hxxps://drive[.]google[.]com/file/d/148lJyKz1EcShROH8v75yMt_S8tNUqMVC/view?usp=sharing

Analysis

max time kernel
221s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/148lJyKz1EcShROH8v75yMt_S8tNUqMVC/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3864	REVisionFX Effections OFX v24.10 CE.exe
3588	REVisionFX Effections OFX v24.10 CE.tmp

Loads dropped DLL 1 IoCs

pid	Process
3588	REVisionFX Effections OFX v24.10 CE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
16	drive.google.com
17	drive.google.com
6	drive.google.com
15	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_stereo.ofx.bundle\Contents\Resources\is-I75GP.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\clamp_time.ofx.bundle\Contents\Resources\is-8PFDD.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_vectors_in.ofx.bundle\Contents\Resources\is-Q73ER.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\Twixtor7OFX\Twixtor7OFXManual\Scratch\is-252NK.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DENoise3OFX\DENoiseFrameAvg.ofx.bundle\Contents\Resources\is-M8VN8.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensChroma.ofx.bundle\Contents\is-4RBIT.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensFromLatLong.ofx.bundle\Contents\Win64\is-7LI9M.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RSMB6OFX\rsmbvectors.ofx.bundle\Contents\Resources\is-RSREH.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerRollingBands.ofx.bundle\Contents\Win64\is-2RJHI.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensDefish.ofx.bundle\Contents\Win64\is-GLFE6.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RSMB6OFX\rsmbregular.ofx.bundle\Contents\is-DE8KR.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensToLatLong.ofx.bundle\Contents\Resources\is-G5BSE.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_pro.ofx.bundle\Contents\Resources\is-191EU.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\motion_vectors_create.ofx.bundle\Contents\Resources\is-MM6R1.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensDefish.ofx.bundle\Contents\is-FVQNV.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensReframe.ofx.bundle\Contents\is-Q2K7K.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_colorbasic.ofx.bundle\Contents\Resources\is-7PDPM.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_transform.ofx.bundle\Contents\Resources\is-TQ6JT.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REZup1OFX\REZUPResize.ofx.bundle\Contents\Resources\is-103MP.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\RELens2OFX\RELens2OFXManual\is-V6VLD.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\Twixtor7OFX\Twixtor7OFXManual\Nuke\is-GLVON.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File opened for modification	C:\Program Files\Common Files\OFX\Plugins\ColorGenius1OFX\ColorGenius.ofx.bundle\Contents\Win64\pfcdynamicprocessor.dll	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_displace.ofx.bundle\Contents\Resources\is-UV4HC.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_inverseuv.ofx.bundle\Contents\is-CVD1T.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_colorplus.ofx.bundle\Contents\is-0IMPI.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REZup1OFX\REZUPEnhance.ofx.bundle\Contents\is-OMK1H.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerAutoLevels.ofx.bundle\Contents\is-E8LN2.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerTimelapse.ofx.bundle\Contents\Resources\is-ATQ46.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensSuperfish.ofx.bundle\Contents\Resources\is-ICBQQ.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\clamp_time.ofx.bundle\Contents\Resources\is-NE21B.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor8OFX\twixtor.ofx.bundle\Contents\Resources\is-2MD35.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensSuperfish.ofx.bundle\Contents\Win64\is-J256U.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_displace.ofx.bundle\Contents\is-5EPUJ.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_stereo.ofx.bundle\Contents\Resources\is-8E2EH.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\motion_vectors_create.ofx.bundle\Contents\Win64\is-7J3O3.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerTimelapse.ofx.bundle\Contents\is-L219V.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DENoise3OFX\DENoiseFrameAvg.ofx.bundle\Contents\Resources\is-E214N.