Resubmissions

14-11-2024 08:15

241114-j5mcrswerj 7

14-11-2024 07:56

241114-js3h8awelk 8

14-11-2024 07:48

241114-jnh9sazjhl 6

Analysis

  • max time kernel
    115s
  • max time network
    448s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-11-2024 07:48

General

  • Target

    https://ytzp7vuu92w1j.blob.core.windows.net/ua0mskevqzgo84btqr0e/5HVFVzz1XInohuCeVgsT.html

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies registry class 5 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ytzp7vuu92w1j.blob.core.windows.net/ua0mskevqzgo84btqr0e/5HVFVzz1XInohuCeVgsT.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff857b3cb8,0x7fff857b3cc8,0x7fff857b3cd8
      2⤵
        PID:2344
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        2⤵
          PID:2608
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4780
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
          2⤵
            PID:3288
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:3500
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
              2⤵
                PID:764
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2592
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4984
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                2⤵
                  PID:1516
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                  2⤵
                    PID:3000
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                    2⤵
                      PID:1540
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                      2⤵
                        PID:2776
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
                        2⤵
                          PID:1284
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                          2⤵
                            PID:2448
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                            2⤵
                              PID:4564
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
                              2⤵
                                PID:4528
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                2⤵
                                  PID:2036
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                                  2⤵
                                    PID:4756
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,10150373861102808602,6615819343075579618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                                    2⤵
                                    • NTFS ADS
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:656
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4480
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3296
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:4216
                                      • C:\Users\Admin\Desktop\SubZero Spoofer.exe
                                        "C:\Users\Admin\Desktop\SubZero Spoofer.exe"
                                        1⤵
                                        • Enumerates system info in registry
                                        • Suspicious use of SetWindowsHookEx
                                        PID:1500
                                        • C:\Windows\SYSTEM32\netsh.exe
                                          "netsh" interface set interface "Ethernet" disable
                                          2⤵
                                          • Event Triggered Execution: Netsh Helper DLL
                                          PID:1964
                                      • C:\Windows\system32\BackgroundTransferHost.exe
                                        "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                        1⤵
                                        • Modifies registry class
                                        PID:4804
                                      • C:\Windows\System32\svchost.exe
                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
                                        1⤵
                                          PID:4468

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                          Filesize

                                          152B

                                          MD5

                                          3d68c7edc2a288ee58e6629398bb9f7c

                                          SHA1

                                          6c1909dea9321c55cae38b8f16bd9d67822e2e51

                                          SHA256

                                          dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

                                          SHA512

                                          0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                          Filesize

                                          152B

                                          MD5

                                          c03d23a8155753f5a936bd7195e475bc

                                          SHA1

                                          cdf47f410a3ec000e84be83a3216b54331679d63

                                          SHA256

                                          6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

                                          SHA512

                                          6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          3KB

                                          MD5

                                          106366c23e6456d2b8b19456f3742003

                                          SHA1

                                          6ec610298e029f3004b805fecc92ca7660ea0a58

                                          SHA256

                                          8de0b6afabf6f0b1d06556b11ec656753b6c1fd9f754156f16d29639d553fec7

                                          SHA512

                                          2405764aa79219177e34f841fc3a319f73efec6e29e647504de42d8927dd0eb631aa2c2f7197855b15bb7ecdf99736cbbf83458b27d4d94ba850d2343db511b1

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                          Filesize

                                          857B

                                          MD5

                                          fdd0de92e3867eeeeb67b0cdb54b3df1

                                          SHA1

                                          d92c7d499d2c8cd86e0c88ceb80406830856e1ea

                                          SHA256

                                          a7c1518719f20bd3b7b956bb4daa5bddfcc4e120d98a27ab6a9f0f762d15f933

                                          SHA512

                                          4f210a1d4b1fa2e9b902e8314b5ce54c52e736d464936e595c5a939a7fece635bccedde4a591dea2f775bdfa4bfcd0f5ce80bb53bf94dfcb820bd9ae07cdd59a

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          5KB

                                          MD5

                                          6cd5a09e78a7e74d40b192af06e7648d

                                          SHA1

                                          28a55ae14262adbe6c1c9d2441597561c9c58be2

                                          SHA256

                                          d42b56011fec993a6bdde0b742ad937c2d141522508f3948fd73b2257f76fe03

                                          SHA512

                                          b989677ad7d5d1cad828ea13c6aba3a434aacb514e8000d51ee77d243e71fff0d8be51b98277ae82451e401368073a6734bf50c46ccb633e46446b67afa8cf22

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          83bbb5a9973d959550661f274af38c15

                                          SHA1

                                          eb40361cd6fe1bfc26124f6dcf38a74e27c351f1

                                          SHA256

                                          e5491303305167496a3724f5cc193d499bb97cb4494114ed1d59dc6aa610f52b

                                          SHA512

                                          aae2dd6ce29eeeb7e7da56e444934bb95a2df8507a86c5f3e5799bb25dc825aa5a515f1459fae0787833441946536dad7cd112c08de6c7b7d956b8d191152b14

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          ac0560a019de1d1a3eff4d36b8f41868

                                          SHA1

                                          f1b9fa91f17618f812719c1aeb2e79057b48b356

                                          SHA256

                                          e63f3099a3aa820e661add5c385fd74beea6275904a8f0b93d6067d280e4afdf

                                          SHA512

                                          79759150ff55bd9a9b6313160c48b36292a7fe9dce0f55ea403bee83a9c50631e5fa8c3e7eb109486c1f84a73e709417f958e7f8a7862275cc5bcd63ce4750b3

