e424c8f88a7ad9f2749b80e675e48fad4925340195fa6d1660e133d1662e4efe

Analysis

max time kernel
1801s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_rc55.exe
Size

21.9MB
MD5

bd2d3ea24aca804583431db9919cdd02
SHA1

a50558007c4021e8f2d2dc809b6b38d11d807ebb
SHA256

e424c8f88a7ad9f2749b80e675e48fad4925340195fa6d1660e133d1662e4efe
SHA512

701b5378338b0928742d3b5a9448426c4b7d27616646786a33f8d4187f2da06c9445faeb4095b405b6c548cfeca000fed6d0e12424a2c36dd10b2e4b64706ce6
SSDEEP

393216:WWm4KGHkV0wrvUQeG1Zp3vpGXyZT19Wqh68GEjikU8cvaf7Ia8:nKGHQUHGJ3vpGXyp1xhfGqSrvQ7v8

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2468	magictxd.exe
4440	uinst.exe
4552	Au_.exe

Loads dropped DLL 11 IoCs

pid	Process
4756	setup_rc55.exe
4756	setup_rc55.exe
4756	setup_rc55.exe
4756	setup_rc55.exe
2468	magictxd.exe
2468	magictxd.exe
2468	magictxd.exe
4552	Au_.exe
4552	Au_.exe
4552	Au_.exe
4552	Au_.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Magic TXD\licenses\pvrtextool\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\	Au_.exe
File created	C:\Program Files\Magic TXD\resources\icons\ps2.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\languages\it.magl	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\gta3.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\	Au_.exe
File created	C:\Program Files\Magic TXD\resources\about\powervrlogo.png	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark.shell	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\README.md	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\libpng\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\languages\cro.magl	Au_.exe
File created	C:\Program Files\Magic TXD\licenses\pvrtextool\COPYRIGHT	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\ps2.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\radio_checked.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\stars2.gif	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\about\xboxlogo.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark\stars.gif	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\bully.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light.shell	Au_.exe
File created	C:\Program Files\Magic TXD\resources\icons\mh2.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\resources\light\stars2.gif	setup_rc55.exe
File created	C:\Program Files\Magic TXD\licenses\AMDCompress\LibraryLicense.rtf	setup_rc55.exe
File created	C:\Program Files\Magic TXD\licenses\libimagequant\COPYRIGHT	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\about\qtlogo.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\libimagequant\COPYRIGHT	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\libtiff\COPYRIGHT	Au_.exe
File created	C:\Program Files\Magic TXD\resources\viewBackground.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\languages\spn.magl	setup_rc55.exe
File created	C:\Program Files\Magic TXD\app.bin	magictxd.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\libsquish\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\pvrtextool\COPYRIGHT	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\zlib\COPYRIGHT	Au_.exe
File created	C:\Program Files\Magic TXD\resources\dark\check_hover.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\resources\dark\downarrow.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\resources\icons\gamecube.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\licenses\libtiff\COPYRIGHT	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark\downarrow.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\radio_hover.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\AMDCompress\LibraryLicense.rtf	Au_.exe
File created	C:\Program Files\Magic TXD\resources\error.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\resources\info.png	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\Qt5\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\libimagequant\	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\licenses\libsquish\COPYRIGHT	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark\check.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\check_checked.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\languages\eng.magl	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\languages\ukr.magl	Au_.exe
File created	C:\Program Files\Magic TXD\resources\light.shell	setup_rc55.exe
File created	C:\Program Files\Magic TXD\resources\icons\README.md	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\check_checked_hover.png	Au_.exe
File created	C:\Program Files\Magic TXD\PVRTexLib.dll	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark\radio_checked.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\pc.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\light\downarrow.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\error.png	Au_.exe
File opened for modification	C:\Program Files\Magic TXD\resources\icons\lcs.png	Au_.exe
File created	C:\Program Files\Magic TXD\resources\light\check_hover.png	setup_rc55.exe
File created	C:\Program Files\Magic TXD\resources\light\radio.png	setup_rc55.exe
File opened for modification	C:\Program Files\Magic TXD\resources\dark\stars2.gif	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 47 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell\open\command	setup_rc55.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell	setup_rc55.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0	magictxd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	magictxd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	magictxd.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell\open	Au_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txd\ = "Magic.TXD.txd"	setup_rc55.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd	setup_rc55.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell	Au_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txd	setup_rc55.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	magictxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	magictxd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	magictxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\DefaultIcon	setup_rc55.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	magictxd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	magictxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txd\OpenWithProgids\Magic.TXD.txd	setup_rc55.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	magictxd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	magictxd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	magictxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txd\PerceivedType = "image"	setup_rc55.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\DefaultIcon\ = "C:\\Program Files\\Magic TXD\\magictxd.exe"	setup_rc55.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	magictxd.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell\open\command	Au_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell\open	setup_rc55.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	magictxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\shell\open\command\ = "\"C:\\Program Files\\Magic TXD\\magictxd.exe\" \"%1\""	setup_rc55.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	magictxd.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	magictxd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	magictxd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	magictxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txd\Content Type = "image/dict"	setup_rc55.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txd\OpenWithProgids	setup_rc55.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	magictxd.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd	Au_.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	magictxd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	magictxd.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Magic.TXD.txd\DefaultIcon	Au_.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{501B5027-9695-4330-9450-018876FAC015}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings	magictxd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	magictxd.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2468	magictxd.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
532	identity_helper.exe
532	identity_helper.exe
4428	msedge.exe
4428	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2468	magictxd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeBackupPrivilege	2468	magictxd.exe
Token: SeRestorePrivilege	2468	magictxd.exe
Token: 33	5516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5516	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2468	magictxd.exe
2468	magictxd.exe
4440	uinst.exe
4552	Au_.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4552	4440	uinst.exe	101
PID 4440 wrote to memory of 4552	4440	uinst.exe	101
PID 4440 wrote to memory of 4552	4440	uinst.exe	101
PID 3528 wrote to memory of 4496	3528	msedge.exe	107
PID 3528 wrote to memory of 4496	3528	msedge.exe	107
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 2976	3528	msedge.exe	110
PID 3528 wrote to memory of 3988	3528	msedge.exe	108
PID 3528 wrote to memory of 3988	3528	msedge.exe	108
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109
PID 3528 wrote to memory of 1456	3528	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\setup_rc55.exe
"C:\Users\Admin\AppData\Local\Temp\setup_rc55.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
PID:4756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2896

