hxxps://customerconnect[.]vmware[.]com/en/downloads/details?downloadGroup=WKST-PLAYER-1702&productId=1377&rPId=104734

Analysis

max time kernel
523s
max time network
509s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2023, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1702&productId=1377&rPId=104734

Score

9^/10

discovery evasion persistence

Malware Config

Signatures

Detect jar appended to MSI 1 IoCs

resource	yara_rule
behavioral1/files/0x000d00000002315e-3898.dat	jar_in_msi

Downloads MZ/PE file

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools	VMware-player-full-17.0.2-21581411.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Control Panel\International\Geo\Nation	vcredist_x86.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000\Control Panel\International\Geo\Nation	vcredist_x64.exe

Executes dropped EXE 8 IoCs

pid	Process
4504	VMware-player-full-17.0.2-21581411.exe
5892	VMware-player-full-17.0.2-21581411.exe
5544	vcredist_x86.exe
1688	vcredist_x86.exe
988	VC_redist.x86.exe
4932	vcredist_x64.exe
3828	vcredist_x64.exe
2424	VC_redist.x64.exe

Loads dropped DLL 4 IoCs

pid	Process
1688	vcredist_x86.exe
5340	VC_redist.x86.exe
3828	vcredist_x64.exe
5504	VC_redist.x64.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} = "\"C:\\ProgramData\\Package Cache\\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\\VC_redist.x86.exe\" /burn.runonce"	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2d507699-404c-4c8b-a54a-38e352f32cdd} = "\"C:\\ProgramData\\Package Cache\\{2d507699-404c-4c8b-a54a-38e352f32cdd}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	VC_redist.x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\U:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\K:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\O:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\Q:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\Y:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\Z:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\R:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\W:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\I:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\L:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\T:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\G:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\N:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\X:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\J:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\S:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\V:	VMware-player-full-17.0.2-21581411.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\concrt140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140esn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcamp140.dll	msiexec.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\VMware\InstallerCache\{D55F00B3-6F83-4461-8243-00A827910D4A}.msi	VMware-player-full-17.0.2-21581411.exe
File opened for modification	C:\Program Files (x86)\Common Files\VMware\InstallerCache\{D55F00B3-6F83-4461-8243-00A827910D4A}.msi	VMware-player-full-17.0.2-21581411.exe