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_colorbasic.ofx.bundle\Contents\is-VURU8.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_uv.ofx.bundle\Contents\Resources\is-OEURE.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_color.ofx.bundle\Contents\Win64\is-3V250.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerHighSpeed.ofx.bundle\Contents\Resources\is-TA23M.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\DENoise3OFX\DENoise.ofx.bundle\Contents\Resources\is-UTU4N.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensReframe.ofx.bundle\Contents\Win64\is-N3OB1.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RSMB6OFX\rsmb.ofx.bundle\Contents\Resources\is-S0UCJ.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_pro.ofx.bundle\Contents\is-O4ULM.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\ColorGenius1OFX\ColorGenius.ofx.bundle\Contents\Resources\is-8MTT5.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\ColorGenius1OFX\ColorGenius.ofx.bundle\Contents\Resources\is-4214H.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\ColorGenius1OFX\ColorGenius1OFXManual\is-7227G.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensFromLatLong.ofx.bundle\Contents\Resources\is-9CFKI.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_distort.ofx.bundle\Contents\Resources\is-N18CF.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_uv.ofx.bundle\Contents\Win64\is-9A49F.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_vectors_in.ofx.bundle\Contents\Win64\is-UKAP5.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\Twixtor7OFX\Twixtor7OFXManual\Vegas\is-8HGRG.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensFromLatLong.ofx.bundle\Contents\Resources\is-SM6KV.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RSMB6OFX\rsmbregular.ofx.bundle\Contents\Win64\is-SSNLJ.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_vectors_in.ofx.bundle\Contents\is-4BTD4.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\ColorGenius1OFX\ColorGenius.ofx.bundle\Contents\is-S8PGU.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\ColorGenius1OFX\ColorGenius.ofx.bundle\Contents\Win64\is-S5UKT.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\REMatch2OFX\REMatch2OFXManual\is-1NM06.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\RSMB6OFX\RSMB6OFXManual\is-ST19M.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\Twixtor7OFX\Twixtor7OFXManual\All_Other_Hosts\is-V8MPM.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensToLatLong.ofx.bundle\Contents\is-F1GFQ.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\Common Files\OFX\Plugins\Twixtor8OFX\twixtor.ofx.bundle\Contents\Win64\is-VP73T.tmp	REVisionFX Effections OFX v24.10 CE.tmp
File created	C:\Program Files\REVisionEffects\DEFlicker2OFX\DEFlicker2OFXManual\is-FV1LD.tmp	REVisionFX Effections OFX v24.10 CE.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REVisionFX Effections OFX v24.10 CE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REVisionFX Effections OFX v24.10 CE.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3404	msedge.exe
3404	msedge.exe
964	identity_helper.exe
964	identity_helper.exe
1784	msedge.exe
1784	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
3588	REVisionFX Effections OFX v24.10 CE.tmp
3588	REVisionFX Effections OFX v24.10 CE.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1376	7zG.exe
Token: 35	1376	7zG.exe
Token: SeSecurityPrivilege	1376	7zG.exe
Token: SeSecurityPrivilege	1376	7zG.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
1376	7zG.exe
3588	REVisionFX Effections OFX v24.10 CE.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 1520	3404	msedge.exe	84
PID 3404 wrote to memory of 1520	3404	msedge.exe	84
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 60	3404	msedge.exe	85
PID 3404 wrote to memory of 3036	3404	msedge.exe	86
PID 3404 wrote to memory of 3036	3404	msedge.exe	86
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87
PID 3404 wrote to memory of 1608	3404	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/148lJyKz1EcShROH8v75yMt_S8tNUqMVC/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff911c046f8,0x7ff911c04708,0x7ff911c04718
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,455111711126278002,3267143872907984047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2636

