576486c34af89bf133b029ab03f04e01478b1ccc2de7023429190305b55d3793

Analysis

max time kernel
219s
max time network
223s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TF2X64.zip
Size

110.9MB
MD5

4eff951a48869de1fbf8ae9e5fc52249
SHA1

c97e8c7b81d9a811c5f3d69ae47a52e71eaf9c86
SHA256

576486c34af89bf133b029ab03f04e01478b1ccc2de7023429190305b55d3793
SHA512

bef342061580cb3e455d881b614511de5aaa7b22119c400754492952939cd935d19c001bcaf65425c97a46b724f29f52ca2d20c2a48e8f56a830b3f32c296b75
SSDEEP

3145728:o/SvA40nR9Vq9PRXM6mIRmQzF5wcPbqsNlmrO4IYnBI0Wh:oed0RadR8Y2eHNWOy/S

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 19 IoCs

pid	Process
4132	Launcher.exe
2260	Launcher.exe
756	Launcher.exe
5112	Launcher.exe
1704	Launcher.exe
2096	Launcher.exe
208	Launcher.exe
324	Launcher.exe
3056	Launcher.exe
388	Launcher.exe
6756	Launcher.exe
2500	Launcher.exe
1952	Launcher.exe
3272	Launcher.exe
3352	Launcher.exe
4416	Launcher.exe
2764	Launcher.exe
4832	Launcher.exe
4484	Launcher.exe

Loads dropped DLL 61 IoCs

pid	Process
4132	Launcher.exe
4132	Launcher.exe
4132	Launcher.exe
2260	Launcher.exe
756	Launcher.exe
5112	Launcher.exe
5112	Launcher.exe
5112	Launcher.exe
1704	Launcher.exe
1704	Launcher.exe
1704	Launcher.exe
2096	Launcher.exe
5112	Launcher.exe
5112	Launcher.exe
5112	Launcher.exe
2096	Launcher.exe
2096	Launcher.exe
5112	Launcher.exe
208	Launcher.exe
208	Launcher.exe
208	Launcher.exe
208	Launcher.exe
324	Launcher.exe
324	Launcher.exe
324	Launcher.exe
3056	Launcher.exe
388	Launcher.exe
3056	Launcher.exe
388	Launcher.exe
3056	Launcher.exe
388	Launcher.exe
6756	Launcher.exe
6756	Launcher.exe
6756	Launcher.exe
2500	Launcher.exe
1952	Launcher.exe
1952	Launcher.exe
3272	Launcher.exe
1952	Launcher.exe
3272	Launcher.exe
3272	Launcher.exe
1952	Launcher.exe
1952	Launcher.exe
1952	Launcher.exe
1952	Launcher.exe
3352	Launcher.exe
3352	Launcher.exe
3352	Launcher.exe
4416	Launcher.exe
4416	Launcher.exe
4416	Launcher.exe
4416	Launcher.exe
2764	Launcher.exe
2764	Launcher.exe
2764	Launcher.exe
4832	Launcher.exe
4484	Launcher.exe
4832	Launcher.exe
4832	Launcher.exe
4484	Launcher.exe
4484	Launcher.exe

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Launcher.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Launcher.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Launcher.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Launcher.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File created	C:\Program Files\nw6756_1494229366\nw\index.html	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\package-lock.json	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\index.js	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\nw\icon.ico	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\index.html	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\nw\17100998902560.webm	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\package.json	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\17100998902560.webm	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\package.json	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\node_modules\.package-lock.json	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\nw\background.png	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\background.png	Launcher.exe
File created	C:\Program Files\nw4132_1322114139\nw\icon.icns	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\package-lock.json	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\nw\fav.png	Launcher.exe
File created	C:\Program Files\nw6756_1494229366\nw\index.js	Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Launcher.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722657680446694"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	Launcher.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2260	Launcher.exe
2260	Launcher.exe
2260	Launcher.exe
2260	Launcher.exe
4132	Launcher.exe
4132	Launcher.exe
2180	chrome.exe
2180	chrome.exe
2868	msedge.exe
2868	msedge.exe
1724	msedge.exe
1724	msedge.exe
2500	Launcher.exe
2500	Launcher.exe
2500	Launcher.exe
2500	Launcher.exe
6756	Launcher.exe
6756	Launcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe
Token: SeShutdownPrivilege	4132	Launcher.exe
Token: SeCreatePagefilePrivilege	4132	Launcher.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4132	Launcher.exe
4132	Launcher.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe
5228	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3844	Install.exe
5228	firefox.exe
6768	Install.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 4132	3844	Install.exe	100
PID 3844 wrote to memory of 4132	3844	Install.exe	100
PID 4132 wrote to memory of 2260	4132	Launcher.exe	101
PID 4132 wrote to memory of 2260	4132	Launcher.exe	101
PID 2260 wrote to memory of 756	2260	Launcher.exe	102
PID 2260 wrote to memory of 756	2260	Launcher.exe	102
PID 4132 wrote to memory of 5112	4132	Launcher.exe	103
PID 4132 wrote to memory of 5112	4132	Launcher.exe	103
PID 4132 wrote to memory of 1704	4132	Launcher.exe	104
PID 4132 wrote to memory of 1704	4132	Launcher.exe	104
PID 4132 wrote to memory of 2096	4132	Launcher.exe	105
PID 4132 wrote to memory of 2096	4132	Launcher.exe	105
PID 4132 wrote to memory of 208	4132	Launcher.exe	106
PID 4132 wrote to memory of 208	4132	Launcher.exe	106
PID 4132 wrote to memory of 324	4132	Launcher.exe	108
PID 4132 wrote to memory of 324	4132	Launcher.exe	108
PID 4132 wrote to memory of 3056	4132	Launcher.exe	110
PID 4132 wrote to memory of 3056	4132	Launcher.exe	110
PID 4132 wrote to memory of 388	4132	Launcher.exe	111
PID 4132 wrote to memory of 388	4132	Launcher.exe	111
PID 2180 wrote to memory of 4252	2180	chrome.exe	113
PID 2180 wrote to memory of 4252	2180	chrome.exe	113
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 3696	2180	chrome.exe	114
PID 2180 wrote to memory of 2604	2180	chrome.exe	115
PID 2180 wrote to memory of 2604	2180	chrome.exe	115
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116
PID 2180 wrote to memory of 3532	2180	chrome.exe	116

