27cfb861e0428122c706f757af4a5a6270582eabfaa427af2df74719ed7a65f4

Analysis

max time kernel
451s
max time network
427s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Firefox Installer (1).exe
Size

363KB
MD5

6ac29cfa0d706be103a429fb8408a558
SHA1

1a0b6bbfaedf49e477ed3f3a58029759a3711d51
SHA256

27cfb861e0428122c706f757af4a5a6270582eabfaa427af2df74719ed7a65f4
SHA512

44c40ecf473a09b45a87e426d00198c730def1e41a14ce7c25f72256fe1e434bef3b5af87f373f2808fe290d3d016748b41979471212a45b44105cc33da45c74
SSDEEP

6144:8aVWdyzOxeA1DfdwX3MmIOd/3KGGvJHAkisdWWhu2pnr2VaX9sT:8MROxdDfOnMmXdSGGBgc3tnrzsT

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4936-0-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral2/memory/4936-72-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\nsiB4EA.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsiB4EB.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsiB4EA.tmp\	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsiB4EC.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsiB4ED.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsiB4EC.tmp\	setup-stub.exe

Executes dropped EXE 1 IoCs

pid	Process
3764	setup-stub.exe

Loads dropped DLL 7 IoCs

pid	Process
3764	setup-stub.exe
3764	setup-stub.exe
3764	setup-stub.exe
3764	setup-stub.exe
3764	setup-stub.exe
3764	setup-stub.exe
3764	setup-stub.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4012	3764	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Firefox Installer (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup-stub.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680473196870345"	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5356	chrome.exe
5356	chrome.exe
3152	msedge.exe
3152	msedge.exe
4004	msedge.exe
4004	msedge.exe
5840	identity_helper.exe
5840	identity_helper.exe
5592	msedge.exe
5592	msedge.exe
5344	msedge.exe
5344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeDebugPrivilege	4692	firefox.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe
Token: SeShutdownPrivilege	5356	chrome.exe
Token: SeCreatePagefilePrivilege	5356	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
5356	chrome.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3764	setup-stub.exe
3764	setup-stub.exe
4692	firefox.exe
5592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 3764	4936	Firefox Installer (1).exe	84
PID 4936 wrote to memory of 3764	4936	Firefox Installer (1).exe	84
PID 4936 wrote to memory of 3764	4936	Firefox Installer (1).exe	84
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4296 wrote to memory of 4692	4296	firefox.exe	102
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 208	4692	firefox.exe	103
PID 4692 wrote to memory of 4824	4692	firefox.exe	104
PID 4692 wrote to memory of 4824	4692	firefox.exe	104
PID 4692 wrote to memory of 4824	4692	firefox.exe	104
PID 4692 wrote to memory of 4824	4692	firefox.exe	104
PID 4692 wrote to memory of 4824	4692	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Firefox Installer (1).exe
"C:\Users\Admin\AppData\Local\Temp\Firefox Installer (1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Users\Admin\AppData\Local\Temp\7zS84359BA7\setup-stub.exe
  .\setup-stub.exe
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 2508
    3⤵
    - Program crash
    PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3764 -ip 3764
1⤵
PID:8

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1688 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13cdfbc6-4a03-4f7d-bcbb-e75c39cee09e} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" gpu
    3⤵
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cd91443-42a8-4865-9e7a-956a4d1c0982} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" socket
    3⤵
    - Checks processor information in registry
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3300 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0954a3b-77ce-4670-be52-74405c5b1371} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
    3⤵
    PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -childID 2 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7634a499-39dc-44ed-95de-6372fe64e52a} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4640 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16445692-009f-40de-b437-8669b732e66c} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" utility
    3⤵
    - Checks processor information in registry
    PID:5460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5328 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca712259-09d6-4051-a50a-2ef674f34d03} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5388 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2764e6c-f085-4d93-8bc8-2d1ab96cba39} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {606e3ae7-0469-4476-9e38-5ec067816dea} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
    3⤵
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6148 -childID 6 -isForBrowser -prefsHandle 6120 -prefMapHandle 6128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1140 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8df4f994-2293-463b-baf2-9f0d7843a8aa} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" tab
    3⤵
    PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeac88cc40,0x7ffeac88cc4c,0x7ffeac88cc58
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3696,i,4193186299657072628,7056518985067365781,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1316

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeadf746f8,0x7ffeadf74708,0x7ffeadf74718
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,18260170034392171479,5002925025933252388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\786d2b1a-0702-48f5-8740-8a6feb01676a.tmp

Filesize
194KB

MD5
2b7c0542f9a29c2a5f4a45768e2ffbdb

SHA1
afb3f51752315a1e0b5ed7a461426b4bff7c672a

SHA256
19ff1eec4913ddae76681c8832601ec4862245a57789f48a0f9f6c0047d18f17

SHA512
f5cbb28a1a9d3d23b9f9dd0dd9561f20edf193bd3ca745dec7af1598d839e13b1cb542f9c8fd2e92b2c92abbb67088e37f44d4ffedb0b2576fb32f4f6de4b9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c581931e1773e6bda36e24cadf8ccb58

SHA1
5738aeaa7e1300c24fc9caa2b705bceaa57fa13a

SHA256
451b92f907a6df479ea398fbfc6c919bf676560a510ed9044dd3cc59b9a70169

SHA512
a4b52d9a3174547198a1203fa7f6fcc4196a65e7ea85b42533e2149d8fde1338e290cd6c9e3c21466ff0dbce05f356fbb54b34f3a235131627a13c1531293dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
264B