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap2693:140:7zEvent9759
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1376

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RevisionFX Effections Plus 24.10 (x64) for OFX\Readme.txt
1⤵
PID:2616

C:\Users\Admin\Downloads\RevisionFX Effections Plus 24.10 (x64) for OFX\REVisionFX Effections OFX v24.10 CE.exe
"C:\Users\Admin\Downloads\RevisionFX Effections Plus 24.10 (x64) for OFX\REVisionFX Effections OFX v24.10 CE.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3864
- C:\Users\Admin\AppData\Local\Temp\is-VEUB9.tmp\REVisionFX Effections OFX v24.10 CE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-VEUB9.tmp\REVisionFX Effections OFX v24.10 CE.tmp" /SL5="$600F6,65939081,867328,C:\Users\Admin\Downloads\RevisionFX Effections Plus 24.10 (x64) for OFX\REVisionFX Effections OFX v24.10 CE.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerRollingBands.ofx.bundle\Contents\Resources\is-0CAFU.tmp

Filesize
3KB

MD5
06dcc7da83283025c5ed1ccb462a3e4e

SHA1
ae34bd962d357133e72a097c15a7a0607e324fdd

SHA256
8acaa4825752d535bfcdbad228de9dc4bdea04313e2c7cdd2fdaaf440e83fe6f

SHA512
c59309853796868fd05f61848267e5dec8411b52e98a1968eaded1a373971197348dd17b982d77e671b874a856e599823d056a95560bd48a42204153edcaed80

Download Submit
C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerRollingBands.ofx.bundle\Contents\Resources\is-760ML.tmp

Filesize
8KB

MD5
096d04234c6e9b3f5bb4853a0c468b3d

SHA1
32794b2f0cfdab1a8232c9ee7ef323f5cc4ad2aa

SHA256
992f524ff7c23f0cd5a9bf61ec7978d768178b64f54df7aab96187f861826d4a

SHA512
f69043ebdbaea34013777522082717d822615307174c787ae582e69da6e71ef14a492311d30b0f8b2de5b67577d58277d6b5858e1bc6fb7a2159abbd283982ba

Download Submit
C:\Program Files\Common Files\OFX\Plugins\DEFlicker2OFX\DEFlickerTimelapse.ofx.bundle\Contents\is-L219V.tmp

Filesize
1KB

MD5
b22a29d22e010c44845585adb84007bb

SHA1
87b417956a15206370e9b8efadb57cbc6c02f679

SHA256
0bfd7cb7a355439c9e76be5162061ae3644f0aad320cef48961273fcda509106

SHA512
5b75df22c88299194701f907e4a5dace124b926ca7febc5a00ee405e3f610e7e5f2161c1a64e5ee806554124a26333d907303ea26e13e6c40765f0c37609146c

Download Submit
C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensDefish.ofx.bundle\Contents\Resources\is-S5B6B.tmp

Filesize
40KB

MD5
81a1202a5377fba03e6a3ea50f370f86

SHA1
0f5232864a43e2964eee98ad1b48b8bd360ba147

SHA256
14836a3ec45adefd8e79ec148ebaa3c14c8f407cc67b3d9d5839911b1ec82539

SHA512
f77232816597f5bc5a0e3beb28222812215abf178be7398c847498e1a3d05a92dcb13fa225e640200c5b1198e5880ea1b6c8b7de44b597e91b16f0e7a00e1c46

Download Submit
C:\Program Files\Common Files\OFX\Plugins\RELens2OFX\RELensDefish.ofx.bundle\Contents\is-FVQNV.tmp

Filesize
1KB

MD5
25527e8f68d9c3022b7e454052d35e93

SHA1
2f136a2682037766793fdd8970be91e5cd25d82a

SHA256
5f39d285e0286ca0f88d8bd595406393b0da0ef7629bd456297a6200ce97c852

SHA512
5e990c27e5df34a190be671ef9e9c858adb95f05a5e547ba16cec47da2e07d8c430c8bf76422403dd50c774922c4461c162159e15136ebb06ba0e163bc040259

Download Submit
C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_distort.ofx.bundle\Contents\Resources\is-KC82V.tmp

Filesize
15KB

MD5
d6aa22d10b2e3565afb76f99c99c6f3a

SHA1
57158ffc237bef707fda86c858f20434cbe15b2c

SHA256
e8eeab32e525a13c518928e33edbc70ef92e97eb66e3ae17aa7e02495d3d1571

SHA512
b8a75d2ddc35cf440781be32ae9a5507b318befef190a2e3904b7b54ef86a6333cccdd580b03958a9a1424cb273a58d3e317813674e5b081178bb887af7a00b1

Download Submit
C:\Program Files\Common Files\OFX\Plugins\REMap4OFX\remap_distort.ofx.bundle\Contents\is-C2J2A.tmp