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\TF2X64.zip
1⤵
PID:4108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Temp1_TF2X64.zip\Install.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_TF2X64.zip\Install.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" /d9032id9023939393/Launcher.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x2b4,0x2b8,0x2bc,0x2b0,0x2c0,0x7ff9670fb960,0x7ff9670fb970,0x7ff9670fb980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
      C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x15c,0x160,0x164,0x138,0x168,0x7ff7f841da20,0x7ff7f841da30,0x7ff7f841da40
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:756
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1984 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --no-appcompat-clear --mojo-platform-channel-handle=2260 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:8
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --nwjs --extension-process --no-appcompat-clear --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:208
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --no-appcompat-clear --mojo-platform-channel-handle=4056 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw4132_1322114139" --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=1956,i,9369492707627025280,4017612035005213270,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96864cc40,0x7ff96864cc4c,0x7ff96864cc58
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,8056188157525040777,15034691673895134706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4536

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9620246f8,0x7ff962024708,0x7ff962024718
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14097359047519618084,389605807621775104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:6248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fabc58b5-dff8-4104-a63d-3cebd7b4c581} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" gpu
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d600a8-62dd-45b2-844b-761f55a35871} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" socket
    3⤵
    PID:5860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 2792 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06d79155-4319-45e2-987b-d9864f1bfe99} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
    3⤵
    PID:3880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3308 -childID 2 -isForBrowser -prefsHandle 3708 -prefMapHandle 3712 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7c450b-c6b9-42c5-a514-a05dcbc72546} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4976 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4968 -prefMapHandle 4964 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c528147-ae71-49e0-b3c7-a504fec397f5} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" utility
    3⤵
    - Checks processor information in registry
    PID:6992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5396 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7406f2ad-0fb5-4a31-ae5d-69bf232bede7} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
    3⤵
    PID:6464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bae1fd3-06ac-44e0-a0d9-51ecaa9c472c} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
    3⤵
    PID:6476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5572 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62b918b8-5c7a-44af-a6df-e8a39005ae8e} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
    3⤵
    PID:6488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5520

C:\Users\Admin\Desktop\Install.exe
"C:\Users\Admin\Desktop\Install.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6768
- C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" /d9032id9023939393/Launcher.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:6756
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Launcher\User Data" --annotation=plat=Win64 --annotation=prod=Launcher --annotation=ver=1.9.0 --initial-client-data=0x278,0x2b4,0x2b8,0x298,0x2bc,0x7ff9670fb960,0x7ff9670fb970,0x7ff9670fb980
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2044 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2064 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --no-appcompat-clear --mojo-platform-channel-handle=2264 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:8
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --nwjs --extension-process --no-appcompat-clear --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --no-appcompat-clear --mojo-platform-channel-handle=4644 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\Launcher\User Data" --nwapp-path="C:\Program Files\nw6756_1494229366" --no-appcompat-clear --mojo-platform-channel-handle=4572 --field-trial-handle=2068,i,17247313111520277462,14185672898956501031,262144 --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\nw4132_1322114139\nw\fav.png

Filesize
248KB

MD5
3faf439a6cd9d9a9fa9f8aeb85cd0f05

SHA1
2af297f14c4a0d9ade6663d6eecb8fa051ea85f8

SHA256
a04a437646dc6d3ca3f6563384c0ed1a14364ce502df8fe75d6200cb53d229e0

SHA512
2b9bacb4039f967871af6fe772245e1f83f584ef17e49345eb4f000d49a4ba8c9ee3d154e61713687861775ab5e5496959b58b606edad4e489d2444c487db971

Download Submit
C:\Program Files\nw4132_1322114139\package.json

Filesize
554B

MD5
fef3c629b4988e5756d334f251e96748

SHA1
02ec04f252e2a00de7f991c212847b533a1c1165

SHA256
b94cbaf6c5e5c6f2222852305bca0013619f49ec1cee54e5cf4f84266d1eb13e

SHA512
8f488a4a40c1ee7103c30ba1c1b17fb43d7fdd01dc98f81008d16cc2ffb8fa419985d212d4a00e50e4d470d27c1438af3861c70b23ac4f191a7ffd2b96d2245a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\73ddd9bd-85f8-4aa9-ab54-7a7b1dcafbb3.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b0005302814b4c6fda09eb7e7dad1295

SHA1
c849718858b01f46363c5849710c2da80de0fc14

SHA256
5c798224b5ff882c9d7e6936f624b6cb38dd328341109e5f022a8987aab0bdc0

SHA512
f8f3869fe2d2b2fcf7e5c103528fe0964fef281a22ff02318fded884fae905f40cb7fb5a7eb3d1d690416128d4c26394b629f904dc3ffc46a6b2998421adc506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4a84390b78c6cfb4ca707c7cc86c7610