MD5
0af52b1a8e7ec331fdfd00a9f00c7ef4

SHA1
f6d87a19c436064a2e1ac47ed1e2b24c48cabf9b

SHA256
cc792fbef5aea377e802df5d125cd2163bf3cb60cd68c7ef85e2bec66b3c4ae6

SHA512
a36438880a31c48778efae01d78c5b1cc544cbce88246f43582f274eb88e0e513aeb10bc6eafb6db25b933b73063e3f53ac00924eab10fe09c182ea8732bf322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
5dc180829a43b3fd2fe942acf76dbc46

SHA1
51b33f0eed0f8bd6517040d4cd9d869bd68d1d21

SHA256
823b00b9dd759b47bc6e23829ab9b4b88263e8dc5db7b17afb239ec983773636

SHA512
fdd04ee950d704a8e7906a835995d50ccc350eff2c3044d98816a306d3c32a76ba9f0aa34f9bc532318ec79902220fdfb01cef15fc24ef7400ddd18faa95c874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6220c377455fede75cb7527cc52b206

SHA1
fbfd67dd09575753a4f6d9ac3010374a8e454261

SHA256
f82db03c5fa3de2b44e56f6fa8d36c8e67d55d4f1eb8e7199f7453cac1a2b861

SHA512
a81ebf1cc8d585f2bed62f49719211b10b4a667ea60a3d82ae5f49f4751c66cd24c8a3dcaf54d878c5a677398fe1fd27fca6d3c563f3e8768f3566522a746ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a2ea0313674a882b4e147a091a6c9ec

SHA1
f6b31bd997631acd09c202e33bb5cdd97af69f44

SHA256
4dc0830a3ad379f0ab0eb820e11bc21aafe10b9af9dfe3fa925749b759bfed09

SHA512
6c7e42aaba245b222c53d1f6c40c58cb5a1585e1699932d2fa65baeb3acff495fac42a6995715d726f1e7cf0ab096e9fa29a038ce499b6c5238fbad406d6556f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
24da732c62d23c3d3330999daf5b2cbf

SHA1
33857156d99d83a91805ed0bd7e68710de8565c5

SHA256
8dbcb5450c054798900b3fde2e1ec76a966443068e4c2a28d1e99ea68efc5dd1

SHA512
1a2127cfbf77e50d71b03e8009cb0f4b44f78cece67f2498dd18fc4f588f8f6c19352efcff14ad62076052c1f92af893a581dfbb5c0b533572d19150b78b6204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8f7afd1c86fba59219abfc020c89f203

SHA1
4e136f46a972dbf88d16ca169aa66977972f92b1

SHA256
198ac37eb27684a90c1e634e17eaf879095c1af5757af0ea08daab2f8b033a7e

SHA512
b607d0bd4ead58fd5278c3c8f3f39564de7d54f59386eb160c3bc2d6107659579dd09838b718848b2f40f18b2e70ec5d09f129312fb8eb44f97d4c502048e40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b958c404710b23ef4830c306a1760932

SHA1
7ec39ae3b5dd7cf635fdab3f5553e87fedc7dd62

SHA256
5f94716278a3dea2eae4af7343af6c44baeb9b4ef5ebaa749ea1f476a166aa55

SHA512
1d499a14ea8972427814ddc86e5ab348c681654e781e48a0ef14218d31dce4e2369d373f90b60f38b2420236db72bc6b9b322fe75bc3942b6f524c2d8078c8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dfe1bd70ab99da54ec5577f279960fc

SHA1
ad2e53fb676b3554eaf6c12c1e17a691e5215e64

SHA256
f4dc98bfa087aca3f0db6bfafac1f1af91f4b3246e0ab6a3f188504d8514e248

SHA512
bc91def973ad904ddd7609804a86ccdb757364ed988511e2c7546318ed2fe819b257fcbed05328dff596fc69c21176b4fafb8ea1522cb1732c48fde4a545abb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2a97df7c4eb6c3b3d87fc7bfc206db6

SHA1
c568958124628ee4a3e8ddbcde44c5dce5fb0aeb

SHA256
195e7488d4e4d89695234480a8e615a3b25efe067aaab1003463a8ec1e0e8a16

SHA512
7388ff34185acce289180f20038ba31719e274c309ef911133871f6b15d47bd083d99752f28238b34c741c1abd65a5e22b17ad3a0cc1741659cb60bb70d7dd55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24098f5721b2da2a0e767d447194e5be

SHA1
72df0e9968b545cc7825c8a7dcbfbc714bce7d08

SHA256
97628490c3bb084023cf8c71d606e8f18ea911d397de3914689d6e7b8913de3a

SHA512
f1a2140713dfaa2dc9161e20340cc99b3d1be52ab70b445b745dd8e18db13afaf5a4b2930f7c577587355462a6c47dcc4c7ccbcf784276eef8e7d7086968dc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ad281832217cca9e8a9cb6d11b33f10

SHA1
4561c13331d935e90e0d122d0600cae2a2feeb6e

SHA256
4c044e4c6a4c6fbfb1ac33a730bded6818b2e3e82697875a46690df844b0fd4b

SHA512
43d1b93abf20d5299c7b461ea7d23003099684d32223965c4f9b7967310d03eea6f1e63f6b84d2b17f2b908389627be62567e9d40a658d9c3b5c8c04be9acb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fb6810def0427b6e715b5ec82b9602ae