C:\Program Files\Magic TXD\magictxd.exe
"C:\Program Files\Magic TXD\magictxd.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Program Files\Magic TXD\uinst.exe
"C:\Program Files\Magic TXD\uinst.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Program Files\Magic TXD\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff718c46f8,0x7fff718c4708,0x7fff718c4718
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8304 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,17698803164845629444,11060600926995887521,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8552 /prefetch:8
  2⤵
  PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Magic TXD\PVRTexLib.dll

Filesize
2.7MB

MD5
4a75bbba7679cf5e08f28baea39f9356

SHA1
13f7e5c0caba055b61d028c1118fb932acf3c36a

SHA256
df7d5b0f1094b8d0bd7d81e9cd235ff029cdc943797eb91909ae0608c5c00ec7

SHA512
191c8b4f768e5454aa0c645806c3f418ca351661bb9f68c193dd60d38caa81f531935c1d7f61d807405191e0c4e6850a0d1247c0d00c0674dda9346a13a21032

Download Submit
C:\Program Files\Magic TXD\PVRTexLib.dll

Filesize
2.7MB

MD5
4a75bbba7679cf5e08f28baea39f9356

SHA1
13f7e5c0caba055b61d028c1118fb932acf3c36a

SHA256
df7d5b0f1094b8d0bd7d81e9cd235ff029cdc943797eb91909ae0608c5c00ec7

SHA512
191c8b4f768e5454aa0c645806c3f418ca351661bb9f68c193dd60d38caa81f531935c1d7f61d807405191e0c4e6850a0d1247c0d00c0674dda9346a13a21032

Download Submit
C:\Program Files\Magic TXD\data\versionsets.dat

Filesize
2KB

MD5
b022e53c35277f7456cfaed28e0d74d9

SHA1
76ec9880606f1e4982eea6bb8d9e9b26afaabd3b

SHA256
30a3cf3a443258d024d9a591ea40bc3fea712dddd1a99e5c3e539606a4b2beb9

SHA512
8a79424b0271e2308e2a0406a78d690f3e88168cbc559603787ab407f924d961ad73154e97b1e3330b3576ea0ec132069e1f643608fccc60f3ba88c8af8c0331

Download Submit
C:\Program Files\Magic TXD\formats_x64\a8.magf

Filesize
87KB

MD5
d07a3d518d4c4785b52010aacd956611

SHA1
a5714305eea5aef929840d6cb9546990a7509402

SHA256
3a525a0d0e06c63cab06e4f1fad2488c9b2a2337b540a8b9b1bad4be240e3087

SHA512
e264e13555581b50f17476b6758ba48c8e974710550eab80da46576c8faf18a6178cca11b53da826cf3f5d750d945ffa6f1d748987d0dcd42593d092697fa3cb

Download Submit
C:\Program Files\Magic TXD\formats_x64\a8.magf

Filesize
87KB

MD5
d07a3d518d4c4785b52010aacd956611

SHA1
a5714305eea5aef929840d6cb9546990a7509402

SHA256
3a525a0d0e06c63cab06e4f1fad2488c9b2a2337b540a8b9b1bad4be240e3087

SHA512
e264e13555581b50f17476b6758ba48c8e974710550eab80da46576c8faf18a6178cca11b53da826cf3f5d750d945ffa6f1d748987d0dcd42593d092697fa3cb

Download Submit
C:\Program Files\Magic TXD\formats_x64\v8u8.magf

Filesize
87KB

MD5
24a5c24e23c63be99a18d8abbf94c14d

SHA1
02f7a78bb1f21a2cb4fe93ab26b5f1c08526fbe2

SHA256
f93c79c98d3a41d2e1d98154bcb35c8f7e49933c53abf8adeb7100e39cac01f6

SHA512
df1c4accbdcbcc60f289b8ac62d2901256635fb47865b98b5a4aa36e564644bd0731fc809155728494f913b1d080cd90131463dc373aa2088f78d74cb479d1dd

Download Submit
C:\Program Files\Magic TXD\formats_x64\v8u8.magf

Filesize
87KB

MD5
24a5c24e23c63be99a18d8abbf94c14d

SHA1
02f7a78bb1f21a2cb4fe93ab26b5f1c08526fbe2

SHA256
f93c79c98d3a41d2e1d98154bcb35c8f7e49933c53abf8adeb7100e39cac01f6

SHA512
df1c4accbdcbcc60f289b8ac62d2901256635fb47865b98b5a4aa36e564644bd0731fc809155728494f913b1d080cd90131463dc373aa2088f78d74cb479d1dd

Download Submit
C:\Program Files\Magic TXD\languages\brz.magl

Filesize
8KB

MD5
059aa45241927cc1da26fb7b2d6fab86

SHA1
0ddcc044115eeec70f662264a094ee941b438e77

SHA256
0638df987608d8150dae0a7dfe76b1fa2a911ff7ea831aa28bd611995e4e6be3

SHA512
a733c1acf86a24283371b653da42f214a804518476162c28585309f34cb521561cdfdc5b390722609f62008058a9b26374352dd9a0c66b5059adab73d3b04a8f

Download Submit
C:\Program Files\Magic TXD\languages\cro.magl

Filesize
16KB

MD5
51006b1aa095142bdba108d3d47ebebd

SHA1
77ae7b1ba13dbf607720335dd790368d22267300

SHA256
5e64c0f6de146820a998ddadee25119249436ae30e541cd654edd281aef7f19b

SHA512
66a96c7a8bb970ca44a877d276ad63dc4c02d050cf29bc4dac916ac16924b9d08109adef0ecb2b4e27da20e47a147b00c3e5b27d957bf060421cad51d5e9f4e0