Drops file in Windows directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e5b75b6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8068.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8849.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIADA6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB98E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8B28.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e5b758d.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A250E750-DB3F-40C1-8460-8EF77C7582DA}	msiexec.exe
File created	C:\Windows\Installer\e5b75b6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBDA6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b757b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\e5b758c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b75a3.msi	msiexec.exe
File created	C:\Windows\Installer\e5b75b5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7BB4.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{46E11E7F-01E1-44D0-BB86-C67342D253DD}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB22B.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{38624EB5-356D-4B08-8357-C33D89A5C0C5}	msiexec.exe
File created	C:\Windows\Installer\e5b75cb.msi	msiexec.exe
File created	C:\Windows\Installer\e5b75a3.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C96241EA-9900-4FE8-85B3-1E238D509DF6}	msiexec.exe
File created	C:\Windows\Installer\e5b75a2.msi	msiexec.exe
File created	C:\Windows\Installer\e5b757b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5b758d.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b3688a723d11638b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b3688a720000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d012000000000000000032000000ffffffff000000000700010000680900b3688a72000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01232000000000020ed0d000000ffffffff000000000700010000680919b3688a72000000000000d0123200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b3688a7200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\ = "{A250E750-DB3F-40C1-8460-8EF77C7582DA}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F\Servicing_Key	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\AdvertiseFlags = "388"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_X86,V14\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E}	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\PackageCode = "0608C72FF5285604A91C6AC215602228"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\Version = "14.32.31326.0"	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{2d507699-404c-4c8b-a54a-38e352f32cdd}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5BE42683D65380B438753CD3985A0C5C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{C96241EA-9900-4FE8-85B3-1E238D509DF6}v14.32.31326\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\60DB5E5629367203C8625813703DFCA1	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\SourceList\PackageName = "vc_runtimeAdditional_x86.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50\057E052AF3BD1C044806E87FC75728AD	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X86,X86,14.30,BUNDLE\DEPENDENTS\{4D8DCF8C-A72A-43E1-9833-C12724DB736E}	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.30,bundle\Dependents	VC_redist.x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F\VC_Runtime_Minimum	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F7E11E641E100D44BB686C37242D35DD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\Version = "237009502"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AE14269C00998EF4583BE132D805D96F	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5BE42683D65380B438753CD3985A0C5C\Provider	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\ProductName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Dependents\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}	VC_redist.x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.32.31326"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\PackageCode = "F74C7E797A49CF04EB44632234014EDD"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{2d507699-404c-4c8b-a54a-38e352f32cdd}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AE14269C00998EF4583BE132D805D96F	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5040806F8AF9AAC49928419ED5A1D3CA	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F7E11E641E100D44BB686C37242D35DD\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.32.31326"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.32,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326"	VC_redist.x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BE42683D65380B438753CD3985A0C5C\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\057E052AF3BD1C044806E87FC75728AD\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{A250E750-DB3F-40C1-8460-8EF77C7582DA}v14.32.31326\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.32,bundle\Dependents	VC_redist.x64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MediaCreationTool22H2.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe
1736	msiexec.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1592	firefox.exe
Token: SeDebugPrivilege	1592	firefox.exe
Token: SeDebugPrivilege	1592	firefox.exe
Token: SeDebugPrivilege	1592	firefox.exe
Token: SeDebugPrivilege	1592	firefox.exe
Token: SeBackupPrivilege	5888	vssvc.exe
Token: SeRestorePrivilege	5888	vssvc.exe
Token: SeAuditPrivilege	5888	vssvc.exe
Token: SeShutdownPrivilege	988	VC_redist.x86.exe
Token: SeIncreaseQuotaPrivilege	988	VC_redist.x86.exe
Token: SeSecurityPrivilege	1736	msiexec.exe
Token: SeCreateTokenPrivilege	988	VC_redist.x86.exe
Token: SeAssignPrimaryTokenPrivilege	988	VC_redist.x86.exe
Token: SeLockMemoryPrivilege	988	VC_redist.x86.exe
Token: SeIncreaseQuotaPrivilege	988	VC_redist.x86.exe
Token: SeMachineAccountPrivilege	988	VC_redist.x86.exe
Token: SeTcbPrivilege	988	VC_redist.x86.exe
Token: SeSecurityPrivilege	988	VC_redist.x86.exe
Token: SeTakeOwnershipPrivilege	988	VC_redist.x86.exe
Token: SeLoadDriverPrivilege	988	VC_redist.x86.exe
Token: SeSystemProfilePrivilege	988	VC_redist.x86.exe
Token: SeSystemtimePrivilege	988	VC_redist.x86.exe
Token: SeProfSingleProcessPrivilege	988	VC_redist.x86.exe
Token: SeIncBasePriorityPrivilege	988	VC_redist.x86.exe
Token: SeCreatePagefilePrivilege	988	VC_redist.x86.exe
Token: SeCreatePermanentPrivilege	988	VC_redist.x86.exe
Token: SeBackupPrivilege	988	VC_redist.x86.exe
Token: SeRestorePrivilege	988	VC_redist.x86.exe
Token: SeShutdownPrivilege	988	VC_redist.x86.exe
Token: SeDebugPrivilege	988	VC_redist.x86.exe
Token: SeAuditPrivilege	988	VC_redist.x86.exe
Token: SeSystemEnvironmentPrivilege	988	VC_redist.x86.exe
Token: SeChangeNotifyPrivilege	988	VC_redist.x86.exe
Token: SeRemoteShutdownPrivilege	988	VC_redist.x86.exe
Token: SeUndockPrivilege	988	VC_redist.x86.exe
Token: SeSyncAgentPrivilege	988	VC_redist.x86.exe
Token: SeEnableDelegationPrivilege	988	VC_redist.x86.exe
Token: SeManageVolumePrivilege	988	VC_redist.x86.exe
Token: SeImpersonatePrivilege	988	VC_redist.x86.exe
Token: SeCreateGlobalPrivilege	988	VC_redist.x86.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe
Token: SeRestorePrivilege	1736	msiexec.exe
Token: SeTakeOwnershipPrivilege	1736	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
4504	VMware-player-full-17.0.2-21581411.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
1592	firefox.exe
5544	vcredist_x86.exe
1688	vcredist_x86.exe
988	VC_redist.x86.exe
3308	VC_redist.x86.exe
5340	VC_redist.x86.exe
5140	VC_redist.x86.exe
4932	vcredist_x64.exe
3828	vcredist_x64.exe
2424	VC_redist.x64.exe
1524	VC_redist.x64.exe
5504	VC_redist.x64.exe
756	VC_redist.x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 832 wrote to memory of 1592	832	firefox.exe	83
PID 1592 wrote to memory of 1008	1592	firefox.exe	84
PID 1592 wrote to memory of 1008	1592	firefox.exe	84
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 4344	1592	firefox.exe	85
PID 1592 wrote to memory of 3936	1592	firefox.exe	86
PID 1592 wrote to memory of 3936	1592	firefox.exe	86
PID 1592 wrote to memory of 3936	1592	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1702&productId=1377&rPId=104734
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1702&productId=1377&rPId=104734
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.0.1709043123\1934031826" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68d23bbf-6b84-44c0-a415-be09be1bdf19} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 1932 18661416e58 gpu
    3⤵
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.1.2127857827\1601923445" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21bd1117-44cf-4860-a43a-47424dd24d88} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 2440 18653473e58 socket
    3⤵
    - Checks processor information in registry
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.2.60247789\278152185" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55d0568d-2d6c-4cd3-98e1-6459643dda22} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 3168 18664211058 tab
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.3.2075406896\2087385994" -childID 2 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {998b208f-ee96-4938-b09a-1b2cc5e4493d} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 3972 1865345ce58 tab
    3⤵
    PID:3180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.4.999833965\2134645340" -childID 3 -isForBrowser -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5546dc77-bcd5-4130-9eef-c59008297e23} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 4752 186667dc158 tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.5.443550580\1045931946" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {033e98b1-d62d-4980-ab09-eb02982c59eb} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 4984 18666964858 tab
    3⤵
    PID:2596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.6.2098376588\1665869192" -childID 5 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ca585f4-e448-4a4c-8b56-d19b04b0f5ee} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 5204 18666965458 tab
    3⤵
    PID:3448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.7.95569007\1178682806" -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 5912 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e99ac269-55de-490c-b76e-47e5565b84dd} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 5920 18668131858 tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.8.638278806\1687290218" -childID 7 -isForBrowser -prefsHandle 6216 -prefMapHandle 6212 -prefsLen 26970 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c79f8c7-7b73-4759-8cac-c8b15a90e130} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 6224 18667f51e58 tab
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.9.1585105630\1436322751" -childID 8 -isForBrowser -prefsHandle 10408 -prefMapHandle 10412 -prefsLen 26970 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4499a14-0534-4fff-b5dc-77e26aafb515} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 10400 18668729958 tab
    3⤵
    PID:5796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.10.404707812\861309233" -childID 9 -isForBrowser -prefsHandle 3872 -prefMapHandle 1448 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbf57244-595a-45a4-bb4a-826a2bc98815} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 1452 18653466658 tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.11.1050381380\103056972" -parentBuildID 20221007134813 -prefsHandle 10012 -prefMapHandle 10084 -prefsLen 27235 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f4249a5-5ac6-4fe1-9024-6826792267a0} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 10024 186666baf58 rdd
    3⤵
    PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.12.653699895\193245428" -childID 10 -isForBrowser -prefsHandle 2196 -prefMapHandle 9876 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a227380b-6ea6-4d76-9cc3-193102b6f2f2} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 10400 18668af1758 tab
    3⤵
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.13.1540948146\1666340441" -childID 11 -isForBrowser -prefsHandle 9668 -prefMapHandle 9664 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2525acc2-9088-4ad5-880a-a609a797e5af} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9708 18669a0ac58 tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.14.1432979381\1063100008" -childID 12 -isForBrowser -prefsHandle 9904 -prefMapHandle 9888 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4d08605-3604-4335-8326-6b6da8863b5b} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 6432 1866279d158 tab
    3⤵
    PID:5644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.15.404146481\923343799" -childID 13 -isForBrowser -prefsHandle 9312 -prefMapHandle 9308 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b15f8df4-8230-4568-86ea-ac13d19957cf} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9556 186697c8858 tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.16.250696040\503669776" -childID 14 -isForBrowser -prefsHandle 10124 -prefMapHandle 6016 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc86f410-3a7a-471d-89c4-417f601b5d9f} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 10000 18669612258 tab
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.17.1088689778\1109879811" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10360 -prefMapHandle 10348 -prefsLen 27235 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef04a23e-e604-45ef-85ea-f7f56ee7ec6c} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 5964 18668221d58 utility
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.18.810036021\2001844879" -childID 15 -isForBrowser -prefsHandle 4516 -prefMapHandle 9536 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d1c1163-151e-494d-9e24-1aaea0dc25a0} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9496 18668134658 tab
    3⤵
    PID:5680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.21.1715587302\2063882638" -childID 18 -isForBrowser -prefsHandle 5348 -prefMapHandle 10080 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da9a81e8-ede6-4863-bb49-d56af823f3a2} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9148 18669d49158 tab
    3⤵
    PID:552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.20.390728550\1960687517" -childID 17 -isForBrowser -prefsHandle 9764 -prefMapHandle 9800 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91714ede-8185-4e27-a555-d2aa3abbaa82} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9380 18669d49a58 tab
    3⤵
    PID:5612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.19.967649230\1535797721" -childID 16 -isForBrowser -prefsHandle 5420 -prefMapHandle 6368 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3879b76c-ba8f-4cd5-9cd6-9f66238b7046} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9888 18662e60758 tab
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.22.1771900599\1122350893" -childID 19 -isForBrowser -prefsHandle 9344 -prefMapHandle 9348 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4493c33-495f-4431-9ed2-995b01d79433} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9360 18668b52f58 tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.23.788898327\966896132" -childID 20 -isForBrowser -prefsHandle 8808 -prefMapHandle 8848 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3253fae-1c69-466d-b11d-3b2d890caa64} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 8836 1866ace0058 tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.24.151273271\841654035" -childID 21 -isForBrowser -prefsHandle 8796 -prefMapHandle 10420 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce90be19-365c-45fb-b614-2f78d6be5796} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9176 18668134358 tab
    3⤵
    PID:5312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.25.516188005\462411150" -childID 22 -isForBrowser -prefsHandle 9880 -prefMapHandle 9140 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0bcf0f8-c98d-4376-8574-3a4fa13d404f} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 5332 18669a7c258 tab
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.28.434343476\2038548751" -childID 25 -isForBrowser -prefsHandle 8308 -prefMapHandle 8304 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f502284-aa93-4bb4-9400-6c803aa3572a} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 8316 186627ed558 tab
    3⤵
    PID:5300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.27.851924061\775825097" -childID 24 -isForBrowser -prefsHandle 8428 -prefMapHandle 8832 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33bc455c-6ccd-461d-a011-6efbdc11ce05} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 8712 1865f8b9858 tab
    3⤵
    PID:5924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.26.1912750803\889346751" -childID 23 -isForBrowser -prefsHandle 8572 -prefMapHandle 8580 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6aee340-1401-4c79-bab8-9bd988331a57} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9348 1865f8b9258 tab
    3⤵
    PID:2560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.29.848640655\156868745" -childID 26 -isForBrowser -prefsHandle 9040 -prefMapHandle 8736 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e7e24e1-c1a0-4247-b187-3941c78dca4e} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 8660 186627f0858 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.30.1889530464\572985" -childID 27 -isForBrowser -prefsHandle 8536 -prefMapHandle 8688 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac4ba785-ba7c-403b-ab23-0a2b2b37aca2} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 8308 186627ed558 tab
    3⤵
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1592.31.341790441\1028935354" -childID 28 -isForBrowser -prefsHandle 5060 -prefMapHandle 5188 -prefsLen 27371 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7a3c6e5-ac21-4103-bfd0-11951b4359b5} 1592 "\\.\pipe\gecko-crash-server-pipe.1592" 9572 1866030d458 tab
    3⤵
    PID:5640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5836

