224782e18b75ded2def712c640cd8e30b6380d44ab1ab790bfe23641698e6395

Analysis

max time kernel
595s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 08:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MDE_File_Sample_a44674bb518d90a3bfdf290d47f6c656a2b203cf5ee461f064ed84388051b623.zip
Size

1.7MB
MD5

d1dac5204f0d745d1d23be20291e4b44
SHA1

17740cbb7af9ab28707a5122ad083cf9d310756a
SHA256

224782e18b75ded2def712c640cd8e30b6380d44ab1ab790bfe23641698e6395
SHA512

15580711c0c16adcaf8d0671834a84bfd48143916dd32c0e130884c391cbb762689db6113a5aa2c3fd39528b340d2724154f763ddd6aff28765cc428deab0c56
SSDEEP

49152:I7Hnv6yb9p4Oq48N3yUw1X7M7tuBudIkae:I7PFb9pBcizo5ue

Score

10^/10

spyware

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 1784 created 3164	1784	Setup.exe	54
PID 2548 created 3164	2548	Setup.exe	54

Executes dropped EXE 8 IoCs

pid	Process
4280	palemoon.exe
4060	palemoon.exe
4948	palemoon.exe
3348	palemoon.exe
1784	Setup.exe
1772	palemoon.exe
2548	Setup.exe
972	palemoon.exe

Loads dropped DLL 25 IoCs

pid	Process
4280	palemoon.exe
4280	palemoon.exe
4280	palemoon.exe
4280	palemoon.exe
4060	palemoon.exe
4060	palemoon.exe
4060	palemoon.exe
4060	palemoon.exe
4948	palemoon.exe
4948	palemoon.exe
4948	palemoon.exe
4948	palemoon.exe
3348	palemoon.exe
3348	palemoon.exe
3348	palemoon.exe
3348	palemoon.exe
1772	palemoon.exe
1772	palemoon.exe
1772	palemoon.exe
1772	palemoon.exe
972	palemoon.exe
972	palemoon.exe
972	palemoon.exe
972	palemoon.exe
972	palemoon.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 4060 set thread context of 3744	4060	palemoon.exe	125
PID 3348 set thread context of 4400	3348	palemoon.exe	129
PID 1772 set thread context of 4768	1772	palemoon.exe	133
PID 972 set thread context of 4988	972	palemoon.exe	138

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "10"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 5600310000000000105702a010005061636b61676500400009000400efbe1057689f16576f402e0000000f0700000000030000000000000000000000000000007bc5b9005000610063006b00610067006500000016000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "12"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
1312	msedge.exe
1312	msedge.exe
960	identity_helper.exe
960	identity_helper.exe
4060	palemoon.exe
4060	palemoon.exe
3744	cmd.exe
3744	cmd.exe
3348	palemoon.exe
3348	palemoon.exe
1784	Setup.exe
1784	Setup.exe
1784	Setup.exe
1784	Setup.exe
1772	palemoon.exe
1772	palemoon.exe
4400	cmd.exe
4400	cmd.exe
2548	Setup.exe
2548	Setup.exe
4768	cmd.exe
4768	cmd.exe
2548	Setup.exe
2548	Setup.exe
972	palemoon.exe
972	palemoon.exe
4988	cmd.exe
4988	cmd.exe
1136	msedge.exe
1136	msedge.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
4412	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
5084	explorer.exe
4536	msedge.exe
4536	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1136	msedge.exe
4476	msedge.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
4060	palemoon.exe
3348	palemoon.exe
1772	palemoon.exe
3744	cmd.exe
972	palemoon.exe
4400	cmd.exe
4768	cmd.exe
4988	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	1236	7zG.exe
Token: 35	1236	7zG.exe
Token: SeSecurityPrivilege	1236	7zG.exe
Token: SeSecurityPrivilege	1236	7zG.exe
Token: SeRestorePrivilege	1116	7zG.exe
Token: 35	1116	7zG.exe
Token: SeSecurityPrivilege	1116	7zG.exe
Token: SeSecurityPrivilege	1116	7zG.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1236	7zG.exe
1116	7zG.exe
3940	NOTEPAD.EXE
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1688	OpenWith.exe
1136	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 3940	1688	OpenWith.exe	100
PID 1688 wrote to memory of 3940	1688	OpenWith.exe	100
PID 1312 wrote to memory of 2952	1312	msedge.exe	103
PID 1312 wrote to memory of 2952	1312	msedge.exe	103
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 3860	1312	msedge.exe	104
PID 1312 wrote to memory of 2660	1312	msedge.exe	105
PID 1312 wrote to memory of 2660	1312	msedge.exe	105
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106
PID 1312 wrote to memory of 4828	1312	msedge.exe	106