SHA1
ab84acd651fa78864fbf37b42722ec4b9d868d59

SHA256
17edae910dd918df63b6234e87ce22acec7cfb3d52eb734537c3a62941d2f318

SHA512
38f4caa464e1ae28ecd6ae2e9da73c68abd1b5bcb62519ceaf4eb6e177af65f5e823803ab4b2d712db7d58046e1ffd384e30f74e0f3c8bb60138fef08b180017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bea5694c-74ab-4eb0-8062-9e564269fb0a.tmp

Filesize
9KB

MD5
2ea5ae0d14fd3747758925f7585a245b

SHA1
3f36f1736bfa2cb2309a8f5caa0eaf958a64e5e6

SHA256
7109cb5af151e08f74fb6b3b88eaa2f241d6914ea87505ef921e0160d1ed192d

SHA512
8405b94a5c823db8ea1707f0de1e2f38ee55d08f3c2e3da332384e76d9219e9a6e9ba63af2ddd17f88faeae65cba782cdbc49e4d2606f166e9042c4d4225747e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
7c42449fdacc4e2bd8ff9a66c0bbd5c7

SHA1
d519547d6718ad294573cb8e27036200a3509861

SHA256
e2ac7110fd0ab5de04507117fa4a2e1f52ed92d91e88e09d02f588e214a6e9c6

SHA512
fa0b5df6e412dff6747538038e7242c0a83651b3e87bcc36f49f2a1d320cbb804321aaa41116353849275031047f796822b13cb4e4c8d7e45b0e772a6c63a4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
73e93a34cc7146e86ff560487ae7f804

SHA1
d038581f4eebe632157061020d3fb862c2337a79

SHA256
eacc8a9c31365fbc2f1857aa5724ac7cdb8cac14b32c78784bc9c3f781ed956a

SHA512
c6219346a4f4a9ba60bce1c51ab324d2c24d8aded8b9aa767de44da006f8255de61253f69f5565cd370b79c745847473effadb48c63b9a585282f3e0509c28f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e30dc8016b3d60681a8b84288a49d1d4

SHA1
5c0559325580f7e1e028f3314f600de76205ef40

SHA256
bc25a6fb43f3628f8ca4d5c6af46d0f019fb6bd13c2a2085f84f4d9b36c0d425

SHA512
46b5ee7fb40dd0a7ef86bd7103d97e40595aa82ea4a898ca8bf8d27da16983e485e381be520c99b2413e82f9d0a3c820a71baa69663aa550a2c7a25f2c022af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\470e8965-166f-4004-821b-513e20b31199.tmp

Filesize
6KB

MD5
24215ca3a002910f25ff7e75a975c549

SHA1
b3b1d9b83e8fc170b98662ed2b6ee6b9bb8d2fdc

SHA256
1ccca03ca3cce032f3acfbf9770e45427dc64832a9c5bae527ee9c48abb4d5cd

SHA512
34277583db036c41dc51202496cba580130dac143c561bfd049a8ae27342416656801dee763dceddeb697e621c05266ca8541e656746bc6f6b761e2a8e0a3011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
26KB

MD5
fe84afd65e8a078c575f1fc7634c9a02

SHA1
851cff1c5aa906e5f23c6dd34d0b25e413a2e1bb

SHA256
32913afa85c9821ef49a6c032ff9b367e4dbcc10dd6eb78c6a47b0ce773ed4a0

SHA512
ce95ea85f0c630fc2a78d3d3b96be7595aa0fd9b13a1d998f7c84a8b7a44d4cdd7732919f80505cc84e26570f005c13100aeacb393fd82f0253c4975db27d190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1dc3f7a2fbcd02956c3510dfbf6ca332

SHA1
28206f3defb90e0d6e35911e416b7194ef3726b8

SHA256
5955779802d42a401dd864dfc91ea1fa8ec8d41a89f5d278b57ce8490fbdd520

SHA512
c416610d07756dac5d85384fa09ebeb18074828e9ae68991fe31918ea7c353554698743173c813e51dab66d559d0266a538b88be2aafe951295a8d79a0724e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
848B

MD5
624e19fd89f1ab8b217cd147f737e2f2

SHA1
2e0e6700f97988b5e2df508be994ed86c6008094

SHA256
a6732455418aa05be9745459f342536e9fe2d7226cd7c8fd232e35d5e3f2cb44

SHA512
a3455ba85b41d6d95bcbd07d44b46b90c6f7fbebe8dbdb70843a8a14c4e01cfebfa76a2050a28702129fe95e2f095a6f923197f109dd7b52ff8322bc13653108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3e21029f09c76096452e0f0190a472c

SHA1
76a9420a283de0a75372ed8462a96928c02ebdc4

SHA256
278cb2d45844e66197f923ae1e3b9be2f750ead3ab38b5761dcc83a00a1bc2d3

SHA512
2761918ad9e9a97042511095cd75065f3f535377e2c5b0c5d62aef1b3b54f494771874a73196bbe71063aeaf7952185e4c586d93b72cbbae93add4a9097eef79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a77cbe18c0359d41a1a5a3c978a824d