C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe
"C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe"
1⤵
- Looks for VMWare Tools registry key
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:4504
- C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x86.exe
  "C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x86.exe" /Q /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5544
- - C:\Windows\Temp\{5339394C-570C-4EB1-9F61-0BA5D774B03D}\.cr\vcredist_x86.exe
    "C:\Windows\Temp\{5339394C-570C-4EB1-9F61-0BA5D774B03D}\.cr\vcredist_x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x86.exe" -burn.filehandle.attached=572 -burn.filehandle.self=560 /Q /norestart
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1688
  - - C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.be\VC_redist.x86.exe
      "C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{50B8DD68-B6EA-4803-BE3D-DF2D25316504} {24BE4CD8-7EAB-4848-811E-F77DC0386611} 1688
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} -burn.filehandle.self=972 -burn.embedded BurnPipe.{9DEF1CF0-2193-4973-A52B-B513EA36FC5A} {88EF2476-FBA2-4565-B01F-AB97C2D490A8} 988
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3308
      - C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={817e21c1-6b3a-4bc1-8c49-67e4e1887b3a} -burn.filehandle.self=972 -burn.embedded BurnPipe.{9DEF1CF0-2193-4973-A52B-B513EA36FC5A} {88EF2476-FBA2-4565-B01F-AB97C2D490A8} 988
        6⤵
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:5340
        
        C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        
        "C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{569A5862-A3BE-46A9-8FBB-1259EABA2EA4} {B99B210D-7295-4672-94BD-5ED1BFC01887} 5340
        7⤵
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:5140
- C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x64.exe
  "C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x64.exe" /Q /norestart
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4932
- - C:\Windows\Temp\{8B242E00-B6ED-4B6C-9AD2-0180604F0097}\.cr\vcredist_x64.exe
    "C:\Windows\Temp\{8B242E00-B6ED-4B6C-9AD2-0180604F0097}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=676 /Q /norestart
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3828
  - - C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.be\VC_redist.x64.exe
      "C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{57BED0AA-3469-465D-9B9D-BA7E93737611} {1823AD54-5572-466A-BF4E-9F84BD067677} 3828
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2d507699-404c-4c8b-a54a-38e352f32cdd} -burn.filehandle.self=996 -burn.embedded BurnPipe.{13CCF820-8EA9-4725-8768-ACB8A1FCB1D4} {7E351240-554E-42C4-83DB-14CB5B59BBB6} 2424
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2d507699-404c-4c8b-a54a-38e352f32cdd} -burn.filehandle.self=996 -burn.embedded BurnPipe.{13CCF820-8EA9-4725-8768-ACB8A1FCB1D4} {7E351240-554E-42C4-83DB-14CB5B59BBB6} 2424
        6⤵
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:5504
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5A4C9E30-0C53-4432-B5B3-AA0E74091204} {7BE1F960-BBBF-478B-A85E-9C52A5250502} 5504
        7⤵
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:756

C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe
"C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe"
1⤵
- Executes dropped EXE
PID:5892

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5888

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:3104

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5b7580.rbs

Filesize
16KB

MD5
5b6c766758c4499aa4f2288caba48cf4

SHA1
429c6a39fee550bb66210740ce0de609df3eca85

SHA256
6992864278baec76b995556daf25c3ac66790d907d4d3f55acacb6de0d4081d8

SHA512
0b305485d0db58ac411e4f33bb48e6e3e36e079c21cef1dd7eb4b9404afeb56557230506a1875fdc47f06beee14b5fb6f5681c4ac4890dc3be65bc90fa3d7d7c

Download Submit
C:\Config.Msi\e5b7585.rbs

Filesize
18KB

MD5
0e8fafe8e588ac2b36f4c751aee8c9c3

SHA1
2401c503559bb5a07d73d028ca20303b7661b653

SHA256
10f617274cc8e23bd5719462253c73e67dbf70fa28311398e0d8a641d38681a6

SHA512
c6c38f44fc8fa96fa9d5650e6fd41bb839e3a0395a6a05006c517caa46c75f716af68ff1dddb9080a82f95155c740292f121838a4ee78e676e270944838ff430

Download Submit
C:\Config.Msi\e5b7592.rbs

Filesize
20KB

MD5
14eb818e6395679f69bea9c1fbfbf2c7

SHA1
fa6b846cfcbbb55436d20f3639e36b92617b0056

SHA256
95444ca9297640abcd629b4e174678c216b2d9dd1081a94d1dce9f930df0d1e8

SHA512
7284d681e8ce3a724b2735d46265a09c83b5220cfda39a2ea10f3894e8e3ed114646852ca54e09bccc26e06d44d4f353675e7c7a315251c3d0df0a38cbaf3db5

Download Submit
C:\Config.Msi\e5b75a1.rbs

Filesize
19KB

MD5
1d716a4a69b656af65c33b69dfcd1c93

SHA1
801c7608abf22db0de9e38ebe31800258ee0f6a8

SHA256
1546325c8466172f5032182f18c4264a9f2c0e2aa912546aee56bc74c4b3eade

SHA512
edbfe18dc85cfbd34fec623011a8db5244be45607b416362be45d49dea532099b4e12e5328bcea3713c5223b265654987db0593955e93a139e3d49bc4cf38e28

Download Submit
C:\Config.Msi\e5b75a8.rbs

Filesize
19KB

MD5
4b616ee7ce66ea2ce57c067a9b7b8a4c

SHA1
dea58bdf68aa254eccaad8bb7886f040d884b130

SHA256
780d45c0628d6d30ea53b72c84e4ee3f8cd214959b74ed0e1536684cd02a4b4d

SHA512
aa202fd58e6648dfef7d02e49aaa50332445f18ae3402776bdb7f4596f350a9212640e8be84340f3dc4abfc4e2668a53bbb51cba22bf44610f9ecdf5c3b31aba

Download Submit
C:\Config.Msi\e5b75b4.rbs

Filesize
19KB

MD5
b56cb1722875f43736dd7f8dd4d5fe16

SHA1
a4cf2f6ee047e8e675d13f19dc06132663e6903c

SHA256
e450be36a03dba6958a4747a32c3c5c05a490646d79001c4b21f4ace58d4d343

SHA512
1490bbb30f7117ab0baf4d67b56fcb47d8b760531a60741efba635105d6b36b07569468ae903a5d20148aa646250c3ca7dc1988f941e1544e0e5ae3203b4bfb1

Download Submit
C:\Config.Msi\e5b75bb.rbs

Filesize
21KB

MD5
699c799e65c5d2ea826fbd880501f265

SHA1
7cce44513468bd63996f447e0b4d81bd003ac2bf

SHA256
4764d797d4eb90aa5df6348eb37b7b9e269dc91f481e8e385b26b7acae89d196

SHA512
5bad7c7ff1aa0c359bf12422f1f13df0e08c0895a65872451156760fbb6bc196241bd7f0bf3196315dc1a8d5d3dd3356f121a08349db4f21813b6c7eba77446a

Download Submit
C:\Config.Msi\e5b75ca.rbs

Filesize
21KB

MD5
bbfd7bb652281aad0555aff31e9506a6

SHA1
827e5d7ce7e50ba81bbab5f982149315b84ddac0

SHA256
48b2f9c27952e9b5cf656011710a87862cc3806604741d42f58173181ff96510

SHA512
dcb11b25d808c62b49651772aa746bd4858fa6f53bf714508ac830899734705a2e7fc8ffc72c00ad1eb514de5944ea94d798646c2e865a628e6da775733c094a