Download Submit
C:\Program Files\Magic TXD\languages\de.magl

Filesize
8KB

MD5
a8281e072360fe656e523f70ed53a447

SHA1
204a8785b574ef5b5040404181e03cdbc3e39758

SHA256
6c4a2b4fad477c7f4ee84a8c7f942ca60e01e47875ab98514e89720ac1bcddf8

SHA512
3a0993a2e0355dcd6a8c6f2a718d6668d8c572dce8eb661d95f3429658a3d628fbf8d518c2b71ada916fcf5baedd78f7e0205863d5f27c404eac4a88b0c2bb9b

Download Submit
C:\Program Files\Magic TXD\languages\eng.magl

Filesize
7KB

MD5
3ef0cd60043b5388ca87c3ad403d7d62

SHA1
b6578adce148af2e063ddbdf47db58a0b6ca7a80

SHA256
e9aa08f1e4845882b744a5e6311249d42dfa53be43a247ebbddf909061ce01f8

SHA512
324d23b610e078c6d31c0d51624054c7b72525834bd1ec93468ef0e13a6892f79efee084f0abc67ebd1331eb048f4b6a9b764fc9ec0db9934be138e57c373454

Download Submit
C:\Program Files\Magic TXD\languages\it.magl

Filesize
8KB

MD5
01c0b53d3a3bdeafc68383c74ee3194c

SHA1
cf5a744cd0344184d0a599f06612bd912762e25f

SHA256
19a82f84f9c677f621f3eeca652e37ad2c72ce6323a0a79c31f1b87199cc67bc

SHA512
a04c6ec72eb70175ac7431f7ad219fca65ddcf6cc0b9179473f1b570dfcf42972bb8a20b53af243bdff06bd4f4d3ddf19f8a395806dd670383d63fda9ce5e04c

Download Submit
C:\Program Files\Magic TXD\languages\rus.magl

Filesize
11KB

MD5
7196353586da6ac90d63b9d83cef7ab2

SHA1
671624b44c2696f594f86c08719849e6ac6bd790

SHA256
16976ca1f7fc38ef20055dd6613d115eeb5d55a8a2a7c8396485f3e071cfca07

SHA512
fbfa181eaa7100436acfd2c6d28be21dcf6d17867e937a99a554e792ece265e76cecb0aaf1353bd943f5c7529770be345eaf154b571edb8d2d59395d31b2e385

Download Submit
C:\Program Files\Magic TXD\languages\spn.magl

Filesize
8KB

MD5
caa5bb5c4cccdc69b22d52e6e59251f5

SHA1
77b5e2b8381718fd176360ec7afef5a6afdac740

SHA256
8cfe2a646c0535af2d5449ed119c0546f41a92a46978af1df43e47f035c3267d

SHA512
38a410b0cdd0da271c45c13d149765a3c92894477ba75afa6ff00f1ce0fc723cc6b9cbba8182668d4cbc7f61cdca6ceefa68e97634ae2ed7338e69fd6f75f782

Download Submit
C:\Program Files\Magic TXD\languages\ukr.magl

Filesize
11KB

MD5
37945d8c948085415e6a7eccb04ca03e

SHA1
c27954117621e9dc099f2dd8220918588606b8e7

SHA256
734d9d0b8507614cd07447f35b4d62aff470a239ecb8bbe8b9910bd55c3d86f6

SHA512
cac34a7c93920a035e19a2b22eed1e1df4649549e1c2ea1c287572ea76bbe6c3a96ad66df0c0db5f70a65c3abe2afc25f447d28df0ac2efc398747b581cd4428

Download Submit
C:\Program Files\Magic TXD\magictxd.exe

Filesize
22.0MB

MD5
306a62470e45b69e2c7e254b20479160

SHA1
62abd7e5d74203cf4818b6bd2da62496134413b4

SHA256
48519764d375e48cba8b940933996c434f357adb6db0b32eb1f57c13bd337752

SHA512
fa1ca3cbd38dc6f6dcb01e17caf43d5811df83865899b2596245d4eff04fb0d0f4cb95959be453b3ca4527f60306cc13579289fe23181162a91fdbc3e598f989

Download Submit
C:\Program Files\Magic TXD\magictxd.exe

Filesize
22.0MB

MD5
306a62470e45b69e2c7e254b20479160

SHA1
62abd7e5d74203cf4818b6bd2da62496134413b4

SHA256
48519764d375e48cba8b940933996c434f357adb6db0b32eb1f57c13bd337752

SHA512
fa1ca3cbd38dc6f6dcb01e17caf43d5811df83865899b2596245d4eff04fb0d0f4cb95959be453b3ca4527f60306cc13579289fe23181162a91fdbc3e598f989

Download Submit
C:\Program Files\Magic TXD\resources\about\amdlogo.png

Filesize
17KB

MD5
d18b46e87f08f937919d1554cbc31116

SHA1
932dda00e7c73ce94389645ef9179679e57f6efd

SHA256
b618dd7ae4577a2bcd6d4181d670cb7a99a8fd84263e2133284fef56f7651f2b

SHA512
cbd60cff0ce08d3b7ee15b426f31a7f97d165de2df919edbf022ef3e444c44cc017865e0504cc5d278f736cc19dae3c7892c599a794e9d72f30e6d71e92246b8

Download Submit
C:\Program Files\Magic TXD\resources\about\pngquantlogo.png

Filesize
17KB

MD5
513b8cffe0f13bb03d7c5837137bbdb5

SHA1
3f8fe4302d3d1fddc48f299943e37692c6249cbd

SHA256
e54a4b88a02e3a14181f2931f4f4c7a86f4a0fd29ad5f78ef7313aa29c064913

SHA512
b4433f3de8bfb3a632fbf2d4c4437fbe80e64ebfcb37208a1fc451a99675ada38edee099e9730f3e8f4ebcb2424c9b745bd5b0538161b1eadcf76a26856ccebe