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3164
- C:\Windows\Explorer.exe
  C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\MDE_File_Sample_a44674bb518d90a3bfdf290d47f6c656a2b203cf5ee461f064ed84388051b623.zip
  2⤵
  PID:2964
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap6928:218:7zEvent24042
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1236
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap12337:84:7zEvent3680
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0c4d46f8,0x7ffb0c4d4708,0x7ffb0c4d4718
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
    3⤵
    PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
    3⤵
    PID:184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 /prefetch:8
    3⤵
    PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    PID:1116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
    3⤵
    PID:3044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
    3⤵
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3868 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2172,14253037959227597353,9121027482077061835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:780
- C:\Users\Admin\Desktop\Package\palemoon.exe
  "C:\Users\Admin\Desktop\Package\palemoon.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4280
- - C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe
    "C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:4060
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\SysWOW64\cmd.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      PID:3744
    - - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4412
- C:\Users\Admin\Desktop\Package\palemoon.exe
  "C:\Users\Admin\Desktop\Package\palemoon.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4948
- - C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe
    "C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:3348
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\SysWOW64\cmd.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      PID:4400
    - - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5084
- C:\Users\Admin\Desktop\Setup.exe
  "C:\Users\Admin\Desktop\Setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe
  "C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:1772
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\SysWOW64\cmd.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:4768
  - - C:\Windows\SysWOW64\explorer.exe
      C:\Windows\SysWOW64\explorer.exe
      4⤵
      PID:3068
- C:\Users\Admin\Desktop\Setup.exe
  "C:\Users\Admin\Desktop\Setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2548
- C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe
  "C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:972
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\SysWOW64\cmd.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:4988
  - - C:\Windows\SysWOW64\explorer.exe
      C:\Windows\SysWOW64\explorer.exe
      4⤵
      PID:4220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Package\rot-13.pscript
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
b657ebb79bf9f2a9a07c8eb33f897dab

SHA1
4ebe66fab159b8753ea4e71265fc29020fc55b33

SHA256
b640943f4d2c3b65c1d6b7fff75ce02d341c9434f75e2fafb292b43020556a34

SHA512
1f8e026d95a3ce045fbb23d7d58255facfb315e57eccdd5d33c66875a6f8e3a813a5566cbb5084bd82be8063e2528f8fe11c50e8408f0f90a57e348a93062cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
56bfe3bb1164b093c443334ddcb47db2

SHA1
20dd2ff19e7e19378091c17c78f105b13c4df466

SHA256
49b85b5ebdee3af5f1d6d5c119697fd62e3ab53d245c0b614932c3ce900e409a

SHA512
cccbe8191f86ddd6ed91d9bb00cc7066a7a0eef5936f0c119b59a329b107e01f3e7604a6501a1a8bc6e37eb5196c288b1318d6a0619cd9d5b6a8f516812cf6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
09327dce01a6cb4c9ae0987ed44bc844

SHA1
2c1a5e2d903fac8ea9cc3d0524b46591f25ab860

SHA256
ddaa2076ef7bbf7c72011b3079b798fe99aef1cadc7a8a751edca5c66679daca

SHA512
6ac631fd82677d449e0f57f1c3a68706fb5afc72df00ffbb3a601c1ab540afdb5d7c6cb718657d28120437e8ddada072d72c1dba18a5e5d35cc90434e17cdb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6b7f8cabc764700ee886dd0fe991de8d

SHA1
aafb51c89b6c23ef864c63821da1639e30edfc0c

SHA256
f672a5339574f0e6c676e02f5ad57aae1e6bd45804538e4622fcee1720fa7bc0

SHA512
b6b6c1947c1a35de05075d2266b4adb4c29ad7c5ed63c25acc0ca887676cdb6929bd0ebe10947e03ee6b6cb369c38a02a6cdc44cf9c48b759d45c2b7a9253427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
95c248bea45589fa32022ea4dc62599d