SHA1
ccbc1bf1bb9d1da8644360143cfdb1f28ce70c0c

SHA256
cc21d5356afb7d5ee20fc06e5b248deb1642fd65a84f35b3e7771bd927bcfb7c

SHA512
261f44f5883e5005874c70b82332d32f7a8b414a06578f96f46378fee46e200f379071b2c4a29140c666c09bdccfb91f7a6178b6522b9128a817ee1961671038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02b55345093066a521689c2eaf73bc36

SHA1
1a8a91ab6967a3ebb14b9da4f08e3302e36024d4

SHA256
655f66ab5788d3f40155b178989867bcaaef301037f66816f28aae749b5b84f9

SHA512
d25a9c68874f00e89293766f0463c4e7c7cd5dfd306eb539c3edf1f7bcc0a5b7115fed47d6326bb6649a47643ff55572d0b5ea5b96a4f9cb56f50d08b4dee38f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bdf67421165c7b5fed99a1728e68d31

SHA1
64b73b93737dd58dd49c92a2c81e1db035bd7139

SHA256
836119b7db84a2c42a27a120da6609eb3a345bca68e70496ee78a7e44a529d4c

SHA512
4e6650b5e163400966f2e8205596cac2a58d116c94bcaafae8cf3d43f100e5ca98821e914b1de7ba5ec1cfb6abf1e28625cd471b1c68a569c74a4e565000dfdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
696c9be0f585719790c6958467bbd2a3

SHA1
3d652e89efe60dd477d66fee922dc04cd474cd02

SHA256
734928ec6070f0e79198b2c256413aa81ba2a6aa4ed7dd89829129b4c355d14a

SHA512
4fb9f458dcbc1d07d370b1b3a3cbd12b718ec4bfcb317b769c7d3a5acc5ed9eecc76ccfac7e86c207481b4f02ee3d1fab589eda673b3f8065f0a23a6bd41e69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a0f92.TMP

Filesize
538B

MD5
3dbd9abb3cdac9594ab465e39bbb5e33

SHA1
a88d789a29c583b4133048d077d8d4cc4e5cda35

SHA256
8a27ca53576fa83da2405ce806a3a94115dcd5e99c0361ee0435e8bb71555cf2

SHA512
da64295fe3453059d344e85775ecf52cbb2b36fea8e39aeb12ea4cad83fa3f40b92be7aafb94599150287069509def63ebd29865006e1c2ee09c8da6e7fe9773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0af433e98c03de7273c64d1786ef29d

SHA1
72d0dc4f5eadd1c6460a82b54d135a946f45fcaa

SHA256
84d9ec0bf0d970396902774efff786f178cf2bf258a7e7ea358b0b1c69a17668

SHA512
1e48b4bbf417d379ce18b9290c587ecae58993fd1e24dc8ba763e886d8cb3db955ca76aab16a380a533a9fc8b7c61a9db30d95e5555766280fdb72cb68fbceb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35d4dee098b2040651ad8c6609a9ba53

SHA1
a134469c7da9ad10405e318391a1a7a933c29594

SHA256
6e48ffe3cfb103706c08ab4fedb971e09fa6cc4eb390777a849a7eb04247bf48

SHA512
b49115cb56f6934ca47b5cc74eb613854441af732761f85429ae54370bd4ae30fe3a02aa055d4d45f41f68368321af8d7f78e0bf73e3285292310040c97c9896

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
38KB

MD5
ee156b0c047780ff5ccfed54a06e65ec

SHA1
87a2422c42983c34a64b60f7b4c9d3d4e0a86deb

SHA256
74d8221ece4d9f63139afe8a2db553bf83fc13c9a3bf83a47fb3067161ca95ba

SHA512
5aff18e073aa28241a6b70c2cd30015d9b62ec5995b1a0b6bb85ad2810ab5df856a02a4df33cf6f6e2f93ca3659257422831feca53c6154d9c9f9f51f8246431

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84359BA7\setup-stub.exe

Filesize
630KB

MD5
41b303c1c8a60d3fc047b89aff49112c

SHA1
23d3f56fa4d4c6f1995b386f663fabd446258bf0

SHA256
094dee1dddb740da7f9cc16b864c2db9d24a67b20b5bde4ded88d27c243b034d

SHA512
18ea743be2423abe207d502ca9b07378599647d43b910219746f568cc85d28c532c61a6eeed5f21ba0ffa8a46f70ecdf9a6296b0900ecb2a9dfa412b9cc65cc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\InetBgDL.dll

Filesize
95KB

MD5
af9e2d138cf17b8ff4d4b8df7fddaefa

SHA1
539afa302bc5cae7022896048cb7a0f3f2ab6907

SHA256
3921dec014fadd1de7f3a36606ac95882a17cb96df38a5424e58531a169f825b

SHA512
631ad8bbb9eea42b230f2729714874c921677c4be91ac0b35ab9e7751613045eb249f8a0dd1d5ce06bf2cd544507795836dcbf42be79f01a71333570ea27c840

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\UserInfo.dll

Filesize
14KB

MD5
610ad03dec634768cd91c7ed79672d67

SHA1
dc8099d476e2b324c09db95059ec5fd3febe1e1e

SHA256
c6c413108539f141bea3f679e0e2ef705898c51ec7c2607f478a865fc5e2e2df

SHA512
18c3c92be81aadfa73884fe3bdf1fce96ccfbd35057600ef52788a871de293b64f677351ba2885c6e9ce5c3890c22471c92832ffc13ba544e9d0b347c5d33bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\WebBrowser.dll