Download Submit
C:\Program Files\Magic TXD\resources\about\powervrlogo.png

Filesize
18KB

MD5
6d185b37e28e5ceb2459fd07b5db939d

SHA1
12d045f46dadb3b0e1072ce90240b584886a102d

SHA256
9a5c9a5d99d69015913e1bb776236cbfb2f40159ad2aff35d65518ddb7b54608

SHA512
98ab79f7ceaf3b0b498bd1247fb6674f8b833d3d0919d9bd59a53d23d8a9466d6d7412c330be7e1add34b79c065c685155a63c5ef66358f9d7285b5c1ee1ffab

Download Submit
C:\Program Files\Magic TXD\resources\about\ps2logo.png

Filesize
17KB

MD5
b426d6e19365ef90adadee97837ff732

SHA1
9dc90a91338539087ff2a1f5bf923179c7ba68b6

SHA256
eb37899a40f8f1291f681bda19377e4f62844306afb6d3230d2e3a94eaee0851

SHA512
80e1868660b4ad5422615228be91da3d9a031cbcae447523278eefd31cc1613ddd0472896622a75aee3e3206b435ab3413f8fdee6001376ed7528038e5f5a09a

Download Submit
C:\Program Files\Magic TXD\resources\about\qtlogo.png

Filesize
19KB

MD5
13c01c1b7facfbc434a33cb2984b647d

SHA1
9418ba6cdecc09cbc3f3d2f98fb3ded99257c4a5

SHA256
32011b274b70a0a30a58469ce7ba4d9bd7f44a2f4a409dcfc46b4b3b7748e5e2

SHA512
5f4dfb112eb04a45e0017ef42e690df574812877fddcbbcd334d5f5b308b5c5355f1c9a9332ee8af351972054148b77700e341ea7f0c467873361efc807e9395

Download Submit
C:\Program Files\Magic TXD\resources\about\renderwarelogo.png

Filesize
18KB

MD5
4b0d2fcb8ec4e3b85674980239499aae

SHA1
0ef344fa5a2f27bc00c4d6970b58001b842044be

SHA256
e4345c5d45c4ed228f2ad5b24155785771bb0740cfade1b3092b1d68eab742b0

SHA512
2f1d613ec3cc1965515815290d399671a21d8612717585b0d70fb134098ebf5513e57feb11af2ac6e035bcf22d5f1583dc51e3024c3d9b920d630421f47fa827

Download Submit
C:\Program Files\Magic TXD\resources\about\squishlogo.png

Filesize
17KB

MD5
c9717dc3e2bc50a01991b2e986d2d750

SHA1
e114cc3884150acc66aa0398426f6cf6cfbb6fa6

SHA256
bc91992e1c9043909fc49685e45f56a3cee7b7aee49eee7cac2e1d29331738f5

SHA512
69ee2c19d0403faac93bce722aab1f8fb7ea3765dfb958dafe1c0ff4a37c2b81deb049145caf4c3bea75d20829a4d6ef734d4fa51eac004e5e5622ca8d0bbd8a

Download Submit
C:\Program Files\Magic TXD\resources\about\xboxlogo.png

Filesize
16KB

MD5
79f19a026bb62093032d9ac806acad3e

SHA1
6d477d12455fdddf5af630d2852707b869efc80d

SHA256
ade69c29becd2c6dd073bc96d5c151f95ded2d9b8bfdb63ca336786ca1c20895

SHA512
e91bd070d7a16cad1d082b11c0fd6a2c90d86eafeda4913cd0aad59a77a446862a61b4b1e083b0f46fca98c85ab3472271d0be1a2667e7f374ea32ef7f3b6d77

Download Submit
C:\Program Files\Magic TXD\resources\dark.shell

Filesize
8KB

MD5
45d0226a74289256074407bffa924a74

SHA1
0bd82afe39102b0b28f09a9f114fbdc4ea9df766

SHA256
9bf193d099fc71b51641fcb615c8e65c321cc5b26667d8dd02d7a3981b2e09d3

SHA512
7a731bbecf3f927113dd7ecf9cef6871c01f654917c6a09c9b13e6f1381ee11705b12c6544a5a07f74cb48f49f66d290ad4c48f74aeb1a549be74cdd1c6dc002

Download Submit
C:\Program Files\Magic TXD\resources\dark\check.png

Filesize
17KB

MD5
e5dcdcb9edeaad093545f6769dede99b

SHA1
473041a353a1a17cccfd03bd6d72a45a90d9a157

SHA256
54c860b0d91e9a0040585f77e7eef7985286d02c899e6a97b6c7966e6b6b429a

SHA512
238332d20f06b4a4426d16552dc738a3b50927f32666f0bc974ec47e15d2dda58aa5118e69f281a89d2d7df633aa4d6b677d3837ea4b86bc1abd1348fdf6abc8

Download Submit
C:\Program Files\Magic TXD\resources\dark\check_checked.png

Filesize
17KB

MD5
ec36db5914e3ad55b996882aa513720c

SHA1
eda5e31d93ea522c1649a65a74290ed2eb010232

SHA256
ca20cb56bab580ebeaf51015c2898301a38d705df2fa05c59311c73e4fb42b37

SHA512
418a86f2b6859ec56755ab330fff0a5a7903886a058a4adcb50a979d3d49c92e418e35bacf92e734b7475e2cb2415e7f4c6efe2d308d1d4828cfe55e4d00f092

Download Submit
C:\Program Files\Magic TXD\resources\dark\check_checked_hover.png

Filesize
17KB

MD5
33e383f747fe10891f0b323c9c5ef0eb

SHA1
a0c395195fc275ab70842b2954cb27181b612956

SHA256
ebc2bfe775a553f1825b22501319d2dd8c20129770957e4fa1849a6081d241c1

SHA512
5a2e80ea5beb4ed961220b3aee64489fc8dfc123de036efeab99248b8c2c646cca4066ba47791574e075208931fb586d711d0ee237839ef94f47f32dc8ff6257