SHA1
e776b7df698cd7709bc49f470a925dc34a7e0303

SHA256
c87594013141e2efcc2e2fc96533b2af1fe4083c8c84ec9afe222800da5e6f53

SHA512
6aca9f58f3f8c209417d8c5b154dc05f97be37704f90ccb9ae48c17cdbf276fb399b81281ea02ccc394cedacefabe46b10bef27c2da711cf4cfee7de7d8f8116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
87da8a722f201f53691e4eaaa0517320

SHA1
e822e38bf9d78327ece746d01e613844fe12a9dc

SHA256
797c5bf13e5ae716f2d975e4f105ad0264578efc6ff422d11a8598d1e7613124

SHA512
d800c22983f614d4006db7c3067a39b339172868c78d10d19332344be02b677d0243c91b8916240c8f1d99e50587de3a2d80bbf4d3471ff2f7b362ecb7d5f0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e9cb908763e4ddf2542140bf3d080fce

SHA1
e9a9659dc0c426a90ea79faf4c4cbe9e6c820c5d

SHA256
1ca7c4b1f8cf133da7ed42b0b6af0debeeac75e6e63cc11722e3acfee2d3cad1

SHA512
66c4911af198acdb1121a172624b077640d42a95e79a3e114d205db7689ffb203f6d3684c1d1dd01743b263962897ebf7b1cf3d4b0603f4abac608b4da1bca7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
35883c8d07296c941a2a90c2384d4a74

SHA1
c1f1b1c19fa905e94f2ebc0fb6910590a0c2680e

SHA256
a1697465c07c06ed8e14fa3c253450e52821b296bb7a3d44214eb0ecb24b3891

SHA512
4aa65e4908dfd95a28a006757d80fe4c6d1a89878fd85d15f99098f0bfcfec4d3059e7e5e461a11ba6c2766861de51a4fa34ad52bd5c77acfef1f0d5334aa10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a2b29a50259be77655141bdf76f596d8

SHA1
0f11845e901770aa2444563c0e330aab7b235561

SHA256
8d69bebd2927c8de41680ed04cb39c04b8ef9c7077028995c1b3689f24cd007d

SHA512
e7182e4045ca89e592ffc867cf0f74b0215a885768cdfc9812c911c2a1396aa05cb89c43b12d3aff70b82c0abf11de9808257d529e87063ac003ba3df11374b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d278b41c1c57cd6b187d3c346f9919e

SHA1
9f70b6709c61b45fc3e1cb1a25426a0111cbde75

SHA256
19ccfb95a8c143675f69c0b8fbc67005da5f917b5063426992f1ad8208bfafb3

SHA512
cd2b684b0c5e09e30dad1c6d2513ccf31fcf94c949d4442686cebc7549e0501895c5cfe08258c80ec78a4d0f7f5275b9ca26cace1c779fd9cd819fbf3a3e157f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27bda1bccca289d3a9ee3db7aa6f5fee

SHA1
85fe2617228a4d36f5a5e7604d1afe9d61c93266

SHA256
a36d5ecbd9773733a728d97d656910129af37754969234b1664715034b2619aa

SHA512
3602c59847ae3e986ee235d2bc65ec46b140a4b9e997a4f7563c8ab38961546f00977771fe73f6c8de4bad3e9ff00e8570148e01d815aa44c80efc86c9fec31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
092f9c5792e760b5a876b80e8000afdd

SHA1
598ed546cfb60a7ab10cdec442d2b255b8f71390

SHA256
608330aa14c9feb8dc554693406ab9538ab0cd60d7586b7c28530f3b94f44d77

SHA512
c3c616344cc555f9e2488177f586edd35f43fdc8d1354c0c4cb73f5b149b4bf1bfd07142d435aadb2ce5358b63d116a41330f94764fc0d2fb753acf20529bf58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53844668663c4d2bf25d9e3d5066ee40

