hxxps://getshared[.]com/O4zyLLUF/c0ae45421176532279aaa8641913ba0e

Resubmissions

01-11-2023 04:39

231101-e91nqsae4v 1

01-11-2023 03:57

231101-ejdfhsaa8y 1

01-11-2023 03:42

231101-d9qm4abh72 1

Analysis

max time kernel
1045s
max time network
1050s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getshared.com/O4zyLLUF/c0ae45421176532279aaa8641913ba0e

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133432871704459197"	chrome.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\.crdownload	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\惶䢨眀耀	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\D1붐ᰪʳ\ = "crdownload_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\潬灯s\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\惰䢪砀耀-	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\惰䢪砀耀-\ = "crdownload_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\crdownload_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\惶䢨眀耀\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\crdownload_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\crdownload_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\crdownload_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\.crdownload\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\D1붐ᰪʳ	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\潬灯s	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\crdownload_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
3812	WINWORD.EXE
3812	WINWORD.EXE
9568	WINWORD.EXE
9568	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3628	chrome.exe
3628	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4196	OpenWith.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
3812	WINWORD.EXE
3812	WINWORD.EXE
3812	WINWORD.EXE
3812	WINWORD.EXE
3812	WINWORD.EXE
3812	WINWORD.EXE
3812	WINWORD.EXE
3812	WINWORD.EXE
8104	OpenWith.exe
9568	WINWORD.EXE
9568	WINWORD.EXE
9568	WINWORD.EXE
9568	WINWORD.EXE
9568	WINWORD.EXE
9568	WINWORD.EXE
9568	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 1128	3628	chrome.exe	86
PID 3628 wrote to memory of 1128	3628	chrome.exe	86
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4988	3628	chrome.exe	88
PID 3628 wrote to memory of 4280	3628	chrome.exe	90
PID 3628 wrote to memory of 4280	3628	chrome.exe	90
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89
PID 3628 wrote to memory of 3316	3628	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getshared.com/O4zyLLUF/c0ae45421176532279aaa8641913ba0e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff9c00d9758,0x7ff9c00d9768,0x7ff9c00d9778
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:2
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3896 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3892 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 --field-trial-handle=1876,i,5954819154503023647,11443031260461966839,131072 /prefetch:2
  2⤵
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:1992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1896

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4196
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload"
  2⤵
  PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.0.1723797970\1086802152" -parentBuildID 20221007134813 -prefsHandle 1848 -prefMapHandle 1828 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6280cf84-f8c3-4b9c-9858-23f1b65239b5} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 1936 23fd0ad6258 gpu
      4⤵
      PID:5236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.1.1697799230\293370611" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c685014-8cb2-4b1f-879e-a166c81dd715} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 2404 23fd05e3258 socket
      4⤵
      PID:5328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.2.211809906\1888904825" -childID 1 -isForBrowser -prefsHandle 3460 -prefMapHandle 2980 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce0e664d-6b06-458a-9ba3-3af8b3bb4f35} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 3456 23fd4985958 tab
      4⤵
      PID:5820
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.3.1649852435\893907888" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3548 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cea2a53-972c-4459-9d28-c995cce8ae09} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 3028 23fc3f68458 tab
      4⤵
      PID:5924
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.6.1206819013\111148052" -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed450b46-62f3-4740-84ac-df174bee90e6} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5480 23fd3ed4f58 tab
      4⤵
      PID:6024
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.5.2115641269\1016729641" -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c123d1e-740d-4e5d-a1d8-9337977212c7} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5372 23fd3ed4358 tab
      4⤵
      PID:6000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.4.1864576667\603629574" -childID 3 -isForBrowser -prefsHandle 4760 -prefMapHandle 4764 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1180 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {049a203d-f02f-4337-a086-44eef6cc6e3e} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5156 23fd3ed4058 tab
      4⤵
      PID:5976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
1⤵
PID:2288
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
  2⤵
  - Checks processor information in registry
  PID:1132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
1⤵
PID:1992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
1⤵
PID:2976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
1⤵
PID:2268
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
  2⤵
  - Checks processor information in registry
  PID:4896

