bcc9b82f4b261b15c94e811e3375734b568412b81ae90e5a3ed5a823e8ba9b79

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FoxiWare W11 Support.rar
Size

682KB
MD5

6dde9d167b55c0945de83eb8b518e75d
SHA1

463dfa8f5c6dd774cc05f9ca0cbb6e3d7c981218
SHA256

bcc9b82f4b261b15c94e811e3375734b568412b81ae90e5a3ed5a823e8ba9b79
SHA512

1852d44fe1ec0db03a76f3c665f82a171cbde3a19f467254239acb214e68fec9dfdcb7db0e6acabc8505402940a4d6b907f7ef18ece0fd38571142db9a62e306
SSDEEP

12288:zq+PSawQjRvM8ZJxbYLVMUzZ+GxfamFjY/RSSjiV9dMMkc5u:eTO5YLVMUImJuRsVJkr

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2716	foxiwareW11.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586040104841591"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4512	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	4512	7zFM.exe
Token: 35	4512	7zFM.exe
Token: SeSecurityPrivilege	4512	7zFM.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4512	7zFM.exe
4512	7zFM.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 4512	4768	cmd.exe	93
PID 4768 wrote to memory of 4512	4768	cmd.exe	93
PID 3836 wrote to memory of 2580	3836	chrome.exe	107
PID 3836 wrote to memory of 2580	3836	chrome.exe	107
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 2928	3836	chrome.exe	108
PID 3836 wrote to memory of 4480	3836	chrome.exe	109
PID 3836 wrote to memory of 4480	3836	chrome.exe	109
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110
PID 3836 wrote to memory of 3532	3836	chrome.exe	110

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\FoxiWare W11 Support.rar"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FoxiWare W11 Support.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4512

C:\Users\Admin\Desktop\foxiwareW11.exe
"C:\Users\Admin\Desktop\foxiwareW11.exe"
1⤵
- Executes dropped EXE
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa053b9758,0x7ffa053b9768,0x7ffa053b9778
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4736 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1772 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1936,i,10544803569499548227,8741336898846596542,131072 /prefetch:8
  2⤵
  PID:5180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3736 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:5336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1014B

MD5
abc9dac24afb0fc97760554960dc3657

SHA1
8e91c079b7cbaff7c7c695c0e3ec7654fd5be66e

SHA256
5f775475d65ee501de6206c117ac57f620f2f490c2775c77043551f37dc195f1

SHA512
adc99fec3db626d36885c6fd86decca64332875cce3f438390e853e2ca8063c43733c7cf4014f6ed1fcd7e65bd85cb339b4b2b8ffed74c51eb3251efcf2dc10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
e4ac1a704dc8ac512ba120dbac3480e0

SHA1
7ee3e8a652ac78df288e405ddd3ddf79a0102a01

SHA256
985693b91dd8b7749ec3510061bbc98bcf24b2006e23a51218a051e041987686

SHA512
13892aa4199da32d64f634173525e2c32f690206952f13d8aa00f6af58d1a2411538d9742f5e7e04ec17b0fc96db2b97d61ee5a53ead4b1ad99ef34967800a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2404e1901efedbd1bc515795df172ed8

SHA1
26b8e2139f83da87621d9c36d32f4a2f2a0e85f1

SHA256
1e2a80340fa9a48ebe554cd172351804608b1893b17866b954d20c48de9dbdd0

SHA512
79ed5efb2193827b69e26656771e68c7521fa7227645293340574f1ab02baadaf1ade367239764097b2c8010f6eda4a5bdad56aa58bdeb5238b7c8f3eb05f1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1b2b2e95c372de70afb1d25e1f622831

SHA1
7303b28a0997f0409bf770c196b74ca628d1ac8b

SHA256
4df156e875b6c4f075d45ca63a1acae5ddac7ee33a2030515bb11c8e6dc2ff25

SHA512
738145e25b84d50d937fec018bd43781b487453a59593a5aafad090ca614fea0e429baa1bb05c9a72f97bebd70ef14d939fe62affdd82a358b3834814146e467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
01c2f7dd8128b987e637a6be6f5c534b

SHA1
a6be91676a4ef2c2fff46cfb4baa54cc544143c1

SHA256
4aea9bc183aa75bf1d2d2de6f27add3387e4a48ee3dc1912b0465374379a5aeb

SHA512
754e4ec3e9899b20dd87368dabd0e33694d30d958bfac514e3661fa74cd58800ec3f792bff788d3f63a1b1ca3c19d6ec2bc8295c821230365f29787b2477e3e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
4cb7d1ac5e9efa35258cb44daf36d584

SHA1
49e667183b25f75eda12a14823de31316c26dbe0

SHA256
d6d73caaa786ac9cc48fa2c4ae429230af745300c991a56e9d2dde88497245cb

SHA512
1cb3594306d24f04340643dc40593f9f5a6779db6eb43e0e42166c39980e9207f24d1e786ed2407bdb1db7d96564d975ed6aacf693dcbc6ee36a07439771814a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a981b87e-f86a-43c1-951f-b8bf6f7125e9.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\foxiwareW11.exe

Filesize
1.6MB

MD5
17b550ff809630eed75bd02f149fb881

SHA1
32ba526b8e17bd93381e551646edf69f241b12f5

SHA256
684456b75ff984be0b747aebfdd4f817fe83d82d9a998eefc07eaf6872a17070

SHA512
6aae3d1e9354b268bb314961ba26bee5b11e0f6298607554b3b10ef85ac4928f9fca61e2ab82eff8a6a80b2406733c013c027dcd138434729b788242219f406c

Download Submit