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          23dc72a6fb972ea1de96c20442d74be4

                                          SHA1

                                          26924f00e3c2cf36657c15d06c2261d2528efa2d

                                          SHA256

                                          8712c65b92d54926e2454e622b7d612608afb641566210cca6bbc84947be9b58

                                          SHA512

                                          41803545165d4eaa6c050bc97071a1fcb9efb1a5bcb0c3477500fc187b7926566528db8ee062b49809120d8f1cfc65159968b0bd9cdff100293be79ff1b57e41

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          e41bce66a8f8dd160f1fddead74f7a57

                                          SHA1

                                          6a5a7cd4db93a92be92b38a8f31fb2630be953cb

                                          SHA256

                                          df6b02c8c72d75564439abedd99d8a7bad6548b362598d9e5b5700d42278abf7

                                          SHA512

                                          77f6709707172aa92e34be38a2e7b2071cb13ee62601e4033f1e364dabec77370d8d7733f035505517d7f88ff4c6e47e95c21eedee75b871343b794047f3dee0

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          c38953f8a405f45ba441a2bfa2859c10

                                          SHA1

                                          a6f9668cb88c3bc8c8e22f57a3d03b27bf55e765

                                          SHA256

                                          aa1dbbd14a058fb34aae3e02b9dd8df595a5e46728951bf054a163b907b67d5b

                                          SHA512

                                          59db622af122a7ea512fb357fe6c27066b25dd9aacf7a1d1222d7141a80c778efa1820d1a8a4f85c8fe5df8f355a019d985deebd2afd68b828d0e1a58169ef7a

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d23.TMP

                                          Filesize

                                          1KB

                                          MD5

                                          846edab1a82d15299328656e5239eb31

                                          SHA1

                                          566bb619309fdfe1c521f291168f086c3845746c

                                          SHA256

                                          1c7b94ffbc22575c2256c79a644bb98360d9fc75c6850d2e8f67aa020d21ce86

                                          SHA512

                                          4117f99795974d1d8385aad9b17aea0bf7ee0ef5811b18c6e9f0e1bd89ef339a5de63195725f32683ca8f94ce1f93aa9e8950cdcce8407444de2fc03aa495019

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                          Filesize

                                          11KB

                                          MD5

                                          e18bb2785c05bcb7677e1ed1443a585c

                                          SHA1

                                          e881534078e656c0f8ee808992a8789dc83590b3

                                          SHA256

                                          0342413175f37a53850acf3f39e1dd02a1e74541003a44a19d4e86c28927a6cb

                                          SHA512

                                          d0298efb637646f4af755f9eae294f66e7f17cca94d59b738aa9733aeb4cb8a7e281a67285d2228262a491d7afa50472516cee37ad3ca0e4e7ae102ba8ed8d9b

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                          Filesize

                                          10KB

                                          MD5

                                          2d94468b1e10440d010bfa5a7a188f9b

                                          SHA1

                                          7406da9fecd715e9ff5a9ce6240f05cbf4ef4188

                                          SHA256

                                          4d4ae29e5e48ad6f09643ded68832c5bbed5ff770d678471373549ddd1addc2e

                                          SHA512

                                          92db14511a9cc7a23d0a74bcc23c7123dfe085422f26a7a859d4031cd5035c69f5bc37dd89c56b3c60147c4241419e95ca2cd3535e2653bbcb2a65dc1493c0bb

                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\cfc549c2-f5e3-4671-977e-f07873eabcba.down_data

                                          Filesize

                                          555KB

                                          MD5

                                          5683c0028832cae4ef93ca39c8ac5029

                                          SHA1

                                          248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                          SHA256

                                          855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                          SHA512

                                          aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                        • C:\Users\Admin\Downloads\Release.zip

                                          Filesize

                                          1.8MB

                                          MD5

                                          14b397954778c4eb62515af3377a964a

                                          SHA1

                                          08036d759d45c293dd19f1b6ac246d8a9dbcabd9

                                          SHA256

                                          8daca3ebcb615c264eb7542a7c92779cdac524911afd85916aef28d68eff5618

                                          SHA512

                                          5037ad0cc79dfbddd177eb8b4f425af311d8d3778bbb98102e829281f7e7890ef2ebce3c9d9e7b527a1c1b790e423bde0eaff66957c758b602cff1bd8fa38e1f

                                        • C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

                                          Filesize

                                          104B

                                          MD5

                                          5a43f201c9038ad5d6cb60e340ffe878

                                          SHA1

                                          48f5d4c0f3d08a76282b6567ee0f12c9e93d995c

                                          SHA256

                                          77bd598e8489ee1b2bd3fe372e2999cf580c8f59604ae4e952065415be9a96a6

                                          SHA512

                                          2b7bc44018f414cab05bc74dd281bbfdbaaf30f6e044de098c58fc57adfd4023543bbbca4d65ba37c010bcca7d41494bbd9b3568f6bec2f49444a5c375f2cd07

                                        • \??\pipe\LOCAL\crashpad_1192_OGRIEKTNKFXABOEK

                                          MD5

                                          d41d8cd98f00b204e9800998ecf8427e

                                          SHA1

                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                          SHA256

                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                          SHA512

                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e