Download Submit
C:\Program Files\Magic TXD\resources\dark\check_hover.png

Filesize
17KB

MD5
208256c0fcaf4a125cde7fe3505cc780

SHA1
db86a563f0270a6be777cc9b5cf9badcb603757a

SHA256
ef25c7fab77ff5b295569198ed38b13d083fdf329d276062c3b1b854514194f9

SHA512
103ba8945fbb98cae76f5ceadd1b1ca19978c63e78fb99975e6c0acd632521e0af645e573b6809958b9a5a90fb0521ff9285936bb2adc4667e1ed6873b5d6514

Download Submit
C:\Program Files\Magic TXD\resources\dark\downarrow.png

Filesize
17KB

MD5
0422f19716874b3bafcf122d3cbb4413

SHA1
1989772226de07805d2418ba619088bf9199206a

SHA256
e09e4e9f762fa5dbe79d034106c7a2dcb0869099318eae48ad3ce6a051f8f46e

SHA512
52d4e2fa0243eedc144130f4893da46f891fb6c2ef3c2b8321382050e42fa960dd86f707445c5c38f3583f24e65f46f6fea81a85cf0a5100d8c2bb1cb2664488

Download Submit
C:\Program Files\Magic TXD\resources\dark\radio.png

Filesize
17KB

MD5
b66a683ea5c2f4e186c3dccd26c0f6df

SHA1
0b9713b1343246a59d69f907e31c2c693cdb2223

SHA256
5bc22601199dd9104dd45c0a3b9710abd18593dbe7a24d23a0d528ba4b9a00b7

SHA512
74551188eb601d17a77e16dd1c5d0df0106b282f02fc85dddd5395d11c2f460be182da267aa75b903feb28440ed3365050bf5480082e2f4f1cf98edb573a00dc

Download Submit
C:\Program Files\Magic TXD\resources\dark\radio_checked.png

Filesize
17KB

MD5
0abc7f4ce97a9fb066429f327812c113

SHA1
402e80419ed85b3dfa1bde990a392f79b13ff99a

SHA256
5eca6a01ec8c31e146decf749ed4bd56a3b3aea8845cb34690a8e19869568ca9

SHA512
2e9b0dfb9b9e044272030317783e1b2cf482c119bd91652d3323f9a1574c2370cb80cc09f076eefe523ccfe372681330141b0799751cdb68ed0a7a8f001817f5

Download Submit
C:\Program Files\Magic TXD\resources\dark\radio_checked_hover.png

Filesize
17KB

MD5
1e851df9473e98d9f6bc1a559a8918ea

SHA1
22f6baa780190093c4b05f25968f673ed765aeef

SHA256
3c23d49a02618013ffb0b325c3783b3cbd8891a6b2d38c62c1aaa3f2f675b632

SHA512
111840c6ec3964461f074d0afae96ac29a561e639c94f9198d42ceee0df46f254c0b638ee8a03750a5559572bdcf165863462a651348da8c25a33e238450721e

Download Submit
C:\Program Files\Magic TXD\resources\dark\radio_hover.png

Filesize
17KB

MD5
dae17debf21a83b418cc42462b789950

SHA1
55008746bdf13400f2fc6fb630a4e9def7ae6811

SHA256
47adda44db7c3c134b029b1fa4b77f1a9200074eedb0f61d14af29eb783d1222

SHA512
28d3f28e50cb5627fce0de8a5f8f9f40e6a592b123b4191f81737929783de4e9b0ef771183fe6b0a52886bd5324e652d94ac6365dacbd8797bdd4b1d26de6705

Download Submit
C:\Program Files\Magic TXD\resources\dark\stars.gif

Filesize
2KB

MD5
ca338e40b900882002daa2607093144a

SHA1
d9dae7bae75c4ca8521e86296d73fe50ed6832ee

SHA256
dac04d6f2ec061d8e8d771fe7d7c0e63b32628237c529c9c745df70b0f433009

SHA512
5f184f25b7fd8aea66740f742a04687e4d424d9a8007d71873ed5f57468170f17577bbae80407d9a9dea3e6540020a88a38525aea36794c701c4baf310d4aeb1

Download Submit
C:\Program Files\Magic TXD\resources\dark\stars2.gif

Filesize
29KB

MD5
38ae0fe99904724a45ab4b4ba6492d6a

SHA1
7e59590cf01446ff1b93d98aeebe8b5720eb8128

SHA256
623fdd9906ff290cb3a62269a11705a9d5bf3bddef523054c93c37a97601690d

SHA512
03458d424a3f76a64c9a130669921b08430dc9328707d0e2b893774c6edb8fff9d4f21f110041b6dfc15d24dbf4b9acb286c09f69cac03e635db988f6d7f0ee2

Download Submit
C:\Program Files\Magic TXD\resources\error.png

Filesize
16KB

MD5
338c39d1ece74ddb57a7a01e22ed5067

SHA1
f6ae64265efea672d70e766fe62444236a2db8fb

SHA256
32e09004a2360f5c38b82f272b7af8df0d809914212e56e248fdad652c04af3e

SHA512
c010f295c426e98a57c0e18a47f585683b4a37092307f1873bf37935ce4f2c2379428b58e642671bf4b198a297b930259302aa9c7e64d4f85f7e88797be5cdeb

Download Submit
C:\Program Files\Magic TXD\resources\icons\README.md

Filesize
43B

MD5
8a8ec2c44ab41b334a5f425c04ef1c62

SHA1
03d0ffcee521f26bcfe6cf0dbb506620d772ac24

SHA256
dcfe301906a72aa3ffb1a3198340685a39523a41230786a8cca507b5d55ad0b7

SHA512
a8948ff04dad44a119ba483c34bea295daef45019704e886d8d7e591358863a3f3a93253ab6e21788288a3ac010d5079749b51fdc52a71ddcaf77c08b3608df2

Download Submit
C:\Program Files\Magic TXD\resources\icons\bully.png

Filesize
18KB

MD5
c3f2f6c71611193dd5ccd16064229812

SHA1
ba2c236802c61487e7291a5303e14d78da17b2c3

SHA256
a8d3e6a0d16c8ff46e0cdc5f89bf5009a3727c0757fce61fbf84bde05b169585

SHA512
213bc92ebeb350f111b671a117a9049c0a907c01cfa6158268c658d9e8d2331a91c2146f10a11021b0e0295fd1935b63bdacb49374e5e30cc8846a4b3ac7e7c0