Filesize
103KB

MD5
b53cd4ad8562a11f3f7c7890a09df27a

SHA1
db66b94670d47c7ee436c2a5481110ed4f013a48

SHA256
281a0dc8b4f644334c2283897963b20df88fa9fd32acca98ed2856b23318e6ec

SHA512
bb45d93ed13df24a2056040c219cdf36ee44c8cddb7e178fdaabcec63ac965e07f679ca1fa42591bba571992af619aa1dc76e819a7901709df79598a2b0cef81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\profile_cleanup.html

Filesize
1KB

MD5
1cb97b5f8c5f2728b26742d1d0669899

SHA1
bb5ab1b8c00810fcb18184a996573c5accdc72c3

SHA256
dec82e9caa154300e1aa44f550c16b455a2025be4fb1c3155cb75fe04a6b6611

SHA512
768ed2b070485f3bbcf457aefdc0ef8f1737ad8ac4a2703e2feaff424f9a2c69a2f5928a3be898932ef4976a44ea829a099d090bd9941a24d045d5c8ac8b7b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\profile_cleanup.js

Filesize
1KB

MD5
d845e8f4c0edb3cab17e6a30090ac5b8

SHA1
654f058570f0868f0acc5f0595147f3385a9c265

SHA256
1adcfdd9768242c6c639b10e4f0bcda24f6a957a169c1dede265e40336ecbd4f

SHA512
401d800c484b74401b90c3285d8b6cc0018baf4979d6ec7bb174f7810d3f60adfa6b4cebeafcee20d5a7c3597447f755af19c5fecf1863e2438fe427dbdf9fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnB4BA.tmp\stub_common.js

Filesize
815B

MD5
efce3dce0165b3f6551db47e5c0ac8d6

SHA1
1e15f6bb688e3d645092c1aa5ee3136f8de65312

SHA256
dab39cbae31848cce0b5c43fddd2674fef4dea5b7a3dacdaabdc78a8a931817e

SHA512
cec12da07f52822aaed340b1b751153efa43e5c3d747fa39f03bb2800bf53e9416020d654a818a6088acb2cf5581714433d818537f04af150e6bfb6861c03988

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
28f274cfef614139e801296b79498f91

SHA1
183c55f6d7e8f33e8ce9aa5c633df275b51e0e0b

SHA256
a38989c66e09f26966c66faea301977f3433bcc152d90658d6c6e403fa1645a6

SHA512
ae80e45fdfeaf3a6a3632af76ad500c366337c360bae7b080fc33fdd61468ce074fbfafb9b234414a705e95d76cfd08b2464bba1b1e381681c0257454f1c8553

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2ed6a8fad947306cd89033916c54c722

SHA1
c6db69fcc4b1e0c89431c30ea53114a8efaef70e

SHA256
18416a28c858d83a6253b8937b2e199def7b6010d3bef6118e0fe94724fee2de

SHA512
800681fe9c916cbea8fd47731419d9e28e3c01723048465aadaf2535e818666fed2d12229d2d4efc8e5a368a421d26dfe6e3144deb3644c37d0503bf85e00570

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5c9e618eed13609a731acdad652da107

SHA1
b27a1d1c44b3608f9708cc52137d2266f99b4557

SHA256
449ef5c997bc27c98944660a81c2ebd5cf295f2337484b0906d0483e24db2dd2

SHA512
23a2ee5d08255e135041939b6254fa3b689d280c97ec0e67c978ce73cbbf1d04fa2342b858843c2b320b068f41b5e4861138cd284efacc9ddaacdbcd97e10a2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
be0f33b49ac9f34c3f5d45940da1d9c8

SHA1
123b213c189b76c30861600bd5f8d222be56f5e2

SHA256
402cbb2497e88c3c3d827072ee9edc141ae3224883c195ddfae5f83e50ce865b

SHA512
99ec327518a688395981dd5ef0064bce3497a851d34f3882cfe491256e49b8cba48e53a45db6a5c6254df4c12424f4a55cfacb6e16a30b83a0ce818c2d1fd1af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\1e0b09ed-e415-4f13-9d4f-b6f13ba6620c

Filesize
756B

MD5
2c49677a29c01050aced93612ede9af0

SHA1
8dcc90481b0cbc2ae779e7ceceebdc41b367f627

SHA256
04114cb8a97d5be2325a8cef333ccc0d5a2a195139b7ee486712cfbe6a25a235

SHA512
860d16cfd6b54197c2b2933ba53da73fec68c2cb6c8302fa6c628c0f83b4a47540592c15c1c3369ccd54a8109becbae636b7565fab3b1e08e343b6ec1f996837

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\391e2b4b-7927-4318-9997-4aaa40c9ef80

Filesize
982B

MD5
2754985c567d733e6b1ff81f05f1afc6

SHA1
0433fd0300e048ecc4d450e9873806e74e98232f

SHA256
726632cefbe78175f3a486b90662ab2460cd1207871fdd567c1a6557be799067

SHA512
83150789668997991c48006fd49e409bbc94ae970201f2f1b95703f30594fd59569bd91877c4452be478eaa23659eb33939007f19836f4f944ced2be8191ec76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\645897db-c1e7-49f2-a271-a7f87b6d3487