SHA1
5df97a3f750897360a2d77eea4c7998546e0895e

SHA256
59dc5a4036c80b0309a69c80dfcb7f591bc022fcf7a93a5bac9b5ae970b0d4b4

SHA512
aeb7a5f5432546ec5dcbec5513f6695826ebd8b22b71c6344d25ee0b2c497806593920916a521a1c876810bd7b4a3c26e3332b0b5964a03ea879c6e90f9c4178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2152f18aa4a4a4b728f35e76f2a70107

SHA1
81ff1db371b7cb9eee2dff208e5eda7f23fb81a2

SHA256
76795dc62ae515194f9b2d054322f89c9624c1734988ec59d44f02aa27861738

SHA512
1d41cd184ca0437780826872d2fe69a6ecf457487f949d01bf191302f51b9b248a99b1bbac0e570160666a521df4e55199f5929570acf46b02fd41fbf9b7350f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65032495e00fc8db7e4eab500487b985

SHA1
8b1722cfad3e78956826ecec6440161e162d70e9

SHA256
a01f92dd4292d97e0de959c31f42f96340e9f89a2d26b60142ac8790da28108f

SHA512
5b20637ee33fbfb9b70c41411e27a95e31a90d30118e2aa19918fa8316eadfb6bd250f83808d72a2481abc8f7c71b308958a83a6a58e1330998e8f01456cedb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c02269abe056419dc1818bb0a6f784ff

SHA1
ad4f6b160d7d5aaadfe2a5a2864c9eddd07d6135

SHA256
9d87e338d79853cc207bc63a911013559901ab0b6f8bea6e362f44786633b808

SHA512
8f19ba9f113bb4944bb9f339422408426e1a3f978d6837b01c4696b68da7ea6d0711b53af98c81859ca7460bc10ab97fa4d7f17333e30d9127f7ac448b008685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d8219c16b4cabd237b5e0001d2dbca4

SHA1
b78b5e2dd657d612df17a9304c82244c413d6b28

SHA256
ae4a3025239d56944be63cd44adaa56f929aedd7910879baf639d536e96db8f4

SHA512
e126538d1da282e6521d63f71aaee3c8bdde7979671cf5df7dfb42d7390512cd0bf1aef035291a41ac4b2d49fa4eb88a46d5018ce13f0b6c71142c03f3d2fb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52ec741902fe25840e2e38ab204a798f

SHA1
f1f7559c3743a62cf3aed161085ff87df4bf45da

SHA256
5e20e9c9c1cbdc30c151e45f318eb66993bd7d856b6d1d83fcdababb3bb61a63

SHA512
19f6592abf0983ed76129aeccd324be0534540b7b962e259fe67299a237a3ffb45e6e33cd7256e5c5d21c03f1419cb06333e1fe250a036ad4ac8d875e2f1599c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c13116aeb5c748399fa0b0e0f0cbbf28

SHA1
f98c91fc505376a03d03aa7ee5b4fd51bbd1a353

SHA256
84d54ebee205bc2214f9aecb33a1341246c5c07535eb18c0a3efbadca87fe3e2

SHA512
8f9ad1376cd17512619910a9420a4942edb7adc636a8e183c55b489d676f9f3506fd52a188766093574f44e78a2965077030109145abbe948a05ae59619902c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08d508273e98ba8ac4379297331bb52c

SHA1
506e258f5134bbf91cff1d44403068bc5b7bb050

SHA256
99a863dd3616f6511cedda0a1cdd0c469f7089aecb34135421de022f560bb392

SHA512
9e0e100331745e1f4935523d67d9a7757f9e075e1b3216468b7282ad1e9f5b330dfaf957756663b7bbdcbeb24b4652a9d20605b341d9635dc8dd7db2315948e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1bcaf402354981430adbd883fdf95020

SHA1
7f134a93ccc58acace34ac90688a7d3c7a9d687b

SHA256
4d9474712e1a0496e9a390e0652e84d7a4211f48f8c0cb1544949f45b8f67d11

SHA512
a06fd028cba47f5f07fa3bfa35bea83bb6254b0c2bc5f0f0a8316cb230c4945336864e3ae015fa1c0cab63b7a5b54fbe0d636ac16655d0bdad0949f97517640b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
82d6da0815c0e77cc6a40bf99feae0ef

SHA1
17bdbecc8dbf0355c78d3901c85b720279b38e5a

SHA256
a40c4379b422fd1f3229f1d7165307edd520fc3e523956fb3b610867753155c1

SHA512
658122f2524a7231ac50223b81d8a4ac66320f700f9d197784bd7b1106a04076ef219ca71ae316671f060a06a462f4a5e9b68b4ec0bc74f908fe570ad0e6badb

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4bc0da0b6a7dc7aa6ac8f58c3df25b3b

SHA1
0b4d33a01d5c69376bbe47f4565a7cd6ec431a9c

SHA256
4db698562b145565d4418616292d66217fa45207e9cc2a1570d0fc455e44e2ee

SHA512
1bd5ad17e72219ecbd19a30e3e658f8e8d730bc8592200073bca5ff1edd0138cd2cdbdb7d01dbb26965f27e6424496a2670622432a98af72a9a6e052d28c9b8b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\17abdab4-11d9-49fa-9fe7-be2d7b1bacfa.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
ff4e0f2d9ae3bff6b45685ce582bd94b

