installcriptocns.exe
- Filename:
- installcriptocns.exe
- md5:
- 100bea48a4b460d6ece41e5d2e4606ff
- sha1:
- 82baeb342027198331c05f5cd20fb5b9f27591b9
- sha256:
- e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2
- Filetype:
- PE32 executable (GUI) Intel 80386, for MS Windows
- Size (Bytes):
- 87736320
- Classification:
- malicious
- Indexed:
- Tue Jul 18 2023 17:31:34 GMT+0000 (2 years ago)
- Last modified:
- Thu Jul 03 2025 12:30:14 GMT+0000 (3 months ago)
Sample information
2
Antivirus detections0
IDS alerts61
Processes0
Http events0
Contacted hosts0
DNS Requests10
Score
Current activity of this Sample
Blacklist timeline
Malicious
97 days since the last reported activity
Hashes
In depth details
Dates
Explore our API specification anytime here:
cURL
Python
PowerShell
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2
Response:
{
"antivirus": [
{
"description": "malicious.moderate.ml.score",
"name": "Trapmine"
},
{
"description": "Trojan.Generic@AI.100 (RDML:YnBXdM/ueydMP6O5Rg7IhA)",
"name": "Rising"
}
],
"av_ratio": 2,
"blacklist": [
{
"count": 9,
"description": "Generic Malware",
"first_seen": "2023-07-18 18:00:03",
"last_seen": "2025-07-03 12:30:13",
"ref": [
21745
],
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"creation_time": "2023-07-18 17:31:34",
"filename": [
"installcriptocns.exe"
],
"filetype": "PE32 executable (GUI) Intel 80386, for MS Windows",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "100bea48a4b460d6ece41e5d2e4606ff",
"modification_time": "2025-07-03 12:30:14",
"process_list": [
{
"name": "installcriptocns.exe",
"normalizedpath": "C:\\installcriptocns.exe",
"sha256": "e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2",
"uid": "00000000-00001912"
},
{
"commandline": "--install .",
"name": "Update.exe",
"normalizedpath": "%LOCALAPPDATA%\\SquirrelTemp\\Update.exe",
"sha256": "76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc",
"uid": "00000000-00008296"
},
{
"commandline": "--updateSelf=%LOCALAPPDATA%\\SquirrelTemp\\Update.exe",
"name": "Squirrel.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\Squirrel.exe",
"sha256": "28a913db4008030de78f2e5c04a27bc81dba0c4147248b95078ad1aca2d1ac9d",
"uid": "00000000-00010044"
},
{
"commandline": "--squirrel-install 1.1.1",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00002480"
},
{
"commandline": "/d /s /c \"REG ADD HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /v CriptoCNS /t REG_SZ /d %LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe /f\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00003992"
},
{
"commandline": "REG ADD HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /v CriptoCNS /t REG_SZ /d %LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe /f",
"name": "reg.exe",
"normalizedpath": "%WINDIR%\\system32\\reg.exe",
"sha256": "411ae446fe37b30c0727888c7fa5e88994a46dafd41aa5b3b06c9e884549afde",
"uid": "00000000-00000704"
},
{
"commandline": "\"%APPDATA%\\criptocns\" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1688,i,15732908181291721088,15153405773731885355,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00002432"
},
{
"commandline": "--squirrel-firstrun",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00002336"
},
{
"commandline": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\resources\\app\\appservice/service.js \"--log={\\\"path\\\":\\\"C:\\\\Users\\\\pZrxaZa\\\\.criptocns\\\",\\\"fname\\\":\\\"criptocns-n.log\\\",\\\"maxSize\\\":2048,\\\"rotate\\\":5,\\\"level\\\":1}\" \"--server={\\\"port\\\":9171,\\\"maxAge\\\":1800,\\\"trustedOrigins\\\":{\\\"warning\\\":true,\\\"origins\\\":[]}}\" --service=CriptoCNS",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00001832"
},
{
"commandline": "/d /s /c \"hash kdialog 2>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00006884"
},
{
"commandline": "/d /s /c \"osascript -e 'id of application \"kdialog\"' 2>&1>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00000856"
},
{
"commandline": "/d /s /c \"where kdialog\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00004680"
},
{
"commandline": "where kdialog",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00004744"
},
{
"commandline": "/d /s /c \"where kdialog.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00005012"
},
{
"commandline": "where kdialog.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00003148"
},
{
"commandline": "/d /s /c \"where.exe kdialog\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00004588"
},
{
"commandline": "kdialog",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00008224"
},
{
"commandline": "/d /s /c \"where.exe kdialog.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00009536"
},
{
"commandline": "kdialog.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00005544"
},
{
"commandline": "/d /s /c \"hash zenity 2>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00005260"
},
{
"commandline": "/d /s /c \"osascript -e 'id of application \"zenity\"' 2>&1>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00008396"
},
{
"commandline": "/d /s /c \"where zenity\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00005808"
},
{
"commandline": "where zenity",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00005488"
},
{
"commandline": "/d /s /c \"where zenity.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00005592"
},
{
"commandline": "where zenity.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00009256"
},
{
"commandline": "/d /s /c \"where.exe zenity\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00004040"