Filesize
1KB

MD5
7242b703b411bb74dbc70fb4a79fe8ac

SHA1
2dce375ee7a57f782f68009e87b9db8dc0867075

SHA256
d989fa3dcc1fe9bbd20cb8c5b8e46f3b0d41e6f1154ee9bdffcff30bda750cf4

SHA512
12f613e84c00983e8ee9fd26d1e1a9958e6233affa0770e1950978da2b5458ea085ea1adbb2f70de812dbd9c4ede19cc9ea691d8a80b1bf97ed44c90a391fa62

Download Submit
C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_colorplus.ofx.bundle\Contents\Resources\is-I1D18.tmp

Filesize
9KB

MD5
efe2e7c7635a61dd68ec67a70d30c9a7

SHA1
d667d8170037cfaae92a978fd9e5e49cd6afb63b

SHA256
89c581aa7b6adce42ac99a2dbae84f0a06edc884a05ddaadc064df82f3515d36

SHA512
3bd644662a69b3198b45fd0e854627bac13db6236492d0647c78739613d7e77a8459956faffba2b187888b3ba91d81edd916b05be92e275a3322f78f88b5df38

Download Submit
C:\Program Files\Common Files\OFX\Plugins\REMatch2OFX\rematch_colorplus.ofx.bundle\Contents\is-0IMPI.tmp

Filesize
1KB

MD5
079a68e506591fd3810f77e33d8fdc58

SHA1
dfb44a6077bcb66ad87f071198b2ef850b0aad1d

SHA256
f2c1668a486596acc1758f014f59380e6c93b3f6e073aaca3d1b3fa0507100ba

SHA512
123996d9d13d6c4aebdfd7e8624bd35d0f1768064ba9f686dded7a4e1aeaa88cb71f3f08cca056851ae83b7b54ac579f03400210c5e16142563c8ca19dc845cc

Download Submit
C:\Program Files\Common Files\OFX\Plugins\RSMB6OFX\rsmbvectors.ofx.bundle\Contents\Resources\is-RSREH.tmp

Filesize
9KB

MD5
a14cb684ae1906177cf7eba3d640bcd3

SHA1
77ae957fcdb0c3361ad90393f36fd6b891e930c6

SHA256
f9242582d369544092c336a6140b3799f31eca67527b19619d56c078369526a1

SHA512
b5ac7c4bc46cc49f698dd090dc77c0ec8f2da3e1370af44c2af169476f16161c8f873948e64cc29ae08980461d4b6bfff9df2ab161467dae7128f3145434d581

Download Submit
C:\Program Files\Common Files\OFX\Plugins\RSMB6OFX\rsmbvectors.ofx.bundle\Contents\is-869G7.tmp

Filesize
1KB

MD5
cfba8a9c43fb14d9fc2bfd91294e7850

SHA1
fce10e3cd3ff074dd63d842c138b1eea30ca2a99

SHA256
e872c357b85af6398565b59c92a31b52c883179412f8bfb70dcf7c5ebc306460

SHA512
ae7b040ba5f27747d30684b88f9464d7598c1ec1a88dcf169263c11bac136c51e3ab96b7bb4c26702c7f11543e193bf85c9cd1bc8bda9351f945cff3ac617c52

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_pro.ofx.bundle\Contents\Resources\is-HP16R.tmp

Filesize
10KB

MD5
b3c789384d4e957523450f57e1af743e

SHA1
f2e993c6a14ff4b829b34af0a4a91fa3b1476b4b

SHA256
55d1bc602993215b997a36cc5b6122965c0c5fc56fe5203a1755e32283aa95fc

SHA512
9b86e244cac6584d9f55ce15a3f9246b7d12691eb6dc928b273fcb1a424a41a35fa6ea2da5e5fe089f3991a60bcd97028f26df6c88e397f0eb1d5da722117414

Download Submit
C:\Program Files\Common Files\OFX\Plugins\Twixtor7OFX\twixtor_vectors_in.ofx.bundle\Contents\is-4BTD4.tmp

Filesize
1KB

MD5
9d7a354ab9e6c14633a98c73e5ef2201

SHA1
766fe1c77e9e7215efd50e7bdae000c660f8682c

SHA256
82061e9d1f518375c5766d7efd62c24ba513bb3e00d95b0e656bc643de5322b7

SHA512
1a9f1694b7cdc85a94a9db43c0aba7405dd31383379040ae347cdca3470813f234a9e531cd3c3e06bcbe6f1072c30791091638b1fa4fe178bf6113750e0f89a6