Download Submit
C:\ProgramData\Package Cache\{2d507699-404c-4c8b-a54a-38e352f32cdd}\VC_redist.x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\ProgramData\Package Cache\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\VC_redist.x86.exe

Filesize
634KB

MD5
ff6e9c111f04dd7b06691bed6d8f0db2

SHA1
211c95ea9f7452afc1edebca6e303fba84936fa1

SHA256
05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1

SHA512
7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

Download Submit
C:\ProgramData\Package Cache\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}\state.rsm

Filesize
1KB

MD5
df7a46b12e76ef6ee9b64880c3b51302

SHA1
635962e70cca2afefa71e96802015c9742f9c0a3

SHA256
ce839badd5e2c61bcc20a7bf8a78317a51d0f8e7ee61c6a23e3e0ec9fb0f0102

SHA512
7af42b433878f467d69fc03d8f3d4fa73591ae963de2b9a3263a6962923fde2f802ffbe28a515896e252ed8be37f42d6f71e44291493359ea2b028dd7708073a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\activity-stream.discovery_stream.json.tmp

Filesize
161KB

MD5
5578db3fb251450d920192ada537a06b

SHA1
9d9c23c3dbf6eabfe078fdf3e23c4b089d36985c

SHA256
e3799772beffa1724f36db2dcce4e64ca3f3e095f2d8e3b0cd4479da492ff0b5

SHA512
d02001a6c2fab573ebe78bd1564ab57f68f36d14fee0d9b05b39fee28352a3ee367ebaa096215d7c39e5c2bb431fcfac6e8f0cb2e73d574466e2cc48a544141e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\1089

Filesize
15KB

MD5
ab1f7dbc41aa79565446929c9649223f

SHA1
8ddc9d6766da16ad1b65a9fdf9785cbab286ba30

SHA256
8bc00f12d2a7197d723f748b60cb4000e719b162b29e1e251883dbe6f861e5d0

SHA512
a1c8b0e4f35547cd9d8d7baa220912ce42208a14c8ecf47ee823197d92b647f6814ae11d62feffffba8b8c0648d6a785ed287807b7fdb6ddcc38027780205b62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\124

Filesize
10KB

MD5
0e4cc04900cf5f102a9ea6a7e5aff438

SHA1
c41b6301a8fc1b46354385e178f98ba92fb4e894

SHA256
5cb398fefe7e8193ddee4f65f24cbfd561f9ad2e96dbdb69f850ceaab1bb346c

SHA512
be6220c5c5457aa4c35ac7000a849d889abf6e87d4a798a8ab7ab855262fa18dcad6af81b6ca2212e158d6180e241b080e066a0ba7201082e4ac9e0d373aeb96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\15451

Filesize
15KB

MD5
94e64893112146cdb2da3926b7567f13

SHA1
465e42a732d717b5ec2f0b936acf6fc835f2b2fa

SHA256
bc531f02244537552a095a13173704f6598a5f5efda7d53870b65f8ffc0babfb

SHA512
3cc7d290e3084c19528632fac8f802f9655b44aaf3fd7afc66580975bbedb2044936608024c3e399b63413be9b06268e8eb0fc6b3b6155c5cc559c9a8d86202f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\18803

Filesize
13KB

MD5
15325b87804c4932ebdbe474445130d5

SHA1
aea4c1a6590fa5f2349d74af23964680cc7d9d7f

SHA256
bc0737c82e5b1689ecb177edbeae40fb2361281dc6f7b79a011791c64c783351

SHA512
728cfbe04f9a9a7a891b1ff76ba2c57c1d028641f0bb29e3ab2119feea8e35fad25ce51a3669ccef55bdc71a5ef8f18d77aedbd5caf33b4abb85fd110232a1d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\19783

Filesize
30KB

MD5
9aae0d0daedfcf260959203b145057f0

SHA1
e5e7ab6d2d25b5de4a32182cac905c7275f9ca41

SHA256
724725aae383ced96ba176ef1f1de9d04dc51ffb26a5a2c434b61f396ff81587

SHA512
159e563ed1878d271b6cf4281c0ff986b737cedfbcde2309f3a2fb68f134471203132e6f1fc842435c520f8c17844223d474be2c068ed5d7b7d26a1f04d99e2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\23833

Filesize
9KB

MD5
3705dd06794126179dd7be2d3492a46c

SHA1
eb1aff5bc59a7e56e12f5f21ab55c07cf424b04b

SHA256
55661c56c9f2d46f8ff02baa0bf077cfecd3c11370a34bb952b4322cfd68c66a

SHA512
6c36410fdccf8e5d418d179bca3782e9d67abe0b1e2e772cd4186052d8696916b45a111252436bd790803452c946ab7512f3d770d984c8f35d932345a9aee999

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\2389

Filesize
15KB

MD5
310dc9ceba407e46c1ea54cbefe5dd52

SHA1
7d1110fefd711389354b11109b40307a445444dc

SHA256
7e7b81eb252f9f702ca7383073351e1f6c7c758a2a6346fcb88330200d67f646

SHA512
25d2242d2ae77277cdcfcbc423795cc9c9120d526bcac2509b8e4bb5fe4f195a9bc26eed4e0383ad8c54b3ccaa745aebfdccb53276647d79e243595f045b0db9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\26661

Filesize
15KB

MD5
0cb6ca1abff5c76ef80c13ca009b4d28

SHA1
ca160893213d8f773625ba3d25d9c49eb44bfc40

SHA256
642e3f8c97c733d83a913145b002a5761945c0abd038c5e47286703326bdaddb

SHA512
835c8aff4f98078fc860c10e0af1acc26990d16da835ca260abf9ed330d0a6838212a8d9f1d3d0036c93fdd8bf5d36e309388d513ce11a5b655dd38bbf9005dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\doomed\29106

Filesize
96KB

MD5
6437fe56cb180b8d477b5e94afbc664f

SHA1
9a911db1eaeaa2fb1a952c283e8890429220e3d3

SHA256
b6646b29419c40570ab26d5d92cd2b2627e41b320508cdcfba7d39f836b0223b

SHA512
343df9ac5d365f7d45ec92b7cb43f16ce22be1571321c3d71a8fdd2fbb29e9e986d15f6c82a4d2d8082e2837b724944f3d9e3faac0105bc03da5290b1362db53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\01AB491A5BEB28B74F0E0126FB5F86481A229589

Filesize
34KB

MD5
9451b7ec330e5b3586a22bcf014a1ed8

SHA1
2278c62ede5a0ac40914798ed7ea5a57f877006e

SHA256
9e3b42bab02d5089e5b729358773bdaa7e0bdacb0169c4cf85b120a5d1fff637

SHA512
eef4d14be70394e61b623a056564a65e6a7340f6b23073908be72c51b5f4174ed1b56f8c8ff3bd5f6eeb9d53f6fdc09d74add0eb1baec314c976a1b57b424859

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\02BDC240953458991DCEDA31AAC94E1EC4C811FF

Filesize
47KB

MD5
582890d3e2ef8166ba428693dae29e8e

SHA1
3545aacd9bc434dfd8512080847b8235566c5d85

SHA256
8e90ee20220706b6f3c185fb9e5c0672308edcc67a9ff88a235a3450860913bb

SHA512
3b7f796efcb36df2a9eadd19e2b32b1dc4a3a14333f92cfbef0ea293151e79616782f4a2789237f8c85f513807ff755f7704c18a789b3997d103cf8cfa31d184

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\0B863F0C5A7886F1C48D241E6BF79D840826A1CC

Filesize
978KB

MD5
fb3c7371d7421c8c091a15cf61c45d50

SHA1
4d77bce2803de47c5bf837ac17bf481795e84968

SHA256
e66d8590df946ce9dec2fdc8ef8519dce82d983ec48e0782229474a801ce7c96

SHA512
a33ddbcbbe86133d1d1296a588c49a070471fb3e16299a4d89c567af84f5679a3aefe865ffbcb489378035e871494a3cedb0eceb577465e6777f84d4ed24740a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