Download Submit
C:\Program Files\Magic TXD\resources\icons\gamecube.png

Filesize
2KB

MD5
f582351adb9fc3c7e42dd6b59bb27a9a

SHA1
a355c404b683906aee0f817205436738f4b8a4d9

SHA256
76577491cd89d8a318e3f872e004ec0093a0f88c9a17a88bf434fbbb59836c26

SHA512
5eed3eca3eea73d40293cd6f8349ed0f5223319d5fc5c4e03403d24e05ed1eac1c8d5f74c481c8b3d0e0090574db57b86753f2bae08942dfa705bb5b9b7df700

Download Submit
C:\Program Files\Magic TXD\resources\icons\gta3.png

Filesize
18KB

MD5
809e184cbfefa21f3a162ddc891c1c42

SHA1
82d063b5a29f839ab7a11ee54c2e1520b0387c5c

SHA256
d9b025fb1b0a201cbb987f36b4bcc20917cf32f550d2bdd911d5319219862968

SHA512
9196d8624ff96ad0e440a663768164f35f327aee96fb80c4c22f2de90f0c31adb293412e2acca7d29785d6bf44c46761ed6090d48faf82734a08690c6e54ef31

Download Submit
C:\Program Files\Magic TXD\resources\icons\lcs.png

Filesize
1KB

MD5
999a15f440db00c2ae961d0ca32f376c

SHA1
6f547f8d7e8eb79184d3ba08685e28197c57a1e7

SHA256
4a025274c7106e6e729f06ce1b09afea7721d66c0b73d32edfece7eaced7d78e

SHA512
70a657a1b13e7ab2dacde618c92a03b8df53b7e7c5fb61ccf5ae00aaa9cf7857c1995809c1200fc30ca5da82850d0b717b206a11e992eee146e9cb1afd11d879

Download Submit
C:\Program Files\Magic TXD\resources\icons\mh.png

Filesize
18KB

MD5
d33ee4026c66c4b39aa0438dc0153294

SHA1
3c41749a0599df40120b82bf0f017166502eeaf2

SHA256
af18da22d92113e6498ca09dd6bcc435cb26b4a3af449cb2885730ea2217ff5c

SHA512
4cd469a946d92f33d907d6155e4ee769df85d90b9585efdba066a7a1fd802abf9c8584bc24134aabc0680d5d83600f6ba92d077f8c25ecf77c002281ffc96588

Download Submit
C:\Program Files\Magic TXD\resources\icons\mh2.png

Filesize
18KB

MD5
39895139798b6b96da2fc8be9c8ee6e4

SHA1
87b2b670fe15accf2ca9d5a75aff4cf8a842f915

SHA256
fe8ba929b8140e0300a674e7c289d795e0e1b156c60e06b37ff9745b3080a515

SHA512
99ca8e7e3e742620f187f234b4e41547a7d780e1f8321008fa60a8af40ff55685d87e3c58920fd4eeba10b2bdc305ada1e1b4c86c1f105512e6427f55cf0e5c3

Download Submit
C:\Program Files\Magic TXD\resources\icons\mobile.png

Filesize
500B

MD5
4bf23b469acf1931af057452b6edd783

SHA1
c482871fb77ea0be01acefa3c7bb79ea4fa5ba97

SHA256
caa7d812a706badcff2eb126854c6c7bd1f65c866bdf100ff6052c7c97841813

SHA512
b6354b735c46879b11bd05328be538b48a86a921740d6509c5884bae585373aa50407afc11bf12c6fb916d85c1a8f0add8df82ece79a89ddf10b44dddb19ed60

Download Submit
C:\Program Files\Magic TXD\resources\icons\pc.png

Filesize
960B

MD5
884430168d69416e606359fba4759a22

SHA1
ec78a3f7c43c07e2026f6476b25c9db080495f01

SHA256
66052f617b47e6adbf99b12fbf6a4e901c55ee0ccead3daad7a8f087dd87ce77

SHA512
f2309a645884d076ea1da59f7d1b5a61de260bf9b1f33657f61f697f0041a2405bacae00b57d08456dfbdba090c1e7a16976c07acc21e00d7dde6baa6796bac7

Download Submit
C:\Program Files\Magic TXD\resources\icons\ps2.png

Filesize
822B

MD5
bbd218b19b058c6fa80bb15912ca6ee1

SHA1
60d218a72fb33cf07acd76e6b6c61f6075cb56ee

SHA256
476afbf3c16c95d41558c3f0b6d0adf3e144a29ece74e2a210f201efc629abcb

SHA512
c892a103ff76a2c11a35b9d1416ec1192d0329129faa09af25760ddeb1b75896c902350443474106dc50a06ef8b4b02e532b481b0ffb20ed7d0910c2b970335c

Download Submit
C:\Program Files\Magic TXD\resources\icons\psp.png

Filesize
2KB

MD5
6c13055c7a00df9e29a9b62b0cdd8082

SHA1
e39a867d1786b457108923ef8297378007a1a4dd

SHA256
623db790ec3a7b45442793caeb84adc53ad2e89c579bb568263f9ee12176717e

SHA512
af9265448dd96bf8bc1762d2714a76f2db93f0b8cc124aa5073ea2e5c4c0e03781e0600beedcc219268a33a3e6b154eda52fb8c58166037b68ed031b6e8a12f0

Download Submit
C:\Program Files\Magic TXD\resources\icons\sa.png

Filesize
19KB

MD5
97f6e8046d5fd23e3dfdae26124eebfb

SHA1
42a839d9a62126566ad5c15fec078f198141663f

SHA256
5b26fadcbc058573bf03fea4b1795cea21eac0668248a9beab55cf59fcad1c2e

SHA512
740739d031bbf46e0ff8f0746315b2550b07a8c4948bdabc28750e6ae0446463d71cf5f37c37947224da1885bce3687c61307291b0cca60360105cbf187f40eb