Download Submit
C:\Program Files\REVisionEffects\Twixtor7OFX\Twixtor7OFXManual\Scratch\is-0SPMI.tmp

Filesize
389KB

MD5
0f9b8075af3212d04f9599b1d6daa9b2

SHA1
a813619c07bd4ca28a23238f38b8ca6884a19d15

SHA256
bf3a89ff4ff9c982df03d40290ef4b3e027bcdb8a70672ce628bb33d3f1dccae

SHA512
ae147b55a400aa0c95f2d6ac4dfb8064592ca86678a0cc3dca99349c570baee9d6509907f43c5f4d8434eb3cf0463c51776a3d0198c7a553385adb8ee72239dd

Download Submit
C:\Program Files\REVisionEffects\Twixtor7OFX\Twixtor7OFXManual\Scratch\is-252NK.tmp

Filesize
2.1MB

MD5
30bc46377b633b363bd6687ad7fd398c

SHA1
bbee652b3374750163cbd6efde81583f8432651e

SHA256
5ab1dedd531bd502bfdb35d3491bfc4f130bc81884631b4c3985dc33a3e941cf

SHA512
97ebf95a3aaca31e552e2df582867630656cf9ada1d6aca44eee8431c43853661e15669d80efa7e57cb6f8f08d8c34934c670dbc4d54c2c630dfd7508a8012fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
0fdf2a0f43c1103a1dffdd3bc8007573

SHA1
e207837cfcd1ab7778791bb97f53642cf2a5c938

SHA256
c60a0184350e0622cf9f09affcad88a6f303694c78133daf9655a8f168c7dcf7

SHA512
fd58651d5fe341c9e97d85c558b649dd5916fbb608947c41983dce182cf38a01aef9a9b40bced1a0e0d510e71dd1dd8c47e5aa341addcadce1ed09760b6c17ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
998a133fbe77db02df43ef562ae18ec1

SHA1
5df02e1bc9434ddb9c3cdb55a5055038af340a34

SHA256
64b68cc85f0577ee0f26512db624ad75b5f183acc25671278e63f9842e5b473b

SHA512
aafd961bc5e4ef780a77b3db1a24900cf2db5f409eb16ecca37f18a00d59fbc8f218acbedb6ab9f0f9ba9258e75314ca93ebf2edd1f6a41f760e5097b757443b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
79c6b5f0bbc28f82bece052fbaedd370

SHA1
4ca753abca7322d11cdf8e3357cf2b55377f5468

SHA256
5b654bbc97bcc8337bd10f29d5ea6c3f8f2135ef444863fcaf2abdcb9b2f03c5

SHA512
9d79ac4b61ebc91a6a86b4ffbcbe6a7b0a404eea5aeaf7534baac20e2480eb856c60cf4e01f02c565f3c2cac69fe469a0e9226b97ba6927f109aa95e5e5f8d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
47d5615be114c972b17ffa5326de287a

SHA1
6383ec9f1b6ee84ed1294b4abc8175129f79ef8a

SHA256
ac97901c592fcaa15682f630a014122f2129a28a8f805855b81e54c17511380f

SHA512
5f331a1563ec4d4af26be197c0b46b8e2f85c34d5d122093e465bc98527bbf83ccea9a55b506f8c726135e6ed3ab120a819407004cfd953cbf65dc14d84c1ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b25d746ac19a08a76eede449036f13c

SHA1
15b034c4dc66d7525254fcae424d18a2c0a31035

SHA256
5249324a258e33e798a1c931543dbee0ad8274c719fca35326a9b8e4e6e0bd19

SHA512
301efda6ae110e8c0fa371e122712c8af8e3570132cadaa8427f2ce37a5f2f92db9003a8ce2cfb72b943aba580c4ef0ea4a027f34beef71d5ea369808fe7d51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f94046b4d56bd41915af785121634e63