Filesize
14KB

MD5
36a657e45de234812c4b27420a5bd752

SHA1
f89d1db25b24974d45196c62f58533f9d6200f54

SHA256
1ab624ca63772694632b6c0420bc309168ac73f97d7cb3eb82434d0395eba6df

SHA512
c753405b0150bf0facb7599c1d5d44f95c40b129ed0f203dd1e3330f63cf83da048a03ab82c125320bed52e039567e4e0b51fc06746ccbb78824a6d1be7f88d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\2661BA90D0CEF717F9CF0248F78D2F576B9799A0

Filesize
4.9MB

MD5
0c42b629637639746cd3a87d9fd9a53d

SHA1
5532f73f1989f1b85c66e972aad7e39d645f7676

SHA256
d5a6aed9b26f7654bc77c147bb0b135802859ac78aaa5b5fe234898b37b06db1

SHA512
856c0043bc742055555e48754124100bdf67d6425bac58611c00ad93e393c3e23277f87448f00b864871f864290c44e566d3d09508cb31aa4039887ec30d2c6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\5CFC576C9642DBA230AF9D7AF270CAADD07149A9

Filesize
479KB

MD5
537fad9e8369951399eac76508833124

SHA1
b9fb0fa848531a3ed42b0f0f3d3384fed5edb78f

SHA256
059f9793ebb3bdeab509e6b5661f507173131a9e1cd7bee898c75e4f2c895373

SHA512
bea3be70c952c81e8f44aa4cb8e6470db2846d9a77a71980a1d87404a914b1fa5b43a7d85b2b0312c5cff25178ff8524f531fb3eb2db5ffb4af04dfc3240a289

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\78E6F1C3102F5C8416CBC83A1C0BB07D366FDD25

Filesize
59KB

MD5
4c3a7e4f6979d542e5acdd9bb12814c2

SHA1
3b113a81dfb88746aad5db8b33fa5d1fc4ca7234

SHA256
577019b0c302a5dfc0341da7e0e92ab0249b56638556adaf91ae946ec6cd8fe8

SHA512
000ae37fee0515c30d5c5e5f0f24885ef7cf717f9b3983fb6432d967a182cb6460206b8b35a1622ff37e713cd5efebd6815a758b9228eaa5684e463b1be17e21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\8482F632B2DBA0EBF0DB4E153BF9C1A67223F36E

Filesize
354KB

MD5
c3f604273aaaeb5f6c16c67403b1dd7e

SHA1
7fa8dc50419e0b53a843d012d1512e8e599bfcf4

SHA256
5d66500eaf09e9e52baca9ca5ef9343f53cdc0debe6af02e21c5a106771f7e33

SHA512
14206afe44b811778b763d5b1fc2e5ef1e1f2cc3fb8e1e02852f6a16181c727f2ef6bce8e37ba6f1f2f715cb73ba2db597a66db807de966ff1585f40f8c4028b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\857A7443278A73849A835CED72352753558659A5

Filesize
89KB

MD5
8c26c6865feec3486300a59a08b8e2af

SHA1
7dc3a618b4e1a4a0a3f4537407dcc59055040db8

SHA256
a63a87fa861cbca5224408eadca3e813e6d9a1b0846829d22fba8e717cdad696

SHA512
7b6ba8ea44a91e53bf240403ea53b9b1f2f8fbb429851b828b8574effb35f0d2b5155211495a92bf1f4675084c26bc5e17dc5924a8a696d4853c9dbc64cdfe6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\9207D4B67C91D0FC8FA99C60CC1366029976CAC0

Filesize
124KB

MD5
c12dd4f83d50ed09e775d40df127b614

SHA1
d69d84a6fce21b8ef90c2f826d8e3585fea79c92

SHA256
afc879aa4849622f4d39a25d443c062d5b424dedaca74f79b843a98db6c3c893

SHA512
604d2e81a5d518e931285d41a0675a1a369386773d76342968fb9585ce85ee53ca3853b263413b9bc9dd8381ad2d1601c0d771c8eb6f4f01f5b329d6b63dd98d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\C09AED034298D2D100504C4A4774E31B6683CCCF

Filesize
427KB

MD5
c124f8f4e79388a68dfc63256a085efb

SHA1
a049857afdd23c7a4905a2244ba8b56efc25014f

SHA256
b5b3064e234719b762fea67fd5256116ae7b8f8e1b89068d4d5d471220e892d1

SHA512
49dacfd99be158f7398636f3eb947adeec1f0c0bf2f313c9c38a0b8a3fb85db55a0648feed4d824df7060b2f69992a4ce26d68511d960639ca1882b30b8a351d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzal0frr.default-release\cache2\entries\EAB2C5716B15CFBE8337122ADC94A4CB324AB209

Filesize
28KB

MD5
caeca33a3542b06315a6ccbec87f472b

SHA1
1cbf39fe00fad90d994863ccdbaf7be6412acd3e

SHA256
1b754b6944cd01b0156d2d54eeb023c62ee4da6498b20af98ef6602bfbd8242a

SHA512
685400efa6f8ed627e789c23b1c0ebb83a7e9e60c5c9d119e3407c6d7c7cf3d019fc20137c58155846ba94a92374ded87ded7ed86e3100c0a33d7a648f6b2241

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230629033303_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
bff58a7ac5c8ef0f289619c9e7ee1d51

SHA1
8499e139586260eac8dc66ede1303eb5f3b80ad7

SHA256
aee8f067e6babf70ce5a936fed275392c4de0287307acbfbb8a953d694b6f0e4

SHA512
67ff4bc422636cf92206b48f626c6e9b0888cd1642261b04bea1237ffa1e2abdb2cff32cb119500e860ee157695584b47a8403c40b9ab0d16c4f2aafb962e7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230629033303_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
a6dfbfffb25329a2142fa11c19281538

SHA1
45f0ed6cf9c2c7effefa01959fd45a5d4d779912

SHA256
a4a2369cbba81f51a38bdb399a015bc43be25831d20dcb2d863988300c17bdc3

SHA512
13a94496fc4c30cfbca9b7e6b11a1e95e73c19768ce3e76f0217a22d9d1f0fb6c99b7e0e6855b508cc3766ffd5c16c5828310e7bf5985e74705e14646523ca7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20230629033217_000_vcRuntimeMinimum_x86.log

Filesize
2KB

MD5
6dfe1ac3b5b144afdeece866a9b80258

SHA1
a375dc1d70098d35175237adb576dfbb7d733cc6

SHA256
97987752aaf51c526caa400d70f55bc5f362d207df7f597038c122bfb0bc3ebc

SHA512
a05ba80b4512633f1dff6fa2d84cf38d900c4c274e9f0685218ea300252943b517002937e3d6f48c0550955cfe96e70166335297f273d4a5aa1d4cc61a504b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20230629033217_001_vcRuntimeAdditional_x86.log

Filesize
2KB

MD5
8ee56941ab24d365234e63d3b2d934b8

SHA1
7ea321e88dadc31ba3dabd37bc8c9afa39240116

SHA256
b64194d2853617460e5489a3fce0c099b995e7d50c2895a326528160dfe16959

SHA512
543dbcf8cb2a74d0b9802ae76d58a8100c12bb5d5c36b2dcf07e11773960a88db4f21e2a1643c8b15d47fae3284ec4a9e8f7e01c544d5c5c2dacfa4314d4fae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\vminst.log

Filesize
8KB

MD5
9df77ab3f84d29f31df467079e0f3369

SHA1
743973cd1f2b16b14db08d3a7ff4894521173bcf

SHA256
d8773bf665df760d6015543ebe99cbea55e82c78ff314ae413006be351c15b5e

SHA512
86dfa1e28513c24119f29ffad8e1f0c729c111ebc01c9d1be639c127d8c53ac89ab2a3f88364b1089b6e44bc5dd4d1e6d70cc034c004928b14b3e2b0a7a0148a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\VMwarePlayer.msi