SHA1
45db5174a09553402bb31a032728df590cd89d14

SHA256
1f8a08e282317ac753a1c446758d4624bbd456c0d0aaaaf20d8912761e0776ce

SHA512
d4b574b4dc1c2009fb5d1a22b01256e60e9b86ed3a3f3b8c998e5c7ce3a2dbf459c2ca735f7ab543a5819e10969bb8aa05e003b5b48bfb5fac658fda2df1cf7d

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
f151ac3ba36f3e0cf642ddd60b5ffacd

SHA1
6be073c858fb351ca5d99d44582b3ce5034b0ace

SHA256
0be41f71a43c8e97d5248726a07cb6305e8c256f52217417ebcc0abc5adea582

SHA512
a7654d22f6c07741568e27c822d03407174e975b0bcb0078a7881b981c31736797a6ca0283bbcf9a9df23cb8a72235bf4559ad01c52cce3852e5588d4c225cc6

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\Network Persistent State~RFe5944cf.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
226af1114caea22615e62814c05c1503

SHA1
afb59631c87d9cca399354b7347f95fb3168bdcb

SHA256
e16752d254bd6db1b12638117d80a956a527c4f94a59a7209662e6cb40148d29

SHA512
ca297689fe7b6561f52c41812f7f579bf780e0d9e2cad15d84087f7eb3d05510003e6b3da7ee4529585d390ffb334fba291b9ba7ad8eb32623761bda9e9f9a98

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
50073a35113e916123c0ea4079eaf843

SHA1
d9073a7ae3c67a3f2c5ce17b42431caa5660ed03

SHA256
9631bf99f2f7e6d0f2a8dc89ffc042c4aee6afc0f474d91dc31c8dcfdaa83e9c

SHA512
5521f3521875fce56558debc3d4347b782647bc573098e21cdcbf33b0de021ee395b192f6150327c76da54d31c74072449747a2c76eb2df114d8ce6b4965ac56

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Network\TransportSecurity~RFe595104.TMP

Filesize
355B

MD5
e47a6cca721a113694b4f0e10c36793e

SHA1
1637b1f927c0e5b1816612b95698a4c43de367cf

SHA256
87e0dc49ebdaf1b1c4de179481cabf04e778d085188bcc8f7bde874828397190

SHA512
789f3cc1a06a8f965357be7f238e9d86b0c7319438b2122887dc43f8ec1e95f0cd0e0370b6ed990243e78a07fe691e61879898bf9189feec3e217824b129c908

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
771479c8f6f8aacdac198570024394a5

SHA1
4a356657eb9bd0337923625b1beb0803c5f56569

SHA256
ea33a90469106998b496084174454c4c2c07332e71876b53abd496d2468b5c04

SHA512
6eb66c5100e9f1c9b62100a676054d29b5235a126384f00e6ec569876e960a7dff6dd4c4b6ae28222fed9f9d905c752eb09c451fa65a72e63029418c43d06414

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
7bf5e3932e3419997172f7abc6af09ca

SHA1
12da21295b3e16b1fe36fba159dc802e74e3ff59

SHA256
208b46409db900cc7ab71a4e6c28289665f4ba9a4fbc5bdec4e5d3a9f6ee1cf0

SHA512
32c5a4adcccbd7e4450c8c59e9e78d3493b995bb0312245cdd1eaeca40c330babbc065c3ecb969c7c5862a07b28b6ebdad53cb3f356c376a7c8e4540275c0b01

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
dba42c6b218ce3fee579069c5f375f43

SHA1
010c415002abf0646a43fdcf5a405b37292e7d0f

SHA256
41c296a5aa07fb38364c34b151dc85f54b681c08b00a4524842650a87e539c76

SHA512
3033166b54c13056bec21cf2cb5a6aaaad852f20a20da37141ebe7271c0ccc97ba5093d415c5e58d143611773f4ef6546b88d49658973e1bb49aae7a599100d1

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
fc892213be3a30d5fb4a76fa8c7aae85

SHA1
abe68c83b4c17669ed9babd2dbab08e0fee5e229

SHA256
6c78c44fbf07d180b49d2e19dd2405917e5ea5f7c3fcbd24b24a62cd9c640418

SHA512
39056ce070c565bbab39962b05a9d98891a13e55196e3ee724dc264e28b95a2f3d14b20222c9169773d3c772277e1f89dc75cdaca79933cec3c31940b3d52ce4

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
1f2850cdc3a8148e1204cca77faaf293

SHA1
15462624b105b4a54d14e7b9356a71f92481c4e5

SHA256
b4fdc22fe585e71dd26577d7a386be1edba4f8e2e3b600105bc46803c0f335e3

SHA512
b041dd264f17bf767803dee7d28a6161047686043206742579988da0af26ffab184c9defc9eb2e801791b58f7c4ecb29e4309277ad639248c7e399b9962e10de

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
2ed398a14c6ac0a9cbe698e52ac4a885

SHA1
6d56bd7095fe71bf34432be439e38fd42da5c9c0

SHA256
2d92534e5fcc65bd064cb77369430db53b432548c951f2b52659e33c1f21441b

SHA512
ae636f772f56540b7a7b1144b0d1f308f11e055dcb43ba5363d358efdc5439281b29e924bb1cc2aa240f848ef93e66bab608f0e7edf173cc04ebf8577545eac0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
e6e986c614670b05516f7180100b3488