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload"
1⤵
PID:5904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload"
1⤵
PID:3000
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload"
  2⤵
  - Checks processor information in registry
  PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload"
1⤵
PID:4596
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload"
  2⤵
  - Checks processor information in registry
  PID:2480

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16227:116:7zEvent2320
1⤵
PID:6888

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar\" -ad -an -ai#7zMap27779:116:7zEvent2039
1⤵
PID:7624

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Mahaa Saeed Exit\Ogilvy\Easy Paisa\April Tasks 2023\easypaisa_webdoc.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8104

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Mahaa Saeed Exit\Ogilvy\Easy Paisa\easypaisa_youthaccount.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:9568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
186KB

MD5
4a2977698422c3c6e58b664643322efa

SHA1
939e0f3f916f936be7c8c49121d8f245b99cab1b

SHA256
d60610d21436821de350b6e21d3915e5ea1617d97cf20f7aaa1d5ae782cc4cd8

SHA512
ca9d91650de72ff1faed43344dbc86ea3e81d4fd615b89347d31c7676fde084ddcae30a9dbfa3b341ec32b00966004fe7d6d96e383b18363ebd8f02b982ffd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
fae5b4ee2431b605e123898f7b39b2e6

SHA1
a098cfbd6aba48697b5645291fa62ba0009872a3

SHA256
bb898f886d126e6e57ba78042c17ca91ec0e8cf3219ed5940740ee13aa7aa08d

SHA512
f90e5006913e01cfb8c02bf04e2d7aa0c4ec7cc9263be86828163c062bab3429ebe04ad4111a2231fd056315afc2129e18bd754b892a8b5a3684e5ea21a8534b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7fc6fbbf94370d041045b0ef6d4cea3a

SHA1
e0b7587ae042fb52e446acde4eef48eca3aeade4

SHA256
5bb81e084d9061b60514d38e8dcb941e148ea6d4049c254ca0d71ee1241f728c

SHA512
b567b43ea46461412a3d843fdcd5bae732f7f96f2613d415f53c3cdec048e9558a2a21e3efff0b86513f2eef2ca72f98288bc73bcd3d84fed9110e905d1d9dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2ec5af116c4baa6f8dceb38ae8400736

SHA1
b7736f7c0a64a1f91bdb972ebc9667846398e90f

SHA256
206179b349c87463f5fa17528f7eefc6d937be84f709b42fb654fb7c342266cb

SHA512
97d454631e60ab384f1c0a1151bec1bf57f8d7971fde155b30f5d78b2a28090144293ebecd596d4d9ef332df715ccea9c74f402b8bdd507c2296d70ff04434ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c7c82b30a2b2be5d8d9e7798fa2401a5

SHA1
215839ec84737ba1ffa3d7301f26397b1f48052e

SHA256
c9a7683f5ec98f9ff4e8f71d6c4eabede27a3dc374949d38cbd9168e0acc1fe5

SHA512
da7fd270d53d8f856dbc3c327ee9cda5d2444be6d980604b02fdab4367d8804dd2141a7755c5f9353ddf2d01df26253643cfa999af8c294fc11db4abd9caa7a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8439165acf02580484f7e830f607d089

SHA1
8fc78f92a099a38a78e1a85534a2182ed35ddccd

SHA256
c12958f39ae8b9464c3fdae9902afd7857f285780cae5eff491af2ff963eab7c

SHA512
1e1526e6ca66e46d33edefd2a4f669356b5cc6440c99b6cc89196bb82b1b6d8c43745443d605e86bdd7ddeb7f87b056d176a7b89ba59430b53be2f511b0a4e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52f9da9def9a3024846316f941e08474

SHA1
8b840593bed01665d793ac13a051b2609507b01e

SHA256
1bbd837add3d79eac77668cec9ef8b2ddd1615eb412c5432cd3a7d348cee7951

SHA512
e033c80a525a30189b9a567945f315afdcd449f12309f72193972f153704beaf82c71e5159b85165e52fda0b74735137016ebe2ebf03f3a23154f40a39584f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
b3217c769b35a558d3f80c91625e15c0