Filesize
27KB

MD5
438a0c236e1aab90035391331cfadcf6

SHA1
af6fad136dc24e909db8cff2e8dcf0ce57647548

SHA256
18b95d42a53c8ce73c987c5f7accd438597254ac37bef1e04d9f658fcca30543

SHA512
a98320a7b2facb28dfc5a7147c0c2425d375a37293500a2e0c54149a630301012cd10c4982011b2832116adc9313fa016c677da1ba75db916b4c42fef6a0f01b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\9e086a86-0a9a-4b4e-97eb-cb74f8a1437a

Filesize
671B

MD5
ab3d202df2551bbc548b781f710e094d

SHA1
3deb32d4eee640e653cb91ade260560aa8014242

SHA256
a014f0dd48a84ee9c5fceb65111f25aee5baafe6b688bf8685e414af45eac726

SHA512
02e97198cf06135dfa50413e645c8002cc7c12b42b4f750965eb0b55b519d0ce761886f75f641d0531f06b3d9c1e2781fda19200ae6db033065ddbfb2918875b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
3de7f9fef2085134021a7599413d3b6c

SHA1
27c364b8eee82c9ef7f8838b9301d8314ea69bb1

SHA256
f82436d99706e76fdb125f9fe30362c918c21c62408dd9819b5f23a407bf26a9

SHA512
3c7183b24916f67baac6af3d38a0a84833fb6a9ce81f60dbc7f7cbee127c0cf464152447a40a7c4f43da3926bcc150b6dabfdc27cc1bc61a3175bca40d9846e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
79d5d8755b5d227f734e663cb39fbef2

SHA1
397bf6094c9e4aefa8a3748250155fc9d4fc4317

SHA256
33af58a94ce1d172c0740b63773f6503a37d950d50ba0db0419380d25c8f44ec

SHA512
877a8d4d22326b3cafdb0b448b483471d0ca6f136c87a77854dbec38324e10648248474d72814b6142ea3a0ba3817a27e285d4b905d23007a85e42d307472502

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\Desktop\ApproveRename.asf

Filesize
698KB

MD5
f2867ed9b7c14ffe97703e087d7e500e

SHA1
8fdadb1ddd136049e049ada603efbcb52ec31364

SHA256
5fd9c70099126c7eb48b2ce4fe5ae3357580197852ee34ecbbc2d64a0cd0daf6

SHA512
f5e1a454f86f3118e3e01f909ffc8ce990940690fdc3054870b76f8fa2a8fd6ddf76a8a4de2335be2970e19c3762ba13f8969a3fb9c7caa4895196dd1b5f5040

Download Submit
C:\Users\Admin\Desktop\BlockHide.xltx

Filesize
488KB

MD5
27c338d09ea9a63f57544cd179cb38ca

SHA1
ca0a24347f29036eae19eece4f2571f90db2ff63

SHA256
d781002f73c6bfe7cb3ed6037483eedb273f10521e0cedd729f47ba68de719b1

SHA512
15d85841c89a0d8a40863c88e82150a2b7f961972f7fe30e7a9d6e3135b1f19e12355b53094f397a8deb1d454e51430a23330b340469d24dddb9fda81a862ed0

Download Submit
C:\Users\Admin\Desktop\BlockInitialize.TTS

Filesize
511KB

MD5
f184de31c91d67946576a4fae3175f5a

SHA1
4c8c9d1168ed2e6ed6667e78d96e100051e70165

SHA256
3294162f82ada60803531ffba907f3c90b869b73b62b9a123ae41d3a8fb26e23

SHA512
0b8f4ea89fbcaf903498af331d2fbc82b415ef3def318bac3a03f27adbe979671ad0c675fd04252be748dd3b3b6ed1c0a414e517a980ae5340fe24e321786fb5

Download Submit
C:\Users\Admin\Desktop\CompleteSubmit.M2V

Filesize
535KB

MD5
b5ce025c19876ec9efcbb94473b99ab5

SHA1
b3a3ab39de1d8d675625c50edd91ddc576af3fde

SHA256
627f6fbf933ee551448d1a841db57f932e03fc4eb26014d84ae3529b2cc6bb4e

SHA512
3ccc909719aa4e28198d4703ec1a5307592c7c4ace019e314513987e3740a651e5577b8304fc6e8959b85fa65678a656765cebbaa3e34344420971b24ef83196

Download Submit
C:\Users\Admin\Desktop\DebugStep.wmv

Filesize
349KB

MD5
abd72ea4fcad939d5f6ccfe7eadddaeb

SHA1
54eb423d9a634945a4fdec4cbf28454b174a3423

SHA256
3fe1d27ef50ceb826a9176d4aac127ed17e20091ba9e5f457731eb4f9c8c7813

SHA512
afaa6270eaacc8e13b9a4c33753799e4b16d62a291e270afedb694b8c7b81b015c0ce5d5b4679432d5ba07c66a9098350d1fad22e4b6882fc509ea731afe7dd2

Download Submit
C:\Users\Admin\Desktop\GetEdit.tiff

Filesize
558KB

MD5
a14b24ec020be123336892ca29691ecc

SHA1
53c61e6b63af8ef2d6367bd3188d98c42ff9e3d1

SHA256
cff8ceead965cc61e1d371c316f423f999bba6fdfdf60e6448964d18d42a5c01

SHA512
3b1951daf4a132e9c04c9ac4e5ae4ac706ed41f091dc924da968025317479bfc103b39397a827ab0a4ace9a67bef398af1046ed8bfb88c90aff18d220dd9317f