SHA1
f9f9766c1888a60ce4e0e63c93051762ed3dd392

SHA256
5f2ccadea071a178292b313c56d27b05fdf2e71739025c02e33e57030b9efba9

SHA512
61d825e8e89e7a18a971dada6f63751b5a9fb333557701319dd6006da211a605776203ff9bef6bf010eb455369ce08706aae45f8285ff972014cfe3899293617

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
353cd57c76cf7971b7c959323e22ef33

SHA1
f2c283a655051df8e797048e5110f72120359f9a

SHA256
3383e5d73335df689528fe1ef47030be10ed58d53d3c22241a734aa9abdbd92f

SHA512
be9595a797e083412f290c21d4483165878e9d74b7c294a5ad05c8dcdd0d1bdf7316b6a6c19b82a25d464c9682ba4c3c70555ba28770e086e8fdc526ce23ed74

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
2ca1b0f181e6f3b6cd34627c97b8636e

SHA1
6371de72e403503909604594fa513904a3730185

SHA256
181eab385b6e3402d9e7e9421dc9f973c5a4e6a6c102fc594602d30be0ca8299

SHA512
7cd2e0841ace5be92bbf79e3c683d9bed498b0787c4172f3db4860580134c2ffef161a6b960d3793eab2ec44801249f5501fdd3a0892af25cc4c03b10c17228a

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
c3c51f7a3bb1f3658bc2759ae6a06674

SHA1
f817e4278efc5a213eed59587977af11f3c81aee

SHA256
3802357c8390a4f1f5dde8ffdba760e052c4803fa567879b8aebf3eed8dceedc

SHA512
d5833199f1d1dcbce0ececa956e6ce504f1c7fd5c47a3a6b03e5fc815036fdc03faef87c52cb861a56d88babfedda4b6494b697d366d1574e84b95cd88c6c007

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
dcc0740d826d03196a041b8b107114e2

SHA1
83a17c5438b3ccf68f3d316665e8e3e556c7f3c9

SHA256
5ecfc102a8b5f8271971780cbf167a8be76f9788e7e06b903979bbe6db71221a

SHA512
3464afcb76e9ef0c6d5db4d07d6afff16372c8fa79827ac5fd48f4d2df9c3d4a8d0b062d09e1fe8dd1c550ae57528b8beb4cb71c229c9255b5d178dda358bad5

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
88fad6fde31991c2d89d49ce27743f62

SHA1
b3b5b5a18a084aa093a9118f5132e4ae163de5eb

SHA256
0ef8304f82b0b85b829a9547fcd02d157802dcd6b172b447fc67f7d2bbc746df

SHA512
16cd72b22bd145d89236aa0c76284e3a1190df2376d1062926c5013a0dfed3c9ba67179f4acb8119da6f9715ae73bb27c536c067e67808c8f8b92944f4f2a519

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
5KB

MD5
4c1ff653255b33c58ea39dae6a2c3c19

SHA1
3af7e389e519206e53d754e9276106674a91fa7c

SHA256
31f690d45c5961abcb0ed4b5690dfc07719acec19086f1020a4732a88fea26f4

SHA512
d5311bc2aed931229180e4346de444b3a8e4b73de0f45c1f37d9873535e8ad1c9dbf03597b325b217a4e655e293433dfb6af978f909ed9ac161f78ae235c1f89

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences

Filesize
4KB

MD5
d6b7b38d31872b273eab8fac5159086f

SHA1
f187c12751291543b0a1dc51baae90095bb89b08

SHA256
086436ee2ebd6b407f70caaf1e9622c57b6da681be8cbac6747a4fcabd6efa0a

SHA512
adace344af34c33cdd07026674781523be6ac02f99e3758b5a27877295a0674adb14b6d9f62e78a7180796829d50941c81a7ee00e82f730628ba36d4341e8470

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Preferences~RFe587d49.TMP

Filesize
4KB

MD5
fe5aad86ff2bf4332a51894ec2ee274f

SHA1
7195574964515784c298a44a6a7c647821e85933

SHA256
d865c374bfffcfea4819eb141196e94b5593a93fbc25b703b3947778ea56bb51

SHA512
9cb0830aebc754b356122ab7b7db204d3a6e58d79d03cc0c7a9a932dbc9f87a1db15b722b06fb0f47b39efd95c7a0caf0e464ec79c3ea8ab7f0cc27703518f6c

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Secure Preferences

Filesize
4KB

MD5
2846f25d233ff54cb8c2ea9fdccc5bc9

SHA1
8212409fc22072ed706ff87a3c3735dc1ccde701

SHA256
bb74cf337c3aead038c1b24ef8a71250131de2133bf1848d3ec86a061767ea9c

SHA512
3a26449de19c341b946757ce16f9a157c48e03ef27eadc1bda0d09adef06622a66ce82fa8aef1d305f59ee2164615f748168deab317eb762b97d632d7c619c95

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
7b6bd52910f789af56d3cd5c64c94b96

SHA1
888eb2512a3b652844c948257972f1e0a5a9961d

SHA256
4646edf4a6dc0b895340c90cdaa6e25443b73b6c31499bcb1b6ab4561cbcd12b

SHA512
d7c72073507e96f77d2ea70fb26302b7e924e2957481e3be2a61afb958afb4d0768fae999b67e74154ade99c0d71d61beed34e9de43dac2d624374c5b00d552c

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
ca04da37f7150b1151e078ca0d0d4123