SHA1
f7baf5ffbebc6bc8fe33b067ada51b1daf5cee65

SHA256
fb13a00a1596971281098f0187c5d8388db182b4881239e8171ece475b437b2c

SHA512
3fbcaeee9c7696670815e3069b03e9b4b2cab012142f7195daf8a58c563908f5ecce957c3df8f6acae7d0c39e7a18f97afd156c707fd02438ceba35a00a6b7ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44dc6795282f272bc7f38c20511080c6

SHA1
5fd0cd3933ce0f0bef799075ffef0bef1835752d

SHA256
6856e3d2f7ab69b8c72a32006d3cb445a50ddb9c12a82f1641fe821346558b9c

SHA512
fe36edc165ec19d33122680bea32671f53a7f18805bbe7d8b67140ce16e08a0f58872e77a23d999d5c8ba4e2c79eb237aa8efbb76a02cac1ce12213195d6c6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a805feae81a57307afce84f2ce644d22

SHA1
aafbc895b1e3d23278af13a044827ff7f41619fd

SHA256
db4e8748bec2f7520a538a28be64c197e6c22273f8d3ede1c376aad6a32f142c

SHA512
38e37bbc9338122064f7dcd617b485f6166be8d541eb81bd960611600a001591069ed398dcdf82906cfb80caa92aba28cc379a52c18f309762f70fc681c1c6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b009eef42c891ec6e667c5e0c738a72

SHA1
8573726f753995e3c1d37166ee5dcd16cdfa50f1

SHA256
e7b541bdd784423bffa7f2041a4ee11d710e811fd2fc92a60d8b21db9c82d617

SHA512
991d9d8fead6506a535444deb14800ff775294402b4128688a1f2a94e79c0a69353e6b5cd9fb8730387224abbe62ddffb931bf314aa55599f99da1c7c74edecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1111b21d0799353f775a935602d386be

SHA1
a7a5a22098c2a8ae17d9d59a3a594436a4f4c4ee

SHA256
17ae52f612ebd4138ce3f35ff0a272c3a7b13d4c99d67f2475e50f4dd0631076

SHA512
ba76fbe2c50dc5572692e0cfcc690fbc43e9c75876e63d48a91b52d5033991bbc2712e2eb70533bca11ce3b65a0c0cd0d0e67213604f83f2b689879c567099ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3e79253ac5ffe97f4ad52941f321743a

SHA1
3726bc6d5594ae9b6620a8a652f308f5acc5124b

SHA256
5cb3c8cd060a322bc295d24edf85155fd99140a20436dcc84142ce958e53b484

SHA512
5ae96558f44480996d185817bd23bcaf2e836c7f9c7e5c4915abb27ddded3cbce263435e82878c5a8ceee978c30f0aee6d5605a67587bd83ad7bf13dfb1572d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b755b.TMP

Filesize
48B

MD5
cd3b897c468c46f0c58369137b43d4ca

SHA1
e934f124f500ad6a2e3df48e97198a5564c16878

SHA256
0a2601b5afc7d044d0d58174fb62c12ea8f230baf9ca069963a981384d00183b

SHA512
1c0b7e3e61275f9de39f363f6f1b7bfce9968ae29ac343e2c8c0c9e8ff61581d4f27aa0c8c9574574e3c6cb148bf3a564da389f1f46b2191fe18f7b31b716ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
68f44839e88308b257e4743b6496ad74

SHA1
7f85938c1ecf6aca51fec4f2dd638c5ecbeb2c50

SHA256
fc255e340769770d6b888d26e7f50a784bd98d7c65620494e4d653c05f04b8ed

SHA512
f1193654c846c4eb1e8f6b8bcc02abad8dc004ddab367a7b27b342567d5382800a39bae7f32a3548acb3d7881537a1bdf446d8e7ea30ad0ce0cceddd5d985b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
c3c3a3dca85deb4e43b9e108bfb884d6

SHA1
c460f5e30b04ba51de41ccc0ea15364c61cd4fd8

SHA256
8ac8a19e8b5c1a029c2b1cb6ad58bc6c731f46ce0471237f4f6ad52a2fa3d984

SHA512
0856fb6c5c5e7c406bd3e3a0f59a9216f4c82669a393b33e3e281926a7da91f13e3e99ca8f3b3d233e36c2e13c65d4ec667130defbe91ccbfb974bb1f017491d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
eebb3e7fb9d589f04004875140aed545