SHA1
16045f1c6c43377fb0814113bb3472de084e84f8

SHA256
b7bf7bbefe24c0aae4587e669e0d806b5e908163af9c943bd4b91e6f9df994da

SHA512
5eac9871eb5e935e6fade3c702b98315527a3ecf55ea2fb01c4c28b2d07ad3ebec09c4f6cd5d30ca4edd634d5fbdc108dfd98323eaed33d18f71700ad3646f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56d69b7703ab1c1ad37284331ee1071f

SHA1
d987e969ef979fedc8657d4905a364840e8a3ff6

SHA256
5e8b85a25f1426c2766ae114e61b18991387fcf4d24f1bf9209db3a49a6a6fa4

SHA512
bf5196aadbc573bd9c61951bf15b9426522189e60be281ea009494b1e3787149b261cdfd4459f33aaa851c6274c9bfdba3a9593ef63d6488ab29b3e92708471d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3f2d6c453107d034c650d2b6923acc0a

SHA1
439b28d60910bd13328d84bb4bbfbc753fd2cf78

SHA256
6ab4f1e9f3548d5943b7737a926e721968a1e88344a5007308f14eed35ad7d35

SHA512
5bcbeeeea0e0ab4a48425d71e222693bb6f13179f4373a2a99048eedc6afd1d7aabb44a5b4afa6efb6299e96749c470389429fe75feb8706c89bb27c2764d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1df6efa390dc3c828362bce356aeea19

SHA1
39b13217d34c69790e8aa4a06e6f241f3ea66883

SHA256
809517cd5659f881540b271a72b66f2e928d7d38f0731074d0ad3dd5387b2296

SHA512
2d35e5a1c616323fc1c62c4921a702490dc5cc45009b6a5e0b4b633a5d0af4606ee4edd4ecc97f9d295b34540ce8720b4d931a4e0e2a2d9cb12e15a1cea53a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7fc67071a91248c1160548a3e12b7783

SHA1
b9f963c77d9e01f3422ab189829820eb74446df5

SHA256
832368914990f912a583e1cf38e3a0282d52ed28f1ba402fa58c3357ca8e0bff

SHA512
5c697f45ac5bd83e7fa2218589ab1f559eaad250da5778e1c7e80f86e804a14b4f3c8aca36a0294278e54f404ac5a5dbc3e0ebb854fd7e6f529bef5cc49c48de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
269ff73443679f058e9a2a4f9f40dd71

SHA1
1475bf83f97a85a38bd4f1563f1961bd553951db

SHA256
e557957695a5419f4b0729d9b7ca93c33a986c35d746b31ac9f958a8f9717fe5

SHA512
e41a8be90e039b936c07b9ad896a1bd381317aa68576b1d2b840e318b5e0dd739bc031c5d97963073278dfd2cd8f3963cb89175695825829a715d996c972cc42

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2VLV8.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VEUB9.tmp\REVisionFX Effections OFX v24.10 CE.tmp

Filesize
3.2MB

MD5
871d3b5be6b01305c82e29663fc9f0cb

SHA1
a21c765afb3e5e048fd300fb90ac517bab6f59d1

SHA256
eff0bca86d15a7723e24a01538fa683065c560b944522110a0cd319ce03dbb41

SHA512
fa63ca68d72b66c3ac9ce25a6fce6dea426b0772d040ccae6c6846c068c6ffef45407deabe55cdade0ef05ce81043f02b024890750db8b52142f1f7446ff602c

Download Submit
C:\Users\Admin\Downloads\RevisionFX Effections Plus 24.10 (x64) for OFX\Readme.txt

Filesize
338B

MD5
c66c1f3d8ae4243f52e7226e1b087b2c

SHA1
a79a8d70976666185097278c7aa662a09a54e1c8

SHA256
75cbad82d1fe7a0650f172d931c66c481ebe8293948f71a53abcf6c71a7090bf

SHA512
8fb3511c8cfeb6a6af71aaa218a53406ef0756700ed91137b8861531e15cfb43ef8e99fbe86db4abad1f3da643453f68cce313de2b8b36c7bd3d1a6cebea9d0f

Download Submit
memory/3588-292-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/3588-574-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/3588-643-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/3864-263-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3864-291-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3864-644-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download