SHA1
3563efe8ba4ef27ca1512427ac7ec50e311d283c

SHA256
b3ea145829722d8a2913548715035c12c425db88c6c92c104e15215d35ae6526

SHA512
346b35948bd1e9dc5dcf371e0054ec45f34b55e4bfc8ca8fe569282fefefd496e6516975fabbdfe2c1e5eb6b6551d01bffe0c97c2aea8db4495567cfede2c50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\920521B5-03DE-4D4B-A9D7-B8226634D2BE

Filesize
156KB

MD5
18a79d02b6ee88cfdda71ff1b6c0fc9a

SHA1
5f9d54e0eb432f4999e9db9f018d062175b89c5f

SHA256
60fa712283c37463ad50580a25657b4caa1b5f0e8b973d337338ca93a194cd46

SHA512
4fbe23564ebb3650e7bf553fab76e9974810ebbfcba0f5cdb1635dec6a9707f06999bdf590792bb5a93acff29d70b15d8341fe3e0852f93f211b035f0a582572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xml

Filesize
76B

MD5
0f8eb2423d2bf6cb5b8bdb44cb170ca3

SHA1
242755226012b4449a49b45491c0b1538ebf6410

SHA256
385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944

SHA512
a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db

Filesize
24KB

MD5
cf950a85de1bd9fb67ea0f2553cc690e

SHA1
e06e34f36dcce270ff6a894c8decccf88445d2cb

SHA256
3d3d199e4b6080fb901dbc97a271392cf189378a584a96a396acd47973c338e4

SHA512
2ba999610359d6cd78dcfa12df6ac08cd0f3e8ad56a79dc2f16be00ea445a5419611b6d5346327dddada1cc43b3310ade3524e3dadba823ed657f1334c5ad391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
62a3bb138ef4587cd484bd76b1904dea

SHA1
e6b1586fc9112f0f5a6ad8daba037bbe870f4ecc

SHA256
61850d9c7281056e1ecbcfb3079e06ae55d796e427f97846d5adb69ae89ad1b2

SHA512
bcf84829b07279973e0b5e3af91c83a3e27a6e575f4f15dcd3f471118c277ece24fa98384697f55292ed67f7be0dca68359a9151f2c76d0b170c653b1e8e5b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
e11117ebb98fdc8af883374301be3ca1

SHA1
931b623ff630df55d48558c9039db6887175906a

SHA256
44531992722ad0b8a4b1b9c7d97defe73a03c0b0ac713fad3b449d9db403f130

SHA512
cd382ab63384c55998dca50903e764f94acbf61b36c819827c368cb3d3793b0579d4cdb2a3799a8403c9c98bd7037b13343ce01009b17e73216ed6fbe5fa12fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
97aa0b0178a14ae2c12e3db1f28fe0b0

SHA1
f52ebc07f2cacffee4276eb93973c9ea436e108c

SHA256
4aee7df0e516d446813406c70d0a18e87689b06e442f20cec9df41a12be1cd53

SHA512
9d238d8c5250da0da22491900d2bdd5e21f2977fa88511b2a1f22bba8923258c69016d9cf7cb94f013e4660dde80cd35f39c30d2dc7749942c6fa33175ce46a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\doomed\3736

Filesize
9KB

MD5
9282bb52111ffa4f2aa02d4ed10185ef

SHA1
c83cca860005ed29e03a9cdcc208ac1fd5fd9b41

SHA256
ace59e2fcd89a2663cfcd3934985e69dc14012e7ebacfdbd6e565e4aa2d0efe4

SHA512
88f7b4bbdc698b0f01182990e53d1c042d0680c260ec8e05d6027f5ea216e0920176ec6a06f54d9120cef851fd83ad3dd15996a985c56b4bb97ab818424f393b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\04pqhkp3.default-release\cache2\entries\51D52D298316CD3F9A90A40E946BB34EFA1BFB72

Filesize
13KB

MD5
92bec74ef5158056ef5f8ecbb2b32d41

SHA1
8a7b9be4893a3724a06ab4616f4d73dd6483b604

SHA256
8c6371aa0728f9796448112fabee6e64ea5569ffdccd248926a2b316f7125bee

SHA512
2dfa7236c0e2bf8c47c79e6f32070b1cae7f14c9366eabfcb9f5481ad413320756952c2e1cfdbc3aa3c4a1374bc9889f2d4e868b06440e22f6795da34854fca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mso3DCF.tmp