SHA1
76b2dce5252dc6277016571ed67304f5ea1562ee

SHA256
5708006f255f97a42dc4601b7986c06cdd2ac721567231ded5e3b09c26501037

SHA512
50d3d9d60cb10893060fe7a33873d2e7992795846852070ef9c45c2327cf1e3882341717b2b1769be49bab608d018374856a9eec4a4dfefafffb48ff1341aef0

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
52053bc9c18f71e2c34a1fe5e1c9701e

SHA1
274628b9746aec2b5e73132925d91d07c298ba8d

SHA256
d92e05dcb800c39f48514b101cfaaeea4caac518d6c2a6dd1dd89270da9513cf

SHA512
f56f30ae73c5a6b0e76a5960b41eafca4d55cc6add774315a7657cbcbc3c323d93e3936a8db85d93dd88c5ec7eea573e99bdb1969cf4beba21fc36d1943ca141

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State

Filesize
2KB

MD5
b0b26c49be3cdbe510df8c7e9cecb06f

SHA1
ceb66c35fc434efd586df3673cff99e4d5820623

SHA256
70fb4a7c73e23887ffe291e51ac975fe0d04d1ebe6c49afbadd66622881915d9

SHA512
94b8261a8addfb53596c610654e1d91a364bd22838114599af09ef7332e7eae21f0da5b98fbbdcee8880363d4e6c5edc662b1b640dcc6077bdacb5206c2c8297

Download Submit
C:\Users\Admin\AppData\Local\Launcher\User Data\Local State~RFe5850cb.TMP

Filesize
868B

MD5
c6088f30023c4f69685b96de4da1a1c0

SHA1
30800b3c2e5aa4a49cfae106d5a14a2ac3f8b024

SHA256
609f926badcd40cfef51c7f202945721db0e422c9b966825fe814f033d8b425d

SHA512
0415913c11a54c6b89e2ebba0c9c04a18b7c49b7963a45518259e052836a85675c3a7fcec801da52b87629394018f2e15cf1113aacc1fb3dd448e2771aa0f921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\530a2282-072c-486c-9e07-2f153f158ed0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6e2ab369e8a48b83cdd8931c9c505e4

SHA1
6aed8abad77d8b352d32812df03ba8b245f0f951

SHA256
e929d61afe4478a2dd0593dc5204170333dbe8cadc667b66fd20efbd6c523b76

SHA512
2823a0febd63f567384e08612466ffb0d115019f419fcca40846429308dce26374abe54c8cc0cae5e7dc11561da80234b3856f26009cd540f52f3a0219487b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89e36a05803edaa49db614729d022639

SHA1
3bac0ee04234f4e35da7ee5ff791cf6470d22ce6

SHA256
3cdda18202cee2db3def3d597c2c5e320a9eb6690da747dd7809d2ab5b234908

SHA512
1861e400ec73ce684c3902bf400eefcc92d18891f25f033a85e9f1cae903f87f8a300c91d86b4186687aaf1801051df0113844ae81f4e0efd43e8d66ac366d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bfc586198b5ea09794fc77f67c79e2e

SHA1
ee4f74085e94f359975b13559ec1dcd0fcee58ff

SHA256
d3ccd5126a3ce1fc12f20409d1014315d40cc70a4af4c796c4a7598d804fc3e9

SHA512
6e9c10b4b054064526f3861d4ef30b4316b18d6032f8f7ce6f8a923b926bbe1078887f02bd9e45a55aac3acfac116a1cc54dc33e90693b6a4bd00598ae93dfa3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
849e600186c17fb07f90f698cabb06e6

SHA1
b60c1fa2098bb2ce8b4667918d6c5018d7f6550b

SHA256
325e1c95fa89bb5e74df94d32afcf90fb5b184f444c72af4a767102bc813b682

SHA512
bde0fbdb627fd28244de6536ec42790b4d9f3e0a616306dbac26f39eb1070a314e5cddb17ea2452645d8e6b3e7915d9d93bae0efd3d71100cedd0a3e19c42595

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\Launcher.exe

Filesize
4.6MB

MD5
6f09da277d56c0cc7ed7fee75bcdda2f

SHA1
01ba82ff99150ee54c1f1f0e5de0a9edd97cb544

SHA256
bb339c0db762a3f92877f80f4a23545d5dc483b085b88d8aaad28a6650d63688

SHA512
c37ae7fd702ff00132496c8705c3000d2c83034163c13fc633a374701ac09fa8ec76c267ee0f7ba86ec32915522983326a7e3fed8a31a246153bc312ce11f8cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\ffmpeg.dll

Filesize
1.9MB

MD5
8fb19b8e58a567a27619a91b99ad8bca

SHA1
9f24a832705ea853b4c0cfe9f2100f42aacbd0bd

SHA256
424a34741ce0e5104df6d33ea16633c018af5f3a7396734218d1a6eb4f70b1c4

SHA512
b0415aa5728d39efb01d3e0cb082bbd4f42ff1284447ad89f85604e7ebc6da2bf479af7d326282920c543f351e856c5e3b1a97e2fe6c3bcf198e619165f3be5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\libEGL.dll

Filesize
444KB

MD5
8aa1a64d7094509196fcb4a72d608213

SHA1
e7ab1c7ca53581578ae56dc0211773ac780a4f91

SHA256
15e7eafcfe14bd255c21360de3d019cfa5852bd059c36779c351c0592dc841f6

SHA512
a915759817f6a84dd061f45415e6fa9b00d7060095360257763342d59252525de4c04956e2e15e23fc3465074d1e719a0d988f6798aa38ba3471b8e38aa70200