Filesize
538.1MB

MD5
963aff496af042d063a1153668b28651

SHA1
6db5510e92fff7de2cafe4bb0d7169ecca9efa9a

SHA256
c0764917504df52badff64809c6766227d4f96bff3c583bda4ded66349690693

SHA512
f4964b010005bf614d044b0807d9c0b6293467048e2c1ac5c8457244e7a533296c767cc06fd54d32070354c1f069fc3a5c43c1a2f7181c6a91d4a9063f3ec13e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x64.exe

Filesize
24.2MB

MD5
dc32bee92db9ddbb64dcfa7133ca17cf

SHA1
47996aab6a20dbba69969c4b36f8fc718877751f

SHA256
426a34c6f10ea8f7da58a8c976b586ad84dd4bab42a0cfdbe941f1763b7755e5

SHA512
3647b9d32924a7bbbacb70609df1d0a5148db0d8396fe0918f8535a183c6a9edff4a982b023178091e7a8ec29a85a40e19db66f32e18e4e62887fb41f709727e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x64.exe

Filesize
24.2MB

MD5
dc32bee92db9ddbb64dcfa7133ca17cf

SHA1
47996aab6a20dbba69969c4b36f8fc718877751f

SHA256
426a34c6f10ea8f7da58a8c976b586ad84dd4bab42a0cfdbe941f1763b7755e5

SHA512
3647b9d32924a7bbbacb70609df1d0a5148db0d8396fe0918f8535a183c6a9edff4a982b023178091e7a8ec29a85a40e19db66f32e18e4e62887fb41f709727e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x86.exe

Filesize
13.1MB

MD5
4df5dde302a87e2e85351af689892fcf

SHA1
ae587be1c1ad6d58fbe73d43ce1ea0771d774ba7

SHA256
2acbfe92157c1cf1a7b524a9325824046d83dbfa3feb1cbd4dd02a42e020f77c

SHA512
d10f98f221b79b77fe92f93ac09d34c53c1e58b690dd61b6f770d892d7619b5fa38edb2c0800ce2dec715e6c2d3f46848c5a4a3b25b64967eebc05eaa0afade3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D55F00B3-6F83-4461-8243-00A827910D4A}~setup\vcredist_x86.exe

Filesize
13.1MB

MD5
4df5dde302a87e2e85351af689892fcf

SHA1
ae587be1c1ad6d58fbe73d43ce1ea0771d774ba7

SHA256
2acbfe92157c1cf1a7b524a9325824046d83dbfa3feb1cbd4dd02a42e020f77c

SHA512
d10f98f221b79b77fe92f93ac09d34c53c1e58b690dd61b6f770d892d7619b5fa38edb2c0800ce2dec715e6c2d3f46848c5a4a3b25b64967eebc05eaa0afade3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\prefs-1.js

Filesize
8KB

MD5
6099f283655c3c1b567acf0b2453dffb

SHA1
5ea9072675fe89dfc61ab2df5fee1b4be5611c1b

SHA256
755911d283aab381f677611b211349f9e1eb5e48566708247b376585718a49b2

SHA512
c8b4fb0d46e856f0fcb2b89c194588bb4f6367dbc403f583f437f49a4c2e6c4c902f6e21671f3f96cec54877fb7ef6aaf16e8402cb39c255eac7167555514e20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\prefs-1.js

Filesize
7KB

MD5
03b27b2df8c4e313c264924a8fe9c377

SHA1
10b104ed15ae62460e0455d442d575fd5aa8ec84

SHA256
1fff9a981111e589e59a69902d266a705cc9a82280b133b12135ecbdccb11ef4

SHA512
1cf32a798a0c665d42719b38686a6b6af15e8ca66630025953645b74d9ad999e36eb0fb0d3ccf73069cc21e78b1c4cb18738ae7ef758b3cab11765f0ae02ce45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\prefs-1.js

Filesize
6KB

MD5
0b4c6b479c51b9a8327932eed4b31993

SHA1
f1c8758081fa88ed414c78fbfd38a3368794cbb6

SHA256
e9cac9c7de83cd55935f96ab27a441f4428352a411ec1d053a6500320337ef09

SHA512
2f63b993b872445488bbad6d4542e50d9c5c62c6301c205a7e3aa61479967fd03a3cf71a706db9edef44c39229bc2bee2e6dbdf228eceba50490b0c2b12bf553

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\prefs-1.js

Filesize
10KB

MD5
e20d0360779da8f36d0298fc0b071bd9

SHA1
02515fe88b66c18c52199c7bcd4d32d2da69d2ad

SHA256
be38841b475bd9bae7855be260d6a479106c321a8f1508caf6fb740f8b6f0a08

SHA512
e5ed3073d34a9185e2f2464787b9f4f2a00620a91d9fb81bad36becb37c40eea2eb7458a60dec1f6b2199351df27bb4dca04c352c342df816af0bd8922c44346

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\prefs.js

Filesize
6KB

MD5
b5c2777b0078ef988022e2af8b6edb47

SHA1
e58fe7b1637734f05f308aff109c466409ca882d

SHA256
ffdfebbd2611203fdd82c56d27eb97ea2871d5b53619122fd4734c0b13e66f0b

SHA512
03ac20087a2d2d6725f44021159863f16fd118a4b9b66d4817e27b504c57affeeee897d73a883b31d109008b52e4738e5f862a63d552d385b3b08c2be11a32e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\prefs.js

Filesize
6KB

MD5
833393dd985f539c1d864dc3caea3c66

SHA1
1db6463eaa8be2a13a951b6f4984daf7fc5eca84

SHA256
f6023d82a8970e93fef13c58422cc3f128ebcf0fbbe5af729489d05bddc92ca4

SHA512
ee25661d9a3ca786efebfd9c1c42f43bf38fef855bf2d8cfcbcdbf07817d17994263779bed9e12531e9007e5f96bb3fd55a4af29fbf5020bc349088706ff866f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
5d8e91d3a82433b0f54b26b88a49408c

SHA1
5b53de0f9b18380495637634b92f43b7ba10d7b8

SHA256
c23d547b29fd09027c1010fb89e328370821e87ef99dfd2278838e5a346e5873

SHA512
30faad091c0558d0f89317c269cd0f95852e6367d99086745d3c02ff17c7c9bc4055c8f2bc1b1c8b6f6ab44a7efba202cf56c0a7b2d129c698ad5e2c2c2ad3c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
4c16aee9e9bbaeb1d8e1b28b2fef7aad

SHA1
8bfd44f7fe4dd71aa8d86c978f6e5a4aa7cce41e

SHA256
9a9422c5d22182fb0f64264d9ea4ccaa09a0ecbf323c5e6819776f67a6a2b10a

SHA512
b23191b9d937516a9150ca49ced55b43a89b62357b91ef47578b0ff56363496eedaf3876be4c283b2a10cbef46d765024b3279c6221ea43e093341ae61d14986

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
26ad439eae701d037873a352915bd1e5

SHA1
63d2dadd0cecf302c45a10cd5b4f88ad5af5dfa0

SHA256
fd5791376e5d5789db4af492da8ce3fcf3b27d51d821daf5b450b76149ce304a

SHA512
9d5e984181cbc57fd6d0179ac77e0fb36b3b7d087bceb36d7f4c8c006ea90a18373ff31c1ddcac4c7be4e4081c951659f67a454073af4d2c809d7d28b26aabfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
e7365c5a6aea3c0f6bb4fd870e184540

SHA1
94fa90994716230384594587f849adb6ae777b36

SHA256
b4011ba7c6aa8e66a9e98873e99a7535aaffdac6b71bbb03568b598a469e8a7d

SHA512
93dc7a6eed8abcdf7d8f1d60bfeda4c15b95ee109cdef555dd392e623ea2bab808daef82d6211111d7004827cdb7bcd52802d5fa6d30ba87360528f231194e62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
06c781cac01266abb4a6543e3e113aa2