Filesize
663B

MD5
ed3c1c40b68ba4f40db15529d5443dec

SHA1
831af99bb64a04617e0a42ea898756f9e0e0bcca

SHA256
039fe79b74e6d3d561e32d4af570e6ca70db6bb3718395be2bf278b9e601279a

SHA512
c7b765b9afbb9810b6674dbc5c5064ed96a2682e78d5dffab384d81edbc77d01e0004f230d4207f2b7d89cee9008d79d5fbadc5cb486da4bc43293b7aa878041

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
241B

MD5
ebdd41c474af25e3c401ef0fac777d67

SHA1
4de2b4addffc05ad14c932b01426edbf5a4683b9

SHA256
b31f97c7780583d2a6f1d5b0e7351b69c9d2dc034794cfd0b1e22c3bf4e62a09

SHA512
044a486168fc10626821a9ba83a2e046964ed1c42bbe892bd20bb515df50b08239aff1b478e1e8545642d238a6ee16fd8cd8eac31ea4669d486246bd60e675ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
290B

MD5
a7b8c65725a123eca8175a57a1fba68c

SHA1
74b780200931803124e0957648f971ce5f13c1e9

SHA256
d854f1262a5318cc452f707819bd4009dfc27285c1faaee6cfa12d2833640cb1

SHA512
a8f6e359a045fb3ebb52640992ab61d75ce46db6dcea1ee64fea3ba40d10b3efa7c0b70bb500e23bacbfdf9504653300ebd87dabbfcee42c00746cd2a4deb3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
290B

MD5
a7b8c65725a123eca8175a57a1fba68c

SHA1
74b780200931803124e0957648f971ce5f13c1e9

SHA256
d854f1262a5318cc452f707819bd4009dfc27285c1faaee6cfa12d2833640cb1

SHA512
a8f6e359a045fb3ebb52640992ab61d75ce46db6dcea1ee64fea3ba40d10b3efa7c0b70bb500e23bacbfdf9504653300ebd87dabbfcee42c00746cd2a4deb3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
5fee181ae4b17c70fecf59a8bf447e40

SHA1
faec6ee2d06dc3655adf785cd51bf9f743665684

SHA256
63d3435b1632105534c95ce3cf5f563370ca01bf3ef858b3f3fbbe68e8d665e5

SHA512
3de46287fbd09054d54aab7053fea586a2495d9bf0cc8f1a1de088339a275943960092a141a7435cbef3d277b9c94ad8256b1cf405d617d6affa09351e188eed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
ad39d33a534d9efa8a2320a8f6fbb09c

SHA1
5017b3c3fabc5f5b2d436f81fbd31fc00c2dcca8

SHA256
f53dea45d2bfce1636847be3b2497ccf0f84a69564eb256a3d2688eba5432695

SHA512
e8d78c5a303014fbfd46dcdf9ef91d3fc9962ae7e9867afb59d73ee0dafc63827202eba6ef0d2ceaa7a56e8093d729a57b9e06219e335ac8e7e2689744558194

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
02db2681beac9558d0b67a0cfbb1af6a

SHA1
98773e0e263636e1046970f15a938e7e953d2dfc

SHA256
5324867a0f77c1ac876de0304e41349063711974eecdcf23dce035b167134bfa

SHA512
92914f627c55d68f36cbe7d6ec203134257c2ad6553871ccf6c8c12577b087312e2265f2c50026f6ddec1dd2da412ecc3c2a14f161073ba5d42c6576c09a4ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
e9448632860af460305289247020a62b

SHA1
8f37b525abb3ca450fb00aed911b954190235e38

SHA256
29ab70e722edf17df83184a9d5afb2f1c769ed1cd99e7a85c78d75d8894df849

SHA512
966d981bebb05fefe70b6f88e7736d8f413f77490fb755977c50504a3c773fb97dfd463609c999f6993ed14e6971c360515ed2706613cac65f9dd364771feabb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
e9448632860af460305289247020a62b