},
{
"commandline": "zenity",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00008372"
},
{
"commandline": "/d /s /c \"where.exe zenity.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00003824"
},
{
"commandline": "zenity.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00009484"
},
{
"commandline": "/d /s /c \"hash yad 2>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00010224"
},
{
"commandline": "/d /s /c \"osascript -e 'id of application \"yad\"' 2>&1>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00009416"
},
{
"commandline": "/d /s /c \"where yad\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00010120"
},
{
"commandline": "where yad",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00008892"
},
{
"commandline": "/d /s /c \"where yad.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00009848"
},
{
"commandline": "where yad.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00005784"
},
{
"commandline": "/d /s /c \"where.exe yad\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00008580"
},
{
"commandline": "yad",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00006228"
},
{
"commandline": "/d /s /c \"where.exe yad.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00006816"
},
{
"commandline": "yad.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00002832"
},
{
"commandline": "/d /s /c \"hash notify-send 2>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00003828"
},
{
"commandline": "/d /s /c \"osascript -e 'id of application \"notify-send\"' 2>&1>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00000216"
},
{
"commandline": "/d /s /c \"where notify-send\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00007552"
},
{
"commandline": "where notify-send",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00005684"
},
{
"commandline": "/d /s /c \"where notify-send.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00005508"
},
{
"commandline": "where notify-send.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00002312"
},
{
"commandline": "/d /s /c \"where.exe notify-send\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00003432"
},
{
"commandline": "notify-send",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00006140"
},
{
"commandline": "/d /s /c \"where.exe notify-send.exe\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00008808"
},
{
"commandline": "notify-send.exe",
"name": "where.exe",
"normalizedpath": "%WINDIR%\\system32\\where.exe",
"sha256": "ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e",
"uid": "00000000-00008584"
},
{
"commandline": "/d /s /c \"hash xmessage 2>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00004112"
},
{
"commandline": "/d /s /c \"osascript -e 'id of application \"xmessage\"' 2>&1>/dev/null\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb",
"uid": "00000000-00005640"
},
{
"commandline": "\"%APPDATA%\\criptocns\" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00007408"
},
{
"commandline": "-u -p 7408 -s 496",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
"uid": "00000000-00009048"
},
{
"commandline": "\"%APPDATA%\\criptocns\" --mojo-platform-channel-handle=1892 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00004372"
},
{
"commandline": "\"%APPDATA%\\criptocns\" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path=\"%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\resources\\app\" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=3227074894 --mojo-platform-channel-handle=2136 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00007228"
},
{
"commandline": "\"%APPDATA%\\criptocns\" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00009772"
},
{
"commandline": "-u -p 9772 -s 492",
"name": "WerFault.exe",
"normalizedpath": "%WINDIR%\\system32\\WerFault.exe",
"sha256": "0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2",
"uid": "00000000-00009868"
},
{
"commandline": "\"%APPDATA%\\criptocns\" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2",
"name": "criptocns.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\criptocns.exe",
"sha256": "bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e",
"uid": "00000000-00000892"
},
{
"name": "installcriptocns.exe",
"normalizedpath": "C:\\installcriptocns.exe",
"sha256": "e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2",
"uid": "00000000-00003824"
},
{
"commandline": "--install .",
"name": "Update.exe",
"normalizedpath": "%LOCALAPPDATA%\\SquirrelTemp\\Update.exe",
"sha256": "76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc",
"uid": "00000000-00002968"
},
{
"commandline": "--updateSelf=%LOCALAPPDATA%\\SquirrelTemp\\Update.exe",
"name": "Squirrel.exe",
"normalizedpath": "%LOCALAPPDATA%\\CriptoCNS\\app-1.1.1\\Squirrel.exe",
"sha256": "28a913db4008030de78f2e5c04a27bc81dba0c4147248b95078ad1aca2d1ac9d",
"uid": "00000000-00003624"
}
],
"score": 10,
"scoring_executed_time": "2025-07-18 17:40:01",
"sha1": "82baeb342027198331c05f5cd20fb5b9f27591b9",
"sha256": "e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2",
"size": 87736320,
"type": "sample"
}
Antivirus positives
| Antivirus | Threat |
|---|---|
| Trapmine | malicious.moderate.ml.score |
| Rising | Trojan.Generic@AI.100 (RDML:YnBXdM/ueydMP6O5Rg7IhA) |
Process list
- uid
- 00000000-00001912
- commandline
- name
- installcriptocns.exe
- normalizedpath
- C:\installcriptocns.exe
- sha256
- e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2
- uid
- 00000000-00008296
- commandline
- --install .