Download Submit
C:\Program Files\Magic TXD\resources\icons\stars.png

Filesize
20KB

MD5
d62e86fe3163567001c8a1104b608466

SHA1
d6dd7fdede9cc005a2730d13154c56aefcb4849d

SHA256
5278521979cebda7f861d1e7a83ca72aae3b101166252b5e3ae8050ac21f4af7

SHA512
435879a62bb230e803283694917c22bfc787d560b8fd8609876a446915e75c2b24035740236c1470fe30a0ec613ddce3b3ed8f863faf3744e32ff66a76e0f594

Download Submit
C:\Program Files\Magic TXD\resources\icons\vc.png

Filesize
18KB

MD5
edee90b4b16984e65d61f0c1ed28045a

SHA1
b58fffbbe750170042072d709e2358332240c802

SHA256
f5836733796d7d38b2dc8e9aaee943fc9a295ccf49f3a7a7a304b95810bfe5e2

SHA512
913c7d3c3d4eab0d52c78fa3a9648ae4dd0879ea21f38c9d553b90ffc03cde74159552d263afab23581c5b24006fcf2811f65d38b6cb0450f3db25240a85c8b6

Download Submit
C:\Program Files\Magic TXD\resources\info.png

Filesize
17KB

MD5
be2b1b051cc1ac7799292929cc9eee94

SHA1
cc611cb541136c5bf156fd8bc3197ef512c1672e

SHA256
253b772ddb755a6914291b74d21fbda00f11ab8b432c8e05bb499cc37d072a36

SHA512
5c13e1c22a4f5e7ee93d63d9f914f7361e5bea5b2f298be01a7ab36741297a2388721a236c2f5a3f40c113ed5e646ce1df4f4164bc022504d8146ca64cc69748

Download Submit
C:\Program Files\Magic TXD\resources\warning.png

Filesize
3KB

MD5
fff9a8d03553120e40f28eb6c9fe6a4b

SHA1
d48bc7632957d3651c08d26e4049597a8f6b2895

SHA256
2eb0f2dfc0a4256261d7ef2113e0aca7d9f4edca4a5e4843b36c2c9e901f7aab

SHA512
5279e56935d57c70260b9c752187ea4db0baed9c58d12397968ad7d04c6ba3d3c01cec041fbd2135e3b5e07061b6b69917aeafcd66fdfc173e703facf4be7ede

Download Submit
C:\Program Files\Magic TXD\uinst.exe

Filesize
154KB

MD5
3a8a50179b86b11bfae07c214b70c830

SHA1
8f91e86091e79ebf769df87ee0ed54bd12aea58c

SHA256
66b9e8de315fe6983f0ee45869a8621f83c77f314f3d202c96ad655a61f60f48

SHA512
9abc89a8640744e9aabd6234c6b22cbc52832e28c89ff828327de797c0c0785acea0cf9c81f41c2e925065b03b7f1d29ab2e7707f7d5512e3fce3eb9609f91eb

Download Submit
C:\Program Files\Magic TXD\uinst.exe

Filesize
154KB

MD5
3a8a50179b86b11bfae07c214b70c830

SHA1
8f91e86091e79ebf769df87ee0ed54bd12aea58c

SHA256
66b9e8de315fe6983f0ee45869a8621f83c77f314f3d202c96ad655a61f60f48

SHA512
9abc89a8640744e9aabd6234c6b22cbc52832e28c89ff828327de797c0c0785acea0cf9c81f41c2e925065b03b7f1d29ab2e7707f7d5512e3fce3eb9609f91eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
37827eaa31e2d90180f41238563bafd1

SHA1
c2e613718a01a0e6d74b54f0cdc59ed6d6af8f88

SHA256
ecd682c1018a9bde3dec5738ae76fe2c2c8bfaaea850a343f45b6c72e7504686

SHA512
9973f4ff7dd9a5b43fcd9f7a559ae0b469ab7316cecf1f8c3339f06028df26abe9d8c09744e955fb236b7f315a1971ea8f0d7fa75230e177e0ac14607409744c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
94ff9b2bc48a1b667b21e35717748c3f

SHA1
a4f38ab035239efa7266534cb0bf07861f644a6e

SHA256
f12d3246ce9c64041168f88c2787a3973cecb461760a20c553682f5ce8884cba

SHA512
28599c703465926a547e7e56b692763d1d43ddf45432fa9307be94581c5b115d82c2f1c810e1b7c0fb70d2b8788b6e440b8606854a3ff6a269335d7a23fa4c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
c233aebe14515a903e198f8905635a4a

SHA1
bcc1b003ab4a88bc93fba3af1fde8f7df56b6cbd

SHA256
6a230334d9316131997dd409d295420c75dfb5e85430ee53911ea8906383d466

SHA512
e3114d8af260f302270585437fa798ce9b552ba006f4943a31757ca7877b605ff055e16d8c1636a014a9ee319726bdd8b041f3fe208642aac528e37d637d3b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3055dc565d9d3ceafd782cad94b78ba2

SHA1
be45072254180cff1e601e6014d7c8432161a9cf

SHA256
ecca455b1ae996e633fa07344655bea8373ff247fc977dbfc1ddfda9da6971a2

SHA512
86bd79bb29ddadf5fa709361ebb462d2eb3687dd158e3aa21aecca0e51bd57d35c5c1fd0a6b2fe825d26b8227b163cd35f5c3e58be89e82a57c37e76995a49b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c87523b1d5077a408e3427d436f701c0

SHA1
364cb78878a8c9d736c70d064b79435f0c1465c5

SHA256
52030e4355e569dd157d90535b867bba0de84193c50df28a8cd83905a6d50d7a

SHA512
6c1bc0d142515eca68f811981b2112ead2c1ced914d9890fbff6d66093df17dc1b62c6a9ecc283b79b2de81e2a37eda56fcbfc08921ded05a8ad4e41eaae3c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6173cd6713d3487072e129164072a687