SHA1
8f37b525abb3ca450fb00aed911b954190235e38

SHA256
29ab70e722edf17df83184a9d5afb2f1c769ed1cd99e7a85c78d75d8894df849

SHA512
966d981bebb05fefe70b6f88e7736d8f413f77490fb755977c50504a3c773fb97dfd463609c999f6993ed14e6971c360515ed2706613cac65f9dd364771feabb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
746176ec86efab1675514e405acef26f

SHA1
3358680fb82b06311aa46cc7052071ad7cd40599

SHA256
534082724fb52d7484be4d39162bde5dd14ed7e363147f500c49a878a999b5b0

SHA512
12794253e8cee21f576e43fe740fe8ab4077b87f57e9ec4ee54313e5b393c2b1d081000a8fa91c6a22207703aaa876f5a2841b080e78df8242c5b8f2d7524478

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
5KB

MD5
148d23aba1b3da85858c0280aa01b3d7

SHA1
148074176a4ae0657542aaab98239dfbadbf641e

SHA256
721df9b0732709e2c0677994f60becfa5cacaff2e5e465df05cbd1aace11cdaa

SHA512
7618d89167e90a37cb868ca9569f4e4050155447eec980ae9791b68edbe5955875ce156033fa7a939b8662741baae8955430106eb9b8f4032ee2928a645cd672

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
10KB

MD5
4ea0c2d3557145e5467892d506035264

SHA1
e7d160da0a845040769af756f7c0613891a7b613

SHA256
b70e32f5e34f1d8273eb0ea98e5293ec772a3b972f8efe2cf5608be4b3957596

SHA512
8a72160407f7b718285fc5a61121fb29d05388821e59d722695c78da7dbeabd6eb9b402e97d0b2d8a988bcae616bf548518480dbb5a74907eac5f5b5a9375068

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
7KB

MD5
3dd7d4ce8a5e9d919cc59992902e6c0b

SHA1
857ebb68db3e33d25b868b4ba3ce52f26708a455

SHA256
1d33df8ffdc9862aa38e590cfa6f19808213d94399da88840a26f1b3c72fa78c

SHA512
25a11136735183ebf5da24704b2f2aecd404d5cbe13b726c24c02a085fb3b3e6c1ef479521b8ed9a838878b13c73bd33dbfd325d28f1b46ba9ae4805f63f5f84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
7KB

MD5
b37a6fc3e34def391234f2e1f4ef1789

SHA1
f9d8ea8cfdd1f7936242a6ec1a62c01637c46022

SHA256
f330db83ad0490eda82b20b335eec1e96fabdb7afcbee87dfc69e0cc8bc3acb0

SHA512
6b938b5cab0ad32d2dee4366864404451de7a31f0d17eef6262469e55a786982f4bb63593a65d9a98ea0ae75700a821ae4e62189fe344e1b11f7f9fad21012e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
7KB

MD5
5c797c33d278408462e98df6d1670f00

SHA1
e9dd43bba80e0f05564011c82a4597164931c85c

SHA256
ed1a09653622dac60be24492051b8a067704429b00093e8f2a922dcc3eead15a

SHA512
d0f0dc40e714384323f4b0a56064ff0dab12dddb2d237331a59a955e45f97062f02358fca0cdb6d1271e87f920b95794d5df7ac982ba97b68359d0a093a228cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs-1.js

Filesize
7KB

MD5
ffd19306e177882ce2d54f9ad71346be

SHA1
347782f1b160f476ec23746ec0fdece707719686

SHA256
80b2187b87ed0705af83071d23c0c6724ea1ea0aa8451811115d65a3d275d03d

SHA512
e9dd3835aaba65b0cf730f648239d92bcb0d19a54df242b398a786d70f925fb5e77d848aa08e08b17fb9609c586fe3e0324b9e1a8f3b4f7ae48627b6216994f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs.js

Filesize
6KB

MD5
341961fcdd15e16827d8a5bdc20a50fa

SHA1
8655052772676cafcb33c1458c2253af6bb6a3c7

SHA256
a3ed97e5f3ba69dd2a8beac530ca0daeb8fb20ca4eef61807d49c94e51599758

SHA512
69536dcdda18012e1e4835b674247e878692a7b2867d393914ccc53f4e44d90f757f5e98cb97d3cecebae4be6c1821420ac5c18492417377fdc25befc479f3de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\prefs.js