- name
- Update.exe
- normalizedpath
- %LOCALAPPDATA%\SquirrelTemp\Update.exe
- sha256
- 76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc
- uid
- 00000000-00010044
- commandline
- --updateSelf=%LOCALAPPDATA%\SquirrelTemp\Update.exe
- name
- Squirrel.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\Squirrel.exe
- sha256
- 28a913db4008030de78f2e5c04a27bc81dba0c4147248b95078ad1aca2d1ac9d
- uid
- 00000000-00002480
- commandline
- --squirrel-install 1.1.1
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00003992
- commandline
- /d /s /c "REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v CriptoCNS /t REG_SZ /d %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe /f"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00000704
- commandline
- REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v CriptoCNS /t REG_SZ /d %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe /f
- name
- reg.exe
- normalizedpath
- %WINDIR%\system32\reg.exe
- sha256
- 411ae446fe37b30c0727888c7fa5e88994a46dafd41aa5b3b06c9e884549afde
- uid
- 00000000-00002432
- commandline
- "%APPDATA%\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1688,i,15732908181291721088,15153405773731885355,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00002336
- commandline
- --squirrel-firstrun
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00001832
- commandline
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\pZrxaZa\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00006884
- commandline
- /d /s /c "hash kdialog 2>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00000856
- commandline
- /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00004680
- commandline
- /d /s /c "where kdialog"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00004744
- commandline
- where kdialog
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00005012
- commandline
- /d /s /c "where kdialog.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00003148
- commandline
- where kdialog.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00004588
- commandline
- /d /s /c "where.exe kdialog"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00008224
- commandline
- kdialog
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00009536
- commandline
- /d /s /c "where.exe kdialog.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00005544
- commandline
- kdialog.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00005260
- commandline
- /d /s /c "hash zenity 2>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00008396
- commandline
- /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00005808
- commandline
- /d /s /c "where zenity"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00005488
- commandline
- where zenity
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00005592
- commandline
- /d /s /c "where zenity.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00009256
- commandline
- where zenity.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00004040
- commandline
- /d /s /c "where.exe zenity"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00008372
- commandline
- zenity
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00003824
- commandline
- /d /s /c "where.exe zenity.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00009484
- commandline
- zenity.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00010224
- commandline
- /d /s /c "hash yad 2>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00009416
- commandline
- /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00010120
- commandline
- /d /s /c "where yad"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00008892
- commandline
- where yad
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00009848
- commandline
- /d /s /c "where yad.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00005784
- commandline
- where yad.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00008580
- commandline
- /d /s /c "where.exe yad"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00006228
- commandline
- yad
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00006816
- commandline
- /d /s /c "where.exe yad.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00002832
- commandline
- yad.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00003828
- commandline
- /d /s /c "hash notify-send 2>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00000216
- commandline
- /d /s /c "osascript -e 'id of application "notify-send"' 2>&1>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00007552
- commandline
- /d /s /c "where notify-send"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00005684
- commandline
- where notify-send
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00005508
- commandline
- /d /s /c "where notify-send.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00002312
- commandline
- where notify-send.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00003432
- commandline
- /d /s /c "where.exe notify-send"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00006140
- commandline
- notify-send
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00008808
- commandline
- /d /s /c "where.exe notify-send.exe"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00008584
- commandline
- notify-send.exe
- name
- where.exe
- normalizedpath
- %WINDIR%\system32\where.exe
- sha256
- ade557dd65848c5cf6565913cf6e01cf5c9a8033f0d784c4d6932394958d743e
- uid
- 00000000-00004112
- commandline
- /d /s /c "hash xmessage 2>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00005640
- commandline
- /d /s /c "osascript -e 'id of application "xmessage"' 2>&1>/dev/null"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- 423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
- uid
- 00000000-00007408
- commandline
- "%APPDATA%\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00009048
- commandline
- -u -p 7408 -s 496
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
- uid
- 00000000-00004372
- commandline
- "%APPDATA%\criptocns" --mojo-platform-channel-handle=1892 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00007228
- commandline
- "%APPDATA%\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="%LOCALAPPDATA%\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=3227074894 --mojo-platform-channel-handle=2136 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00009772
- commandline
- "%APPDATA%\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00009868
- commandline
- -u -p 9772 -s 492
- name
- WerFault.exe
- normalizedpath
- %WINDIR%\system32\WerFault.exe
- sha256
- 0b7f2ca998ecf2a623e04f565354a09091e0a35c8442d7d9b6812b64b9121bc2
- uid
- 00000000-00000892
- commandline
- "%APPDATA%\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 --field-trial-handle=1640,i,6485941096452849377,191269682218058886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
- name
- criptocns.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\criptocns.exe
- sha256
- bdca095f79b5934ebd27accd6431d77269ba9a1db5e1213b89fc1eeabfb9668e
- uid
- 00000000-00003824
- commandline
- name
- installcriptocns.exe
- normalizedpath
- C:\installcriptocns.exe
- sha256
- e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2
- uid
- 00000000-00002968
- commandline
- --install .
- name
- Update.exe
- normalizedpath
- %LOCALAPPDATA%\SquirrelTemp\Update.exe
- sha256
- 76359cd4b0349a83337b941332ad042c90351c2bb0a4628307740324c97984cc
- uid
- 00000000-00003624
- commandline
- --updateSelf=%LOCALAPPDATA%\SquirrelTemp\Update.exe
- name
- Squirrel.exe
- normalizedpath
- %LOCALAPPDATA%\CriptoCNS\app-1.1.1\Squirrel.exe
- sha256
- 28a913db4008030de78f2e5c04a27bc81dba0c4147248b95078ad1aca2d1ac9d