SHA1
ed84521b41ce99cfbf25c1a88d45a9306c7f8be3

SHA256
7ccd85fd99d033e8098de042cdc0c51b6c786df6ad75ccb1400ffa72c402f863

SHA512
33838ebbe629052939dda165ea6f3c72ab872b119ee2b948fff406589aac6d0b2cce3f441cafb9d9c5aced9ccd55b5a0bb80c1f6f4576cea4ba03a0a4d408c60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
a413074db98c4d5defca70761959c9a5

SHA1
7f5bdb5a2ca692c685b006f7e3a0da03330649e4

SHA256
036a25957c1d68e515d81bbc14a71a51f316f11c406effeee2dd6886c806e63e

SHA512
2c007ba2e18e186c904342376dedae598366dec2691c15ac66a9a2fdfe43f80eecb0ade586c51c6a519300548a1eea06730cf2be60621d58ebed4c769509c2e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
6ef9a94cd64a07dd5bad8774c93a12e1

SHA1
3ece073ca311da9624583b1c42fa88f42adcec13

SHA256
7b0650dd58fe2ab2dab9484173db4139faa2f2506fb071b34431ccf01a5032b5

SHA512
1170716440ee2bc40dd4348c403927ef9e5b0943fbda3f8aaf9c22e9081a601e01529ed785a1b7b4dc538911f348bd969e853fca405972d50f2012894f3644e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
f717704800f074210bb6c5b4d0698eeb

SHA1
e52cac201d07eb9dab62254b0846381787b8719e

SHA256
7ff98ffa6e08587fde040446d3f230d428032bb06a96d8a026f806936145e83a

SHA512
cd4f65ce1b5194b89ffa88620add32ec54bd08a290a3ad8678911cd9e3472e3abe2d66e175632bdafd6d077d0518d56fad08951b6d0f2d20c012440020246637

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\sessionstore.jsonlz4

Filesize
17KB

MD5
7fdfc924630810bb309d5ea205f4baed

SHA1
046886f849e288cd3437c6eade164833e4b69875

SHA256
bc8dc373c8a0c26f8bdff88906cfebc27700c239ba25da9d5567d63d140a9165

SHA512
f1a0236cdc0e3ad71023e2770a38e6d94fa02c669928db49ba81abfc9ab6baeeb52deedf55fb458d8b78f609cabd7fd9913fe42e431c1679ea0137c1d6dc8203

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\storage\default\https+++customerconnect.vmware.com\ls\usage

Filesize
12B

MD5
fe8b14ccc508f532eb93e9fc191b31f3

SHA1
b1a768e243273ea03809d8dd2ef88a17fb6be02d

SHA256
b4bcba9f8193cbbe407b21698d990246229ef845717d5d7ec8e7104528a3fdf4

SHA512
76c19be428b12fe9d6e7b737c0471af911529dcca618f86c1c9109c837c01c75491984a66a77742f0ea5a42a198e5d0a60189d53cf6da763a95d9b2677dd3617

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\storage\default\https+++vlscppe.microsoft.com\idb\1620950971tbmdx-.sqlite

Filesize
48KB

MD5
97c17380dfe2aa40fe1c017da759cb10

SHA1
f7cbfd2a10c0d7686aca1d367a1f53dc7d404496

SHA256
427a5045934d1520db19a0b91663cf1c59cf53f1d43a43a2bed92c6c1dea3ea2

SHA512
d6cb83d7b9a521a430aedfeef5f9e40232843179236ab3315146c1443c31620639c1af69a1dcc7da78e3b02d501b7d365efbbf59616c92386a35d9ec73ba2dec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\storage\default\https+++vlscppe.microsoft.com\ls\usage

Filesize
12B

MD5
86cbeebb0f2833c737ae0207f82c9963

SHA1
65bf82076b8f5a18b25bcfa46bbe9d08f1e014e5

SHA256
3720fc5c342c50a22be91c54f08a87d7a8fb8a23635c2bdc3be3cc61191c47c5

SHA512
002382bdfe59090311131afc83d1c73cb143b4c85857003c24cfe23022837fd8d520dffbe74043310e0f1ad39e8a5c871f12b849f5adb545f9773964d10845b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzal0frr.default-release\storage\default\https+++www.microsoft.com\ls\usage

Filesize
12B

MD5
ac2e6844a124feee9e63ba63f8108ffd

SHA1
1d018d1ed7b55ebc6743eeb12005acab84d0c5b3

SHA256
696e9cbf8cabb2927c0cf13acbaf18531b6334b199be283c801ce8695b48cea2

SHA512
1ea8726600f0b24cc88ea6c87515f5fb7091691843c966841795106ce8ff1b05c777c1e7abcba4b9e2c8ae887f4d857de7e2ec9a6361e469487d13ef53f8ddd4

Download Submit
C:\Users\Admin\Downloads\MediaCreationTool22H2.i7-SOpHk.exe.part

Filesize
18.6MB

MD5
aa2ad37bb74c05a49417e3d2f1bd89ce

SHA1
1bf5f814ffe801b4e6f118e829c0d2821d78a60a

SHA256
690c8a63769d444fad47b7ddecee7f24c9333aa735d0bd46587d0df5cf15cde5

SHA512
fab34ccbefbcdcec8f823840c16ae564812d0e063319c4eb4cc1112cf775b8764fea59d0bbafd4774d84b56e08c24056fa96f27425c4060e12eb547c2ae086cc

Download Submit
C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe

Filesize
577.1MB

MD5
11880ae5c104fa7f4ce4f067a1e322f7

SHA1
9d6f81887998a503193d6dd09c71f1d24a0e2663

SHA256
64f678736a7fcb180b34aaa1ffc2005c4b8d6f3a257442c512d5e58697ca95ca

SHA512
8078fd858421254c88d62fd40d344609e8101f4dfba1692f925e27da210b911bbfc0cde76d014d01c2b82e7f86c268107817e8ed605f9e6a699996a2325de8d5

Download Submit
C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe

Filesize
577.1MB

MD5
11880ae5c104fa7f4ce4f067a1e322f7

SHA1
9d6f81887998a503193d6dd09c71f1d24a0e2663

SHA256
64f678736a7fcb180b34aaa1ffc2005c4b8d6f3a257442c512d5e58697ca95ca

SHA512
8078fd858421254c88d62fd40d344609e8101f4dfba1692f925e27da210b911bbfc0cde76d014d01c2b82e7f86c268107817e8ed605f9e6a699996a2325de8d5

Download Submit
C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe

Filesize
577.1MB

MD5
11880ae5c104fa7f4ce4f067a1e322f7

SHA1
9d6f81887998a503193d6dd09c71f1d24a0e2663

SHA256
64f678736a7fcb180b34aaa1ffc2005c4b8d6f3a257442c512d5e58697ca95ca

SHA512
8078fd858421254c88d62fd40d344609e8101f4dfba1692f925e27da210b911bbfc0cde76d014d01c2b82e7f86c268107817e8ed605f9e6a699996a2325de8d5

Download Submit
C:\Users\Admin\Downloads\VMware-player-full-17.0.2-21581411.exe

Filesize
577.1MB

MD5
11880ae5c104fa7f4ce4f067a1e322f7

SHA1
9d6f81887998a503193d6dd09c71f1d24a0e2663

SHA256
64f678736a7fcb180b34aaa1ffc2005c4b8d6f3a257442c512d5e58697ca95ca

SHA512
8078fd858421254c88d62fd40d344609e8101f4dfba1692f925e27da210b911bbfc0cde76d014d01c2b82e7f86c268107817e8ed605f9e6a699996a2325de8d5

Download Submit
C:\Windows\Installer\e5b758c.msi

Filesize
180KB

MD5
5611efd8725e779c15bf3220d2efb77c

SHA1
517c154429d5430452994d13bdbe7be8ba4da666

SHA256
b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a

SHA512
d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30

Download Submit
C:\Windows\Temp\{5339394C-570C-4EB1-9F61-0BA5D774B03D}\.cr\vcredist_x86.exe