Download Submit
C:\Users\Admin\Desktop\GetUninstall.mht

Filesize
465KB

MD5
4c73ddcb59cf0c241a087206038633fb

SHA1
c1f986fba9ab74444995d6d09f04bb7dd5111f98

SHA256
4bf0de6456e8075ef9132cd5527590aca96fac5db7e01182cf7aae0c1ecfe100

SHA512
168c831d28c3ae2a7bca08376474fdb44c14379489558a8d55ed100855295d6422b625e4f15f5f85f30a3e243c511db83e694d23c9dfa7a3fcc265691c5d5161

Download Submit
C:\Users\Admin\Desktop\InitializeRegister.i64

Filesize
395KB

MD5
f5c5de2613e9b0982d6144649fd89877

SHA1
103c81945aaf0a447ccfb34a0bf2d870368881e2

SHA256
2ab51cd3d12cbbc33916404c7f0dcc3fafdfa6b84c44ae513d195dbc777c9b6a

SHA512
84d5e13a09ff0ba94a9f48189d8d61e44e38dac7f3a3fe9a0e1802ad315b964829324867788e547527f605e18e3c7b48b4bc946238c05ffa7f8fa5b09bd0d1dc

Download Submit
C:\Users\Admin\Desktop\InitializeSubmit.mpe

Filesize
372KB

MD5
747b55f44411e5cc146a61914d631299

SHA1
7a29aa8b3facb1153ccdad4aa647afcbbf57baee

SHA256
3ef2a57b39cedb4198d7f3b3038f1b3153898219effa1b90540004fe08bf9cbf

SHA512
d508d09bc5fc0626f0073180a51ccecd93558066862fcadaec2c9d4745e8ffceb2b5bde40bf307c68072d8c0806ced68d28f6853f7a25e3f9dd4f4dfe590f0d3

Download Submit
C:\Users\Admin\Desktop\LockTrace.wmv

Filesize
255KB

MD5
d90c78e6521a63582dc49117e9fa2ee2

SHA1
7d10ed94025648ddb51c4486bfdf48c81093898e

SHA256
e72051273eb6aa98850e3c37241063051c313cb606b1c3405aaa4fdff10ac8c7

SHA512
369367a8be2a07cb93b9b687cbadd7d2539302e6633b09ebd59480d8e4e8559b3dec28fc7e9008c95805578c80aa936e653d1e86b22ee79bf4f55c02eb6ff091

Download Submit
C:\Users\Admin\Desktop\RegisterRequest.dll

Filesize
581KB

MD5
91de3136f09a84e2c77b879c8b857f82

SHA1
ab988e9b98f3bebcbf146053a106924c0a8d8e6d

SHA256
d4c616118b5a32e13f814d692684d36be35c529b7d3f604563c786c4c1b4b133

SHA512
8cb0be597394a00f5518b463500660fce5f5d957a5eb983f1c1166ead5314b7e40eb4cdb8eaaa124f6f55a3447159cc453e0cbff27dc035db103dad949595e51

Download Submit
C:\Users\Admin\Desktop\RemoveSkip.docx

Filesize
15KB

MD5
71eb58aaf3fcfd50e5dc92a69d63cfb7

SHA1
d605e935b0d0f558115c53f6bc997993ea666fae

SHA256
2905c827cfa417b561857e49b200597ca148da81513b3225f0a421a5dd376568

SHA512
14fab959d7bbba74e61192461e15978fae9aa5442beeb72424d56130da4f8b5295ff15eb27d0a14a6679546a8291bc61e7f2e4fdc137b3d0a3613f2a4f86a7bf

Download Submit
C:\Users\Admin\Desktop\ResetMeasure.dwfx

Filesize
605KB

MD5
854e29305085bf20ea508230cccd5ed6

SHA1
7827bd5d42bf42441720caef2de18fadf07c045b

SHA256
02e344405757cdc06852e98905685077ba8a2a7041c6a8277250b2f9167b6d7a

SHA512
e8cf4d582b6ac4d1751546c70f55ed510b5ddb2b618faa162369964aa1694e2a256b30714e23ab6838cf738af417ab4ef0373476d06d53a21b6cb7fac6844cba

Download Submit
C:\Users\Admin\Desktop\RestartBackup.sql

Filesize
651KB

MD5
0f94a25a3e2fd5eacc676287524b4bec

SHA1
0dbc20ae17d0249e72434ddd258ba3d993b48de1

SHA256
bb0e73a5a95174b407b42c64d15d614a22df1a4e6d90a5430cb38f04d5790483

SHA512
3918aaecd8e59c4e05bd92e5ed842a03f964203009860c310604fa4e0dcbeea705082066508e567eb0fa6504c257cb9cbda6bde7be156b28113c58d7013c7713

Download Submit
C:\Users\Admin\Desktop\SaveRepair.mht

Filesize
302KB

MD5
27a170345876dc659b11e99677da52bf

SHA1
78db17ed91abdc73ba1fc4c4b2b49f946a9aa0d2

SHA256
48b422ddf5220a9a520a63aaaaeb673f845b5e95ef37c9a7bba24c5bb71b02f4

SHA512
be8d432615bde90d8b3fb49ea05e663fa539a5dae0f314de4096be63c5f594f8203028e93f729b877cdb5f9cfe74960c5f624420fbc7c5413e67fa99a513b60b