SHA1
3ad6bb2e66e614958ba31e0f43edb50b55e1ecf7

SHA256
cdb62589a9d357bc187e9d818cd854461068536dde9f201f2a2e6637a4d86ba6

SHA512
4d5d4b2cfd671b42d2581e4c092dca895a46811989554cf0a68acbf65d9ddc7d5faf3facb7e42f030528d013a091b558d3ec629092e485c4d74a7aa55764bf4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f5388932e4bfafd4d2bec467e39d2b2f

SHA1
5bcebc0078ffddd696030d5e8856519c342190e1

SHA256
74e81b8d74f768db29a972144133e882280017fc7551009a4e333b2e4d6ac69a

SHA512
12728ef5366ce34293957d32e574124a2af9df41dbca2b2d5101db5096e34ab067ff3f1424bcce82490a7b2363508eb847f15f6678ca7bf5d76c07455b27fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e4f69890d76c716dc6365f6dc639a088

SHA1
4eee0576f72c7bc50e80ef687163ff6e6c1ac740

SHA256
31ad7d1f84daa41e33bc94ff6286e7c84242b5952212b233b19d93226c726ca9

SHA512
dc5e7d79f0349c23202d87bd3e2019db28665d1e4e1cc4301e33cdd784ce6d1ed66566ef3b6bfbef9b55e93c7c3137399c5623ff00c59849857802af63ceb107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
76f77afe87b83106da45021ff444e576

SHA1
a3e962b672cc9c3bb9bd813a9ecb15d6175e13e6

SHA256
1b5dcdb7a617890d042a3d403406d8d7ea9802ed8aa1798b4f6d9218cbbdac31

SHA512
c3aea0aca2e389245de09c04762541701c51579b830a782866b8b910694cf75a1daec288ee35b76bf36ab219983382eb810e2403ea66137fd8287b70036cd4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c645f.TMP

Filesize
48B

MD5
6bd337d6c7c84c42d5e501462fa01d0b

SHA1
c1038face3ac289dc5a9b9bc625ebceb2291d6e5

SHA256
0ec708797b26252c47a77cb176715a0bc9315a98aedb73e6d544a976d247c569

SHA512
882ca10a1f2f2998263fac6c4e237740dc283184cca482495d47d0e5d35a37ee371fc1c83db082406e850d519e55f417de0ca7abc42072fb2c1150f58e6c0cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c56c083ac4f13e721076ccc8ca57381

SHA1
d679f978ba50dd7c789ed91c4cdf809c9b48e214

SHA256
33c5274006b9524fc95055d695ab50878f5047f16764bce4cfc4d4574ac402a4

SHA512
621a7cea37cbedf9d6fe55356e9721018836ea0c2c33dd3bce6d409c75c4e0dabe30da95569988d7cfba3f658347b335af9055664bccadcebe95f242c878a378

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5E25.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5E25.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5E25.tmp\UserInfo.dll

Filesize
4KB

MD5
fd2abecc1b1356c94a4ddcaa8836d515

SHA1
764f9513c84d370f0a4148cb946062ec075600ee

SHA256
021d490fd8a63b16d8fcfebd8002f52d7049e8dcb798db317b2d48ade6b13135

SHA512
3e87ed40bb589ff5aae41ec409624df4af53dbdcac218ff3965a9d15168db56ae3c289d6cd59f4e16acaf4044efee033b1cc9e0b8415acac388b1e031bb3fc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg5E25.tmp\UserInfo.dll

Filesize
4KB

MD5
fd2abecc1b1356c94a4ddcaa8836d515

SHA1
764f9513c84d370f0a4148cb946062ec075600ee

SHA256
021d490fd8a63b16d8fcfebd8002f52d7049e8dcb798db317b2d48ade6b13135

SHA512
3e87ed40bb589ff5aae41ec409624df4af53dbdcac218ff3965a9d15168db56ae3c289d6cd59f4e16acaf4044efee033b1cc9e0b8415acac388b1e031bb3fc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8492.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8492.tmp\UserInfo.dll

Filesize
4KB

MD5
fd2abecc1b1356c94a4ddcaa8836d515

SHA1
764f9513c84d370f0a4148cb946062ec075600ee

SHA256
021d490fd8a63b16d8fcfebd8002f52d7049e8dcb798db317b2d48ade6b13135

SHA512
3e87ed40bb589ff5aae41ec409624df4af53dbdcac218ff3965a9d15168db56ae3c289d6cd59f4e16acaf4044efee033b1cc9e0b8415acac388b1e031bb3fc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8492.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8492.tmp\nsDialogs.dll

Filesize
9KB

MD5
904d8313031ac05e2bac3dd329828833

SHA1
6c8322f76e5c38bc24b0bcc057a510c92ec40b43

SHA256
a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4

SHA512
9d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8492.tmp\nsDialogs.dll

Filesize
9KB

MD5
904d8313031ac05e2bac3dd329828833

SHA1
6c8322f76e5c38bc24b0bcc057a510c92ec40b43

SHA256
a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4

SHA512
9d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj8492.tmp\nsDialogs.dll

Filesize
9KB

MD5
904d8313031ac05e2bac3dd329828833

SHA1
6c8322f76e5c38bc24b0bcc057a510c92ec40b43

SHA256
a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4

SHA512
9d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
154KB

MD5
3a8a50179b86b11bfae07c214b70c830

SHA1
8f91e86091e79ebf769df87ee0ed54bd12aea58c

SHA256
66b9e8de315fe6983f0ee45869a8621f83c77f314f3d202c96ad655a61f60f48

SHA512
9abc89a8640744e9aabd6234c6b22cbc52832e28c89ff828327de797c0c0785acea0cf9c81f41c2e925065b03b7f1d29ab2e7707f7d5512e3fce3eb9609f91eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
154KB

MD5
3a8a50179b86b11bfae07c214b70c830

SHA1
8f91e86091e79ebf769df87ee0ed54bd12aea58c

SHA256
66b9e8de315fe6983f0ee45869a8621f83c77f314f3d202c96ad655a61f60f48

SHA512
9abc89a8640744e9aabd6234c6b22cbc52832e28c89ff828327de797c0c0785acea0cf9c81f41c2e925065b03b7f1d29ab2e7707f7d5512e3fce3eb9609f91eb

Download Submit