Filesize
6KB

MD5
6b361d3a9bb596bf26874bac469fd33b

SHA1
1a2604bc07d3c294b44a10af62487497f071f3a2

SHA256
e5ad4beb3c9f35c34b36c42afd8891a93ec812ba05071b6ff57869a36a15b98d

SHA512
2d75c888ac37c82cccdf5bf897155941290a86cd03fefc09b27cab877f0a4d41b54f22c9e2cb0e938814979382ff16692e2bf75e88f7723cafc5aacebc3342c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f6963f4ad98e203a922da740a95a504b

SHA1
c89239fea982bd8cd601030c1ba9122f69545332

SHA256
86112c62e3398e6ddaaace76456daa38e4e8e5040706d1d5da1264870fcf3c96

SHA512
bd5d5b229009451964cff3844fa7151b4a923993a1c587728d8bb77184ade3ac70504460b265fb192e143d1e4941f5043fb754d992beb2154323a8e772ea2fe1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
34cbaae26a24df1f62872e2bc9433aea

SHA1
90cb4dc0c34b08b876c8385fcb2b461064f166cf

SHA256
72b4a3e5395fc104d25f7ee30dec339bb62951495bec8753ec309070be1eb70d

SHA512
80459d2ad151b75adf00f2d34bfd3b343b1619daa3805fbcc691318bcfc7676eaa6050f64aa03a07114840e7094e1cc2d802d91ef45ee00e338c6c1b6fb6ee00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2fbe65cd1b78fbb1fb34d800af3e7b0e

SHA1
638976a7a7b037c61b81e7e041ece0fdcc7bc3f5

SHA256
d5c5974beadc820fa3e1fc9b7e8c1c0ff747e4357568f7181b6ad457b0ac887c

SHA512
fcd162d36476f34eabf7405aebe1a22ede2bb99886a6162a96badaf2c107148b274c10f1332758341dcd3c8f0ab8946b3edf3d1851c641cdc695c2b6d1d8debf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
dfbd3ccb3b799cc6cf8b45dd230dae4b

SHA1
7b43b45cb2398ecbfa128882204a3659e845fef5

SHA256
aa28ea7d698f6d47719cdb20abc9fa97bbbfb2c104ddd0d3a0f75784a828edb2

SHA512
c3d2f7f13b71bc0300bd22336f98d41ce2f851fb63306fc6c90ba05c99b3d955936db4c6fc63f566039e3f50d745f42e3aa823cc9544dc95160e84ffe879a7bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
996B

MD5
8355d895245c3e46fa29e1b521e762a3

SHA1
51ec424d409d66fed709885019add22694b7c962

SHA256
aa408ec4e29f27fa6b8cff51e63a0ab1c2ee95942eb81dcde8cc5967781b6ce2

SHA512
ab20888598477618b5eca8613fe910c7d2ceabf44c3d752511c139377af81f78087648ebfd1fd6c9a171e62075406a770a7b3be28c822a1dee66096d504faf82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
09219cca7e60b8664367770b7c518961

SHA1
cd4ee61a540a97284c7ef97ff53a897d06b6e026

SHA256
9ce75780389122c5b7037e0bfef1a2c45f4d913b5d1a466953647a9ec6dea43d

SHA512
be12510e686bc59cb2b284b2b3c2daae5ca54584781cd7a76c7cc3efb9a4a1ad7610ce5e4205b517fe31684fece1da8666756d9aa8839f74ea3247ac9c90ff9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5ed7d425e6704478bfada24cbac4760d

SHA1
7083244c6a71b287bcab6491c947b1693b9dd488

SHA256
4cdc2134bdd7ebdfb5846de60385ffc91c5e8ac7f9bad5c5166f2d6cb463b409

SHA512
902e7b6daecba5f9648fb0053304891b77a21eb3b92d62f40076ab4dc4fd1595e6e8bafb777dc38aed02b1a432d24f26f34f3036f79f9c69571cb940918c3883

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b9f9706dd8cc29048cdc072a8f0998ae