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\libGLESv2.dll

Filesize
7.7MB

MD5
77d1e0959e09d82055eaf8a96f9aac5a

SHA1
e8156a4fc1f5b7de12d2d072579ab156c1bf4139

SHA256
f31637764d037b603f93279fda6dcfd0ba9f9f42e1eac77da4dc781757820593

SHA512
cc0a5b0f09783f171067ae4a643d42ad373858cf7d9b894710fc2ae61cda05055aa5214012b1d8f244d5960099ab19c59b51ce3eeb4422666ad94647f18fc931

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\locales\ar-XB.pak.info

Filesize
1015KB

MD5
edaef65b3082ac1502e46a7efe9a7260

SHA1
80fd9d68b4a0af62ef7f53d58ee9fb3ef1ef32c4

SHA256
7f8d7ac684642fb44625b0e32c0d8d20df0f661db616b157be04dfec918416eb

SHA512
3564bd96293d4a07c15d2ddd50abb531aea0a62cd4e0a8e70b60c7ef015b6e11f8221f353b668b0670938299770cf3607303075fc5f34bb73f9abbd48f666726

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\locales\en-US.pak

Filesize
448KB

MD5
09a27daab8ed231994af216a98a73b85

SHA1
c2211a4cdc878c7685f30454bf9742b68025d22a

SHA256
b8a8ee9f3dd6946649beb4f3ff96889bc010aec561678903316cfb26d7819479

SHA512
40016c3fe93989936cd63ed1e20da403f9b19f712efc31b65d485f06daa7df41ba86da76ca0ea04db2932cb4ef928ff2ab70aedc839a8ce472b83a92ac298e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\node.dll

Filesize
17.6MB

MD5
894ef067cadd618523e1e79542733078

SHA1
803322cecd2451f4c5d5869ad854404797a82d22

SHA256
12d5ffc46c0e079adc5df938f82058c0ec66fbaa989ce339bbdd81e5f3cd5f6a

SHA512
c6f65b9291631c52ff6d2549616a7c371118b8e896eeb0ff46d3042d92378002277814b180dd42789b3e3e5466e8838d43e3f3e239484e2bdf477e729ad71d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\nw_100_percent.pak

Filesize
718KB

MD5
2f1c41cd4f8d630e965c83608aeb8dd1

SHA1
877ee7e4190967d69c6ebf9c6a52327ec10dffae

SHA256
a476dbd7731b7db5a771445cb9cd8a838dc706d8986f9e1da3d81fac59cbeb1d

SHA512
1780bbeece915ff4d959b13dce849ad608301eab7b299bc8fad9251c2ca392b6833ceece30256ed607b4b5e12dbb7b5e0d247b711901c628b180497eed872239

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\nw_200_percent.pak

Filesize
1.0MB

MD5
700774b8661621c44437ddbc8cb2ec04

SHA1
47bf0f010008b30c19039fe6e360c6866dae7c4d

SHA256
b5e62133ffb3827d75d74d5e23326c9827ea931b693a5e09554809eb4240d63a

SHA512
a7c80a80931bf4cf1ff02ad1a6b6e662171fe3add5d6a120e66d92e242757ef18aa30238d0e821ef9dd89f3aac8024eaeac8a79731a33d214dfade0a79740ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\nw_elf.dll

Filesize
1.1MB

MD5
98acbb1ba1112cfa4da907558ea7cc0e

SHA1
9e041b920a7a9e9bc0aea6fc7709deb67eecf7ef

SHA256
0c57bc73ca823aef5dbb3785cdb343dec62854f80e811df16ac71ba88a039a5f

SHA512
a4845ccf34b534d5ff336a909b66f8cd4f48c151540197ebf63242a83c02a4f5a9f992a7975de44ca0f66e810e302a37f331d4bd26afff5088f2c44df517ac86

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\resources.pak

Filesize
4.5MB

MD5
4d9219f1af3200e8c693c5886f8a26c4

SHA1
0eb520d9ffa0526c71c0640bb3a345b510cfe434

SHA256
1a1d26a3439a3fcd107f1c1b845f5c3dc00121f87ccf6481b3101aebfd09b58a

SHA512
8edd540d1b920c7f76f48268e3c207b55afcdb03bf12eb5f32d864067d02a1334963db02c8d4fba8ba76efddf26369ec3660894549d1fe1d205d736d51721dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\v8_context_snapshot.bin

Filesize
669KB

MD5
c0e7602b0c7d5de0be5e83c20591f941

SHA1
838d2038682db7008f6a2776026cd6085db9ff3d

SHA256
345726227a3d92f5e2f87fbdea70385690b38f8d181c902254845021093c5697

SHA512
7d2ff90ebb6b051fdb050495cf5f3d353f4f14e1d5777d7d181ddb70cdd3ea4f633364fa5a0e2e2ff8c9a5a2de636160e0612a7f45fc65882114caab53ea0cbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9032id9023939393\vk_swiftshader.dll

Filesize
4.3MB

MD5
30110969780c95187283ff5f621af377

SHA1
f0aefeaf8fe145c54b2d3c492e08ce063d3b0af7

SHA256
8445b5f07ac802b1f6966295d08f2f561af77f8a915348e795a4a4480bcfc248

SHA512
041ae7ff07302bff55233f0ffe52b67f540f452670d6ff962fb7a2452b0ca0fa261d18ad2b01a15bb82bcf59897e2f533630eb776748c1142d4aa0effeb421e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
8KB

