b9334ab96238a741a4842e3c43ae608978e7280d206f5d57d5e8b314dce30e2e2bf989c95eafcc99081a5cc85d2f419a1f523b2fd4327ad38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
771f24a73f96d9d917b6eeb29abcdce7

SHA1
269d424e68efcf49392bf3a9ac79ce6478dca43d

SHA256
8e5542b92433fed96438add6a2420093bd5050ee45de40c68d9629333d754a2b

SHA512
b283c49becfcbf0f575f231e411742025507e8715be1dc5ed7ac09a8885e3490a869aecd6fd8ce6486790150aa004514b4beeec9f88135078b44319acd6279e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ab1aab9a1546b32388cc2d7e794fefd

SHA1
8ce7e97e131b4aa4d99e1fe367733ca66c1162f3

SHA256
72673d2bbdcd174b95468c5e45999a669268fe3dbedaaafbd1211d90e1363ae5

SHA512
d745ac3b9961157a996092ecc3895a36b5628fec1bc352cfdad9f4abf212818afa3070f4a63689bd2e37c93701b83d9b8059e0745f967e1d81603adc9ebac872

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\DotNetChecker.dll

Filesize
95KB

MD5
90707abc35ad1a925b128527ac974989

SHA1
47d0d433e513f0cceccb23b2522c7bc82d634691

SHA256
8c1879e3e0855e6c22134b8cbb0986b97eb270fdddf8536be2afa18aa9344a4d

SHA512
7cb2cce6c63210fe9abb2ba5d4e0e2a130f2c3c69ab02502d68e427a3d02b8822dbfbdc132899806f31740f44023922d3815629ab051aa01b5d829a419dd7f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\StartMenu.dll

Filesize
7KB

MD5
a8c86996c4230c2209f5927f21321377

SHA1
45ce0ab93cb6a3a594e54878cce05df724024393

SHA256
110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855

SHA512
69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\ioSpecial.ini

Filesize
1KB

MD5
ed9f231a52f5735bb10fb56304333fa9

SHA1
5dbb2231b078f3f9159df09ec95ea3d5c7b4edae

SHA256
01caeebb27b8e3173230716f5b5a2016bb8d0cd49710f48b6e47db1d7ebde958

SHA512
aeb41c5d440c9acbb2f31dc26ccd73a9b6ee1d46e9ec8513014ffbeb93e46e9622a03f79fa4854903c471c43e8a92f2e34110c5a68941f2db6e4cc9cf0fcf444

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\ioSpecial.ini

Filesize
1KB

MD5
ab166141bd424f5cc4648a6b4d46b10c

SHA1
9ff20359081108b6304613dbe361dfbc902e3008

SHA256
f2166a859ceb7f9d91b78f7149f896f3504ea4d0f48878756c9cdfcbfe9cfca5

SHA512
b336b4f987280635e0f53f35589ca07a2c084acec9399f64a487e6ba6ee6869222246c0d3d14929c6fcc573df5e5a1a56ba6991dbd50d9a3095af375508ec068

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\ioSpecial.ini

Filesize
1KB

MD5
3f5062f1efbc8e973cc78ff3e6dccdb3

SHA1
e851c2aead0e8adf9fc85372a927a30574115b99

SHA256
ff04f13ea31092160b1cce85585ef2c076b61c6f96dcd9140a59af5639b54d8d

SHA512
15df914ff8d5064182fb96e4156dba3d13ea17b4eedf90b765b5756aa9c10fdfc9a2aab8d091f1ee4071ab0ebb9fde039f04e3108a82abb98dbf07aa480282b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8118.tmp\nsisdl.dll

Filesize
15KB

MD5
05f72d6a944e701217ef2eb2cc13e0ee

SHA1
fac99c39150ae484e4b3e0af2f4be86bb1835dde

SHA256
aab28914794a1cdda4561e9f2af3e006dbed220d9d6bfe049b56d0cb9b783648

SHA512
c87e783fc169ef01ac0d3ce29fbfbf349a2e22329df9203a1443cc2caebbe7f8282c0754740289ecca534951cb7e574bafef9ccbaa0da7c287109920ec9573eb

Download Submit
C:\Users\Admin\Desktop\Zen Studio.lnk

Filesize
1KB

MD5
f206a17eec134c4ee1422136f5cbcc46

SHA1
beef096b31dbb20a2e2ee7aa274f19da0112bee6

SHA256
7711e2e53d694da397e7805bc179a45d1a844fcf98cf89e595d4152520a98088

SHA512
bb29491b81cacbfd923ff7944dcf5cdf7c844d5779d7432b797b891460a8af57f7d4a45798cb86bc0a7177126ae3b17aea6bb40c37c8c53af446210c9db518a1

Download Submit
memory/988-445-0x0000000008C90000-0x0000000008FF0000-memory.dmp

Filesize
3.4MB

Download
memory/988-449-0x000000000DBE0000-0x000000000DBE8000-memory.dmp

Filesize
32KB

Download
memory/988-446-0x0000000009750000-0x0000000009A4E000-memory.dmp

Filesize
3.0MB

Download
memory/988-448-0x0000000009000000-0x0000000009076000-memory.dmp

Filesize
472KB

Download
memory/988-444-0x0000000008BF0000-0x0000000008C82000-memory.dmp

Filesize
584KB

Download
memory/988-443-0x00000000091A0000-0x0000000009746000-memory.dmp

Filesize
5.6MB

Download
memory/988-442-0x0000000007830000-0x000000000783E000-memory.dmp

Filesize
56KB

Download
memory/988-441-0x0000000007860000-0x0000000007898000-memory.dmp

Filesize
224KB

Download
memory/988-440-0x00000000077F0000-0x00000000077F8000-memory.dmp

Filesize
32KB

Download
memory/988-447-0x0000000007980000-0x0000000007988000-memory.dmp

Filesize
32KB

Download
memory/988-439-0x0000000006EF0000-0x0000000006F00000-memory.dmp

Filesize
64KB

Download
memory/988-438-0x0000000006EC0000-0x0000000006EF2000-memory.dmp

Filesize
200KB

Download
memory/988-435-0x00000000069F0000-0x00000000069FE000-memory.dmp

Filesize
56KB

Download
memory/988-429-0x00000000104C0000-0x00000000104EA000-memory.dmp

Filesize
168KB

Download
memory/988-428-0x00000000104A0000-0x00000000104BC000-memory.dmp

Filesize
112KB

Download
memory/988-427-0x000000000F8B0000-0x000000000F906000-memory.dmp

Filesize
344KB

Download
memory/988-426-0x0000000006790000-0x00000000067F6000-memory.dmp

Filesize
408KB

Download
memory/988-425-0x00000000089A0000-0x0000000008AB2000-memory.dmp

Filesize
1.1MB

Download
memory/988-424-0x000000000E080000-0x000000000F218000-memory.dmp

Filesize
17.6MB

Download
memory/988-423-0x0000000000690000-0x0000000001A26000-memory.dmp

Filesize
19.6MB

Download