SHA1
49cccdb06389f4c4057407f9d2055706b146d92e

SHA256
5172d4829a92bd370496c99f144bd6ad98e8f68c2374328e0f2810d8afbc8f04

SHA512
b3a031c244fd94ce78c9bcf031cf1d146502ad873aefae39914f7561e377b578303caecc1ead162e05d34910045aa96dcf9a62025af5169b39f9c65d4e6592eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
f6ff51ad67a783feedb469d83dbed080

SHA1
a23c4926a0022330e8c0458a3f3ae34ba19232cd

SHA256
dc67c2f95698b7f287830bb88db6d5f4bf099a6a9c68f66538ebd1ba1af98f1e

SHA512
6e91eec3ea840218313945bfaf6953b03730ffacde07e9f1b3daedaa53c88257856a6b1b74df75c508aef0199ddb3978e3fad9c5bb5a73e5c2a48d5e8e8b278f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d455d35c13cedbe5a0aa9dd61fe4a48

SHA1
ce2c65802dfe9fdb1ee3ebf4bc7f417749771ba9

SHA256
f2bc57e77a00939b1fb6d350f28056eb52d9e55fe8c9c14526fc12a004534afd

SHA512
a5d1fbecf3823e67bd5fe0ba042952a3680f52702a3c0f1f623ef4e98ec56c298e8c631e2f0700890e6c4d2ba984a20971509eece1526bed50d467d6e92b96cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\acdad205

Filesize
809KB

MD5
fbfce8b0e8c49e1730076025e8e84687

SHA1
44be06eb19f1b98ba156b606c8d5ab5a63f938cb

SHA256
5c3c4ba9331dc4ac9f0b6f946c1c801350c1e16f0d9feb715979fb65bd744690

SHA512
9ab7ba57860f8880ad05f0cb7830f4c17fe0b4c0ee9619abfc7c2b04ba34babc5d13d97379c560694dc5fbf7f5066312f74dcc44ea1b432b58d7042cbe4a05cb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\MSVCP140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\MSVCP140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\MSVCP140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\VCRUNTIME140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\VCRUNTIME140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\granulocyte.tiff

Filesize
681KB

MD5
fbb1e8ac73e4fbf5e12fdbb84a251d03

SHA1
0d9755ac2360cd03cdc9c612324ae5ef474acb53

SHA256
80a2f164c0c5fda46134f66be3979fd4a63f5fd2c0c61c63bc364d2a3b8b210d

SHA512
d4541412f577d3fc334a5292bbc6acaf716fdd4f3f62e7e5c00ae9119a24ad9d627786fbeede7f1ae0efc54d6600d6c236370d7da7e625e8010a80445c690d56

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\granulocyte.tiff

Filesize
681KB

MD5
fbb1e8ac73e4fbf5e12fdbb84a251d03

SHA1
0d9755ac2360cd03cdc9c612324ae5ef474acb53

SHA256
80a2f164c0c5fda46134f66be3979fd4a63f5fd2c0c61c63bc364d2a3b8b210d

SHA512
d4541412f577d3fc334a5292bbc6acaf716fdd4f3f62e7e5c00ae9119a24ad9d627786fbeede7f1ae0efc54d6600d6c236370d7da7e625e8010a80445c690d56

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\granulocyte.tiff

Filesize
681KB

MD5
fbb1e8ac73e4fbf5e12fdbb84a251d03

SHA1
0d9755ac2360cd03cdc9c612324ae5ef474acb53

SHA256
80a2f164c0c5fda46134f66be3979fd4a63f5fd2c0c61c63bc364d2a3b8b210d

SHA512
d4541412f577d3fc334a5292bbc6acaf716fdd4f3f62e7e5c00ae9119a24ad9d627786fbeede7f1ae0efc54d6600d6c236370d7da7e625e8010a80445c690d56

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\msvcp140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\msvcp140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\msvcp140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\AppData\Roaming\nslookup\vcruntime140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\Desktop\BrowserUpdate.zip