MD5
219913573219a9371f12cbccadd14928

SHA1
1470a88bb439f6103ea066cdbdeaa6bf25129522

SHA256
def0905b3782770f040fd3c13a86178e9fdcd72c2eb684734ec04dd5c1a7bbed

SHA512
2d85dcf55903335e3c821945fd13dddd52c603ec37f94e73770a86ea47081ee206f72b8f52828f1909e14f829aa76afc0724287cd718a51b15ba25b5ef516119

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
cb82502606a415ec6a33d45fd2e87efa

SHA1
8084411ac07a38d6a5430d27218081595dc21910

SHA256
fd87717464634c8c3bb43403c0801d85ba36aeec8b864b02173ab32a5f0eadad

SHA512
fc1f90245e71738b9fa8998e1a2e6ad19562c0ae585d41619fe91590f24fe0ebcb31131031972ffb43c4fb4df6e745b1c6085199800aab733edf36af691a0d34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
c725fb356b92954d88516abfe648922b

SHA1
247d57df3bf84046c67e2716cb124c85370fb1dc

SHA256
8b3b465300d6c0d0506f9a08f87285f48d092b292ae663ae9f7cab0e4bfd9af6

SHA512
828ac7032da1df59d0c850274e06159c6f2dda9a4ab976a4f14581fb00181dbbf8f462e581da0e34a09bbf33f3dad1ff52ed2a1a7f41afbefe1e9fab3b79a8fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
45fb941392d144c10de0b008e2b04a91

SHA1
aede416fdf458116fce0faf4be7008ea5b398c54

SHA256
e8d28fb43eebb11572510820434b1ad730ab2dc5c966020b4ee9752251632620

SHA512
0d30624b89e14efa7c80cfc344798123a0c9bc5e9ee2c4a66cd4b79eba91f6de30d0e97e3cd21a52ba9e50d43fc42e6c8ee2196013ce36ce50603a3c3f411a31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\3b0e37be-e923-40bc-87e6-ae72f8bb3ab9

Filesize
982B

MD5
35ec9c508c9919a9a032464f522d6139

SHA1
3128252ab9030431c43a863ded63f6e8a465332e

SHA256
7e31f72322d72f17d14e5a629e83da119bdde84ebb9cf53accf9484710b58faa

SHA512
e98cc96c8ddc44b636dce163c04c4b4b4d27348760b01f59f7d541e9f85e2e5106b1b226956c349c6f9583fb49a99029f1d77eecf22bf42430dfb5bc226e08e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\90429791-c431-4162-9768-0d33e3c36b52

Filesize
671B

MD5
470a48cd2a955c02fa0d7c4fd15bc2bf

SHA1
641e7055969ced5830cc07ba64823f502845d2c6

SHA256
7c96dba45ca8299e7ad73c8cbd6f85d9a736f1ffd4b06aa2d00706a6a319079c

SHA512
f03f9497b1ef8f1064db575f1dbb624682de17c85d5e685a2815e7e289c29012b6064c4b6b31d1273ec090c549f27036e3732b92d22648297b90f6baf9c0a4b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\c2b2b408-a06e-47f5-88ae-406f332e32d8

Filesize
26KB

MD5
b3a24612869a570118b6bd31b841359a

SHA1
4a0ce33a0545fb0632c329c66a3bf3907a78b3e9

SHA256
ce5f06dae40d0bce78e191ebffe055f05e61febb4c19a4d2676060319be890e1

SHA512
5c7453d920daf17abb591b5ed8cd353a7c517fbb879c97e6e59af6bd25319dd445c5114a678d844a32a27124f4d5e79811199b37371cae534d4a1bf40f278058

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
1271de10fdae1f67c5549517c829c161

SHA1
af6696cbdfa250a978573e827e668a6951ae6927

SHA256
f7dd667a2c1faf214211b0f9671502918ce8a9241d797f7658e61c72995fa869

SHA512
6b6e182af55095da7b7f91f98cf0650bfd2ed42de3195d472cb9a41d0fad75fcb86c53aff6ffc267726159db0dca58ecc3833b34f013c988a6593ff45fdf0d5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
2a57e8964ccdbe851b1981101bd089aa

SHA1
2051823d6963a89ca3ef286c640968e1748eacae

SHA256
a5fe2cadcd74ad99afd1624ebe01e4c2224d53dea2092ac5398ca8fdbe2bad0c

SHA512
cb680599b012da8e3beea39abc94653cbbc8b70a37332227e678781f8b1f51eee9bf938f0cf09d3dedb168052db9a75e5d26db9fc8435dc1f91008f8c6a6aef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
9248469f46dfaca3358353a2a3027d66

SHA1
2886cf0e455cfb451f142f7d82a0598c6fd96313

SHA256
1cc7345ed4387519e7a7a667eec8f5aa65e615bed20f833ff7df871028529341

SHA512
c342de29c28c08f38226fdf82f65029d05a72b24234be801d086a770af084b210c443cd1b05b015f4ef0800847c30e84e65317d038d440d3e9ca366e03bb9f33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
a09e422ff2499f17dbf74b43058c5f94

SHA1
57cc3453c723158755715b0f8035e46b530170da

SHA256
4a91c06a9ec4f639922f014724fd3d029e881fe047e847747f00bd4e2504458f

SHA512
1f1dd45fc7a936d0e2c97d63805b8bc987c7fe6c8b6ba2826cd4c187e35628b41d3d4e71e37cea83977d559fc7f8ae2c2b5cf8dea67d00975b3c8938dcdf4f87

Download Submit