SHA1
087f3793ffb116cf49479ed0ca37b734287ce28f

SHA256
1d1c1647190890ef161a7d69e6172a193490da744aee17cad255a68ee305bf23

SHA512
0fb7b2161706fcc0702b8bc846c1b3f5e6c66f7307aed6b663213736b5e5af97ec75446c8f6f6a4cd5d0a2b5b5eeaf929d6d28525366c014f6088faf89d1d15e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04pqhkp3.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1219dfa2a76f7f127a31dfff407e6b85

SHA1
d0387a61593ea9c2e021cad17d1604de302c7f50

SHA256
fece69d0ca5e535aa0d5babd5a5ba8bdc4c1fbc96d28f2ae7798cc8997b00ff1

SHA512
6ea65e6d28dd79fc0249f10c824fced9370f011a391fffbe2ad5e4326a72707739acbe17664976d81c7dcaf5b090de05f75eca062256f5d3b54bc6a039e43065

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar(1).crdownload

Filesize
102.4MB

MD5
5b9f3fbb13f2bbeb475b7d5bf6c3b937

SHA1
f9e8ff28fceffa04d3566701b973bb2440ace832

SHA256
1699103e54a206d99c502b0ddd715d38bdcdfa68b125b467cdd192e98f3e9d3f

SHA512
3b5bf1bbca82f6b6d840a1cd8b07759d5aa75a3e86624d95151aa2a573902119aed741d3f17c68434baff46a930826e924c704613abcc90060795f3b30b1d211

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload

Filesize
274.1MB

MD5
90548dd4e7a06d93be6885f307f985c8

SHA1
a0b7bdef7bb4280522540861fc6f197b2163583b

SHA256
00871c968adf1ea0518574cc31c7a81ed17960b843844b6b0f1c656899e9ae86

SHA512
990f7ee3e1241db25c42d483b244edf2f5f065c400e1f41262513853b352c6ee7b8674e10471e7716dee3c12e899856108c4d8f7659b1a174a53823d47611bd0

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload

Filesize
277.5MB

MD5
b689214a90a4e35c4b6441f94a7c4363

SHA1
0a9b167f4581cb578fee1d7e6a498c3c04df186a

SHA256
cb3e8345d6591fb84ee95b06dbb9aceb88ba9be9355a9675b42ead6b181fe071

SHA512
62f690608d739491feb57adb920cc2a6ac36d65caf6befc258718d2796fb917be7fcc6b024d11919249099e6bb837c6cd83dce9b411e19e98d7c805e225c06a2

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload

Filesize
339.6MB

MD5
88bb102c5c254acb9702cacca08bce0e

SHA1
0d2de6a2989cd1bf94332b3762b3c83af77dde3f

SHA256
6d1a158c675e83d032500943bc6f371154731dcb918bb93733e7327b3607d09b

SHA512
eb7dfb7954eb54900f17fc21f304d4319eeab7ee29a19fb834314e507e530d082f94a96a06787ea78b54694cd7762604ecc41898879bff1ed0ff7652f169c94e

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload

Filesize
548.3MB

MD5
ee01eb084157f500f8eeb7d08c6aa1f7

SHA1
1b0967f5c1d891523b61a550d77fc63f4ffe870b

SHA256
d626fa150ea12165f2796e587e7be605bbc7b4d5b7cc0cceafdf89849f89834d

SHA512
9704547c2d2b209e1a78b835bd06bce482e30f17c934348c74ead46a3d6734c4e735a9fe5e4110da4afd0020c47b90da05f6b95ea013aa274733c02fde63ccaa

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload

Filesize
548.3MB

MD5
ee01eb084157f500f8eeb7d08c6aa1f7

SHA1
1b0967f5c1d891523b61a550d77fc63f4ffe870b

SHA256
d626fa150ea12165f2796e587e7be605bbc7b4d5b7cc0cceafdf89849f89834d

SHA512
9704547c2d2b209e1a78b835bd06bce482e30f17c934348c74ead46a3d6734c4e735a9fe5e4110da4afd0020c47b90da05f6b95ea013aa274733c02fde63ccaa