Filesize
634KB

MD5
ff6e9c111f04dd7b06691bed6d8f0db2

SHA1
211c95ea9f7452afc1edebca6e303fba84936fa1

SHA256
05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1

SHA512
7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

Download Submit
C:\Windows\Temp\{5339394C-570C-4EB1-9F61-0BA5D774B03D}\.cr\vcredist_x86.exe

Filesize
634KB

MD5
ff6e9c111f04dd7b06691bed6d8f0db2

SHA1
211c95ea9f7452afc1edebca6e303fba84936fa1

SHA256
05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1

SHA512
7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
ff6e9c111f04dd7b06691bed6d8f0db2

SHA1
211c95ea9f7452afc1edebca6e303fba84936fa1

SHA256
05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1

SHA512
7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
ff6e9c111f04dd7b06691bed6d8f0db2

SHA1
211c95ea9f7452afc1edebca6e303fba84936fa1

SHA256
05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1

SHA512
7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\.be\VC_redist.x86.exe

Filesize
634KB

MD5
ff6e9c111f04dd7b06691bed6d8f0db2

SHA1
211c95ea9f7452afc1edebca6e303fba84936fa1

SHA256
05981b519a2a45407b5c8a213f04ad4caff964b2a9ae916d9269c01b45897eb1

SHA512
7beb492a3327670e19878c66a9e4b1bc45727146a14e9f79b642c94abf4d7a9ebf647428739448c447eadc6b045f0c0c750908577456520e341d4e62eff0ae0f

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\cab54A5CABBE7274D8A22EB58060AAB7623

Filesize
750KB

MD5
fb214cec4282a54170a5e0a48770026a

SHA1
770d008de543bcde34d4a9972dce5a4a5990e504

SHA256
ace4679a6c8fecba2340784501490449931183df086e7ab2e8c0a62d402d057e

SHA512
eb64769712f4433e0dd44fe709242e7af6727d4b205265eb6a8586a9265549c29e900cf37c7ed843e422016352887c80a59423b2fa1bc1b7c42fd5150f1bdbe0

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\cabB3E1576D1FEFBB979E13B1A5379E0B16

Filesize
4.9MB

MD5
1b3ec3907ef91386f991033c3ed33b4e

SHA1
221544e8de4fc69d87b93a2d31685c440bee0492

SHA256
a0eb1da0a53b868173497eae8589938344b38f852bad0de95f564217bf0e3226

SHA512
10d30eb5853efbbf397108c3f477f31a871b68c46cee4216618eb8801fa9c1432363eb3201aa563b7f99005af6d613d79a6aafd1c30e91efdc06991f584d8c0b

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\vcRuntimeAdditional_x86

Filesize
180KB

MD5
bea14c730a3e9bf19a0737f8d48ee64c

SHA1
900c494d57e3105ff2fb4b7949204f0cc648dc3a

SHA256
9879ad78ff0c218d124d98153a44a47aefdffdf7f188f532c6dadd2a38d86938

SHA512
f426ea932c00024f2af18126e9f874523ead0061efdab7c7dbfb7c3bc9b24fb3f8ccf335b0cc384da7b6f2ba47f98ba0965fed219af74f307c99262bf7c0cf4e

Download Submit
C:\Windows\Temp\{74E5DFDD-3C36-4DFB-8B6C-7435D8B65568}\vcRuntimeMinimum_x86

Filesize
180KB

MD5
5611efd8725e779c15bf3220d2efb77c

SHA1
517c154429d5430452994d13bdbe7be8ba4da666

SHA256
b5d66e8ab0d2b33278d2cabb055be5a5043022bd0c36fe07d9d64a3830dd255a

SHA512
d301f553ae5c8152cf9c5310ed9ddc330fddedce6ca858aedc31fec4e1e6aed40aa8917030f060c101f0af543e7b4b306bc8422bc7231bf50da61b14fcb1fa30

Download Submit
C:\Windows\Temp\{8B242E00-B6ED-4B6C-9AD2-0180604F0097}\.cr\vcredist_x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\Windows\Temp\{8B242E00-B6ED-4B6C-9AD2-0180604F0097}\.cr\vcredist_x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\Windows\Temp\{DAACE386-9CDD-4DC4-8C75-22437515A296}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{DAACE386-9CDD-4DC4-8C75-22437515A296}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{DD7C8205-3B5A-42EF-8D04-8AFDCD2B14F5}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.ba\license.rtf

Filesize
9KB

MD5
04b33f0a9081c10e85d0e495a1294f83

SHA1
1efe2fb2d014a731b752672745f9ffecdd716412

SHA256
8099dc3cf9502c335da829e5c755948a12e3e6de490eb492a99deb673d883d8b

SHA512
d1dbed00df921169dd61501e2a3e95e6d7807348b188be9dd8fc63423501e4d848ece19ac466c3cacfccc6084e0eb2f457dc957990f6f511df10fd426e432685

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.ba\thm.wxl

Filesize
2KB

MD5
fbfcbc4dacc566a3c426f43ce10907b6

SHA1
63c45f9a771161740e100faf710f30eed017d723

SHA256
70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

SHA512
063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.ba\thm.xml

Filesize
8KB

MD5
f62729c6d2540015e072514226c121c7

SHA1
c1e189d693f41ac2eafcc363f7890fc0fea6979c

SHA256
f13bae0ec08c91b4a315bb2d86ee48fade597e7a5440dce6f751f98a3a4d6916

SHA512
cbbfbfa7e013a2b85b78d71d32fdf65323534816978e7544ca6cea5286a0f6e8e7e5ffc4c538200211f11b94373d5658732d5d8aa1d01f9ccfdbf20f154f1471

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
8e113606487e067ff904fe6575d2d821

SHA1
1b44770f80fbda5ef5f3d9d3340b3addab08f4ad

SHA256
94247a642dc0b20880c34fed63df0f9e4344081fd010ff79720ac049be229018

SHA512
9d95414f22d50e2c71e4cc01da60ff68f4cc6a46b5eaefada64821f427d8056ca77ebd2b7b7b3c024d0dc26ec923b007ff9f3fdb0766a6cf698da571e96a7efa

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\cab5046A8AB272BF37297BB7928664C9503

Filesize
882KB

MD5
3a0207e15630e5432a4391baab2792d8

SHA1
7c82b421e1ba4942be2df102aa3fa219fb38f4f2

SHA256
d400a82cfb8f7c38212f1cb11b3fc8718873937a5a730eaa694a28e4687f6479

SHA512
7c8d1823d6a69207af975088843e96b4e8d29eb67fc72bb3948df4efa3a0baba50da74242092062e202cee625ede2cdd35aa9ef043ac5c1d8bde04a3d776813b

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\vcRuntimeAdditional_x64

Filesize
180KB

MD5
4a346aa0f9078c6c9b88d5f74ad9ab48

SHA1
22c61f9b91a64eb64cd6451e78ab60f59a365ac4

SHA256
2e91efc37dabce03008d5923619a35942d0eebb8840ebb8c66fcf5026430e9ad

SHA512
30af7be7bd3e6e9649629eeb074d21bd2a193b9064054284d4279ea72031250cd8d40262f0b93b2932522fa1bdc2c5e5079428a8e00942f8e1020cb0ff325e40

Download Submit
C:\Windows\Temp\{DEFDE141-17F3-4C15-B052-A09938D0D969}\vcRuntimeMinimum_x64

Filesize
180KB

MD5
ccb266fe902daed0189379c2ea27c5c8

SHA1
9cd58841742e5103ae3e1607275bb660e5010f2a

SHA256
6ec4d94f7cc4b21ca909fb143c93cb260a26b8b3814cd4a9363fed90c495e3ac

SHA512
cdb12c09d11e297d2caa32ba2f7493733034fdbee27e1f318827de2c502076aa257b3bdae67a7b83f241137e4a09571b7db5e514a1c609c5834d7cee6e3adb42

Download Submit