Filesize
1.7MB

MD5
f31f4c63bfc841e2ec965972643b2be4

SHA1
37a7637213e32d7bec80b5b65265d7811599be63

SHA256
a44674bb518d90a3bfdf290d47f6c656a2b203cf5ee461f064ed84388051b623

SHA512
9ffac6f5958f37fae6fb01c9d0e57982dad1778c62e76f830368d8442d55c6e126c9b4d5df20fb8acf760931f2279c441d49906dc4d642420585ec408d8a51d3

Download Submit
C:\Users\Admin\Desktop\Package\MSVCP140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\Desktop\Package\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\Desktop\Package\VCRUNTIME140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\Desktop\Package\granulocyte.tiff

Filesize
681KB

MD5
fbb1e8ac73e4fbf5e12fdbb84a251d03

SHA1
0d9755ac2360cd03cdc9c612324ae5ef474acb53

SHA256
80a2f164c0c5fda46134f66be3979fd4a63f5fd2c0c61c63bc364d2a3b8b210d

SHA512
d4541412f577d3fc334a5292bbc6acaf716fdd4f3f62e7e5c00ae9119a24ad9d627786fbeede7f1ae0efc54d6600d6c236370d7da7e625e8010a80445c690d56

Download Submit
C:\Users\Admin\Desktop\Package\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\Desktop\Package\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\Desktop\Package\mozglue.dll

Filesize
222KB

MD5
c7c981ca225470d807c329c32f17b036

SHA1
bc5c480f4d20925cf68cb72661e037ba17f771d9

SHA256
4159b1ccbb8da3b89d1844628312cf3efd52dec6c1264278cce9b265c295c8ff

SHA512
af57a68d3d459a4ebf4409729c1069a413e0f8a026511d3a677d5c84701e5e5aa55bd9f77903695837174c86936a3db62941bb9459e4deee0ae75ddecec1d0bd

Download Submit
C:\Users\Admin\Desktop\Package\msvcp140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\Desktop\Package\msvcp140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\Desktop\Package\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\Desktop\Package\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\Desktop\Package\palemoon.exe

Filesize
279KB

MD5
64e3c6d6a396836e3c57b81e4c7c8f3b

SHA1
f689e6995c85817193282163a18ec917c5f8d5c2

SHA256
f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85

SHA512
a57349e922f7608524ea721ff2cff3876587b53eb6875a996ff2ff6681b8ae57d6f33b3598d327f5e02bfbed0e253a19c4f0f94382439879a5fc32c1233e5dfb

Download Submit
C:\Users\Admin\Desktop\Package\rot-13.pscript

Filesize
1KB

MD5
ac1cd856f434464d3f68465061171d0a

SHA1
57ae543f84214cf00576db15bd24d2e1f3bd4768

SHA256
2e4bd5557aedd1743da5fab1b6995fbc447d6e9491d9ec59fa93ab889d8bccd1

SHA512
6348f2c1dd131231f041b5e59bb83eb7e337c93799a955df66fb077dc3b91659263cf8780bc7a6a007008155cc2c83b0ab1ac145abca2a8fa7d3500af46d1a49

Download Submit
C:\Users\Admin\Desktop\Package\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\Desktop\Package\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\Desktop\Package\vcruntime140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\Desktop\Package\vcruntime140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\Desktop\Setup.exe

Filesize
976KB

MD5
1cfcd71517a86f325cd631fe0a87f96b

SHA1
ef1ca3f6efc4798d774deda4c5a34459328d519e

SHA256
e58a6c6ab2fa3d5e7ea3f13421f7818d614051e3c8d8cf360c3192c82df6a508

SHA512
ea67d20a7c6d91596065169855d5d797acbfa6f93a746c3e77dfa863060786d147b5671c0a4fd76aa963e6bbd122e07f12342ec21488c23fbf20e998d3d56b5c

Download Submit
C:\Users\Admin\Desktop\Setup.exe

Filesize
976KB

MD5
1cfcd71517a86f325cd631fe0a87f96b

SHA1
ef1ca3f6efc4798d774deda4c5a34459328d519e

SHA256
e58a6c6ab2fa3d5e7ea3f13421f7818d614051e3c8d8cf360c3192c82df6a508

SHA512
ea67d20a7c6d91596065169855d5d797acbfa6f93a746c3e77dfa863060786d147b5671c0a4fd76aa963e6bbd122e07f12342ec21488c23fbf20e998d3d56b5c