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar.crdownload

Filesize
548.3MB

MD5
ee01eb084157f500f8eeb7d08c6aa1f7

SHA1
1b0967f5c1d891523b61a550d77fc63f4ffe870b

SHA256
d626fa150ea12165f2796e587e7be605bbc7b4d5b7cc0cceafdf89849f89834d

SHA512
9704547c2d2b209e1a78b835bd06bce482e30f17c934348c74ead46a3d6734c4e735a9fe5e4110da4afd0020c47b90da05f6b95ea013aa274733c02fde63ccaa

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit.rar\Mahaa Saeed Exit\Ogilvy\Easy Paisa\August Tasks 2023\~$Foodpanda x easypaisa [Auto-saved].pptx

Filesize
165B

MD5
8d8ca2f4e50e76907a852981ff83ad7b

SHA1
fe54eb49b5c092b379e737c494e251dc4e8c836e

SHA256
f38c056ce749218473fb2d61b4a553cae636e65afe4e41e5cc2a586cdcd1286a

SHA512
1d5fb9ccb3b27df316c8649749ec33d2c8e6847502029cea6a2d82bc8c19c95a6b900555695177df582a9492e368164b61543f93b1efe420cb75adb249529612

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit\Ogilvy\Easy Paisa\April Tasks 2023\easypaisa_webdoc.docx

Filesize
15KB

MD5
73c0a32dd919460377578c58f644a488

SHA1
5484b66fbdde5c4a3559d2cce5a3c00fac337403

SHA256
3bcb4c169b29cd9d098ad74663a05dfe8d58162147546643d7a5160e8c9b24d8

SHA512
39e4f85a746eb0a5ceb4b50ec8f4a9f0c3461adf802c800b2a3150e094e21f7da1d9a21143e53dcc8473428d29c58268200e7925bd8c35e98c411f46f7712bd0

Download Submit
C:\Users\Admin\Downloads\Mahaa Saeed Exit\Ogilvy\Easy Paisa\easypaisa_youthaccount.docx

Filesize
14KB

MD5
04d2934a2ab79b0a26130a00b9c2a56d

SHA1
a8f437deb6ac12c37bdf29a117011dd3ccf3e3b6

SHA256
1cb416da6de3662c44ca67e0deaa6601f62b74df1785d24e275d8fca02a4d9e7

SHA512
9d56cb9a59d4e3ba1fdf76435e0e27f313984d4e4c6ce16d26476a82921819868942a9811b2470c595ec7b3ba1df888ac65d1064197c6d4cd1a6d941abc93185

Download Submit
C:\Users\Admin\Downloads\efaAnZWe.crdownload.part

Filesize
102.4MB

MD5
5b9f3fbb13f2bbeb475b7d5bf6c3b937

SHA1
f9e8ff28fceffa04d3566701b973bb2440ace832

SHA256
1699103e54a206d99c502b0ddd715d38bdcdfa68b125b467cdd192e98f3e9d3f

SHA512
3b5bf1bbca82f6b6d840a1cd8b07759d5aa75a3e86624d95151aa2a573902119aed741d3f17c68434baff46a930826e924c704613abcc90060795f3b30b1d211

Download Submit
memory/3812-3951-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3940-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3983-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3964-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3955-0x00007FF98D2A0000-0x00007FF98D2B0000-memory.dmp

Filesize
64KB

Download
memory/3812-3954-0x00007FF98D2A0000-0x00007FF98D2B0000-memory.dmp

Filesize
64KB

Download
memory/3812-4034-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-4036-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-4035-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-4038-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-4039-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-4040-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-4041-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-4037-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-3933-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-3934-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-3937-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3936-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-3935-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-3938-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3939-0x00007FF98EA10000-0x00007FF98EA20000-memory.dmp

Filesize
64KB

Download
memory/3812-3966-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3941-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3949-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3953-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3950-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3942-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3944-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3952-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3948-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3945-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3943-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3946-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/3812-3947-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4056-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4044-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4068-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4052-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4051-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4069-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4070-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4067-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4058-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4104-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4059-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4060-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4054-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4105-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4053-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4107-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4050-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4049-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4047-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4147-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4149-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4148-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download
memory/9568-4055-0x00007FF9CE990000-0x00007FF9CEB85000-memory.dmp

Filesize
2.0MB

Download