Download Submit
C:\Users\Admin\Desktop\SaveUnpublish.jpeg

Filesize
674KB

MD5
d34773d4b3cd34dc17ffaf7357afcd5b

SHA1
ce9d3f7671c2f315b36a688563b3eba7cd64bccc

SHA256
3f337b324a5fedf617cd7c93d310eed8863d6c84086680647c28ad7dd898e715

SHA512
20a097187955cfc04fda90c4d6e23ffa519bcb665a386135cc5b240ab1a7030242019e78eb4d9052483ca4985223f10e54ef970bffc3827fb1600f96797d9ee2

Download Submit
C:\Users\Admin\Desktop\SetSwitch.wmf

Filesize
442KB

MD5
8dd39b3578e0a5642d68fe0cc84a813b

SHA1
6276941964c2b55eb1b4058165b48007e01c24c0

SHA256
c6938d34ea71bd3073b55656cfc93ed5d62354b6ec708822517776990fb62257

SHA512
032a7e56e17b2f234a55fa2740ed7ef8a934332feb58c1f9aadc4d1fef43c0cad16f7b8d4db459a6e8edf6d8f38b3c970edd798ebf924329118fad98190749b4

Download Submit
C:\Users\Admin\Desktop\ShowSplit.vsd

Filesize
721KB

MD5
069e19c1abd7a70a0bd6b98d240fb24b

SHA1
d31dea5b9cc33121d269ef81d071b3bbaf98a9cf

SHA256
d0327b63c19f912bb73a0cabd0db7e9b61ccc21419cf8e56e1eaab28cddadde6

SHA512
16045993182a6812d93c4edb351be2d5cfe14c461db655a8ffecebae63969520016a110f91675844ab43234fdb5e1f72128aab3f7183fd7519e02a3ba53c14a6

Download Submit
C:\Users\Admin\Desktop\SplitEnable.shtml

Filesize
279KB

MD5
09a7db3b6b13bc22474ede6f030dff8c

SHA1
eddbde4d049b2f9adaee8fced20ebb797c933148

SHA256
04ab93ddc6fe562e00d79339265eca80ceb93bc42ea1c3043616406660642416

SHA512
421af6fc7d3060039083880803c43688c10c5d4e111642f41482bd6f5b6650f252541b529c05d8f3a0042aba19e85057556cf15f3a25a8d95e45307542048d16

Download Submit
C:\Users\Admin\Desktop\SuspendDeny.zip

Filesize
325KB

MD5
a2440217a0b763de9b7871001c7f1722

SHA1
06c14b70ee599c1a33e0a048e15fd735d5060fe2

SHA256
ded61f5d181fef847950d32f538a4ccaeb4dd0a778e33b1c9ad56a4e446240ab

SHA512
fef9d21cba791dcd9c8458a1dc154516eb26654950786bc6aa0eee3c8a712f2f10c8d72e88ad5c2c3c316a1c3b664ce9d32d18eab9566a8c70511c114830b848

Download Submit
C:\Users\Admin\Desktop\TestCompress.dwg

Filesize
628KB

MD5
6be29d9b0ade05b21183a4170663d774

SHA1
eb1c5a6eb43b7b9f66732a76498c08e3bd7310d3

SHA256
75a9ba5441553296ba4d34df3d822743d87fcbb30b17ac7608858362d122e125

SHA512
e3482577d81b64793f42c423f0795f11c5f683b2fa6f3f27647df7052218c30e386fc6c65e5f489c6be8e874492519ac48db6f3007617c6b6a97777860b27244

Download Submit
C:\Users\Admin\Desktop\UninstallStep.xlsx

Filesize
9KB

MD5
d855277f7a7ccec06803fb7fd507b3b5

SHA1
5d480f36c90a53680f1258ce39883abf173e86a8

SHA256
d08da550eb70e8dcfdc9f9bb992f3154a76f63bd45818c3468c4ef18e68a6623

SHA512
25cf3065a2ec75eb413153e0655692f562b0bd70950a78a1fb622ebc2e830c3835bab6ee1829fb9897576624dff12f9b0ed818de097a57302447835b21f5f8d6

Download Submit
C:\Users\Admin\Desktop\WaitRequest.xlsm

Filesize
418KB

MD5
eff367b073ecfc39cc35748459a98aa2

SHA1
1534b9cc3b897c4ab1d5a8ba981bb4089197a750

SHA256
724b41c9c37b7f0af80bb4eefae0b20bd4203a650b99724a03bc878252bc922d

SHA512
9f9941206191e01b2dfed7d07ee35e1ecc864d6b8369335a391c134eaa87e3fa068f5f069c97d73041ca6474f84ce529b8346a04f1a9d537b5c23b5a1988b5f0

Download Submit
C:\Users\Admin\Desktop\WatchCopy.css

Filesize
1000KB

MD5
494c647f650052d8d8dd21bad34f31e5

SHA1
232dd4ff049b0b61e0d04c32daf38d1bf6d9f3c8

SHA256
2643d1fd49cf3bf253a0bb11acd9a21108c990f2876397f9f515f9dc1f196d1b

SHA512
e1b6dd63a29ba00aae49a0c95a39fe3a6cbc77eeef7f4be3260b32196d0661c4a573c31ae378381989021bd565132f331ad917aae53a9d9b3ef2a1f68e747519

Download Submit
memory/4936-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4936-72-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download