Download Submit
memory/972-448-0x00007FFAFBE70000-0x00007FFAFD4E7000-memory.dmp

Filesize
22.5MB

Download
memory/1772-410-0x00007FFAFBE70000-0x00007FFAFD4E7000-memory.dmp

Filesize
22.5MB

Download
memory/1784-393-0x0000000072A60000-0x0000000072CF1000-memory.dmp

Filesize
2.6MB

Download
memory/2548-439-0x0000000072A60000-0x0000000072CF1000-memory.dmp

Filesize
2.6MB

Download
memory/3068-493-0x0000000001290000-0x00000000012F4000-memory.dmp

Filesize
400KB

Download
memory/3068-576-0x0000000001290000-0x00000000012F4000-memory.dmp

Filesize
400KB

Download
memory/3068-574-0x0000000001290000-0x00000000012F4000-memory.dmp

Filesize
400KB

Download
memory/3068-553-0x0000000000490000-0x00000000008C3000-memory.dmp

Filesize
4.2MB

Download
memory/3068-543-0x0000000001290000-0x00000000012F4000-memory.dmp

Filesize
400KB

Download
memory/3068-496-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/3348-379-0x00007FFAFBE70000-0x00007FFAFD4E7000-memory.dmp

Filesize
22.5MB

Download
memory/3744-416-0x0000000073BA0000-0x0000000074DF4000-memory.dmp

Filesize
18.3MB

Download
memory/3744-438-0x0000000073BA0000-0x0000000074DF4000-memory.dmp

Filesize
18.3MB

Download
memory/3744-355-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/3744-417-0x0000000073BA0000-0x0000000074DF4000-memory.dmp

Filesize
18.3MB

Download
memory/4060-338-0x00007FFAFBE70000-0x00007FFAFD4E7000-memory.dmp

Filesize
22.5MB

Download
memory/4220-579-0x0000000000490000-0x00000000008C3000-memory.dmp

Filesize
4.2MB

Download
memory/4220-590-0x0000000000D00000-0x0000000000D64000-memory.dmp

Filesize
400KB

Download
memory/4220-559-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/4220-544-0x0000000000D00000-0x0000000000D64000-memory.dmp

Filesize
400KB

Download
memory/4220-580-0x0000000000D00000-0x0000000000D64000-memory.dmp

Filesize
400KB

Download
memory/4220-575-0x0000000000D00000-0x0000000000D64000-memory.dmp

Filesize
400KB

Download
memory/4280-317-0x00007FFAFBE70000-0x00007FFAFD4E7000-memory.dmp

Filesize
22.5MB

Download
memory/4400-414-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/4412-479-0x0000000000CF0000-0x0000000000D54000-memory.dmp

Filesize
400KB

Download
memory/4412-465-0x0000000000490000-0x00000000008C3000-memory.dmp

Filesize
4.2MB

Download
memory/4412-459-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/4412-468-0x0000000000CF0000-0x0000000000D54000-memory.dmp

Filesize
400KB

Download
memory/4412-458-0x0000000000CF0000-0x0000000000D54000-memory.dmp

Filesize
400KB

Download
memory/4412-461-0x0000000000CF0000-0x0000000000D54000-memory.dmp

Filesize
400KB

Download
memory/4768-440-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/4948-361-0x00007FFAFBE70000-0x00007FFAFD4E7000-memory.dmp

Filesize
22.5MB

Download
memory/4988-462-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/5084-486-0x0000000000490000-0x00000000008C3000-memory.dmp

Filesize
4.2MB

Download
memory/5084-482-0x0000000000410000-0x0000000000474000-memory.dmp

Filesize
400KB

Download
memory/5084-499-0x0000000000410000-0x0000000000474000-memory.dmp

Filesize
400KB

Download
memory/5084-497-0x0000000000410000-0x0000000000474000-memory.dmp

Filesize
400KB

Download
memory/5084-480-0x00007FFB1DE50000-0x00007FFB1E045000-memory.dmp

Filesize
2.0MB

Download
memory/5084-478-0x0000000000410000-0x0000000000474000-memory.dmp

Filesize
400KB

Download