69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f

Resubmissions

24-01-2025 18:53

250124-xjqd7atrcr 8

24-01-2025 18:37

24-01-2025 18:35

24-01-2025 18:21

24-01-2025 18:11

24-01-2025 18:05

24-01-2025 17:27

Analysis

max time kernel
194s
max time network
419s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-01-2025 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.35-x64.zip
Size

4.5MB
MD5

5f7548663f208cb2fdd2350b916719a4
SHA1

689f5e7275b316892c88438d3bcb1ed2bf643697
SHA256

69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f
SHA512

4ea59a095cdb5ddc1aba1a4a46b717799012cafdeca795e84bee6c5f5892300c82e7199d1e3f70503d87f6fa4e8382137d0ffb738776785fc2e71d2037a4b961
SSDEEP

98304:OmD6OMyjrm+twdjTmDh/BRFQNM74slPUDtgoCrEhxGMZLvrylQQOJgq:JDUyP9tWjTml/3bZUpn7GMZbOe7Jgq

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
169	1344	firefox.exe

Executes dropped EXE 6 IoCs

pid	Process
1180	Xeno.exe
3012	windowsdesktop-runtime-8.0.12-win-x64.exe
2872	windowsdesktop-runtime-8.0.12-win-x64.exe
2176	windowsdesktop-runtime-8.0.12-win-x64.exe
3352	Xeno.exe
3480	Xeno.exe

Loads dropped DLL 64 IoCs

pid	Process
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
1180	Xeno.exe
1180	Xeno.exe
1180	Xeno.exe
1180	Xeno.exe
1180	Xeno.exe
1180	Xeno.exe
1180	Xeno.exe
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
3012	windowsdesktop-runtime-8.0.12-win-x64.exe
2872	windowsdesktop-runtime-8.0.12-win-x64.exe
2872	windowsdesktop-runtime-8.0.12-win-x64.exe
4080	MsiExec.exe
3520	MsiExec.exe
2692	msiexec.exe
2692	msiexec.exe
4036	MsiExec.exe
3632	MsiExec.exe
1352	Process not Found
1352	Process not Found
1352	Process not Found
1352	Process not Found
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe
3352	Xeno.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{aafaa0cc-b975-4ffa-ba33-8690e64683c4} = "\"C:\\ProgramData\\Package Cache\\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\\windowsdesktop-runtime-8.0.12-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-8.0.12-win-x64.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
190	2692	msiexec.exe
192	2692	msiexec.exe
194	2692	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
227	raw.githubusercontent.com
229	raw.githubusercontent.com
351	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\cs\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Security.Cryptography.X509Certificates.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.IO.FileSystem.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ko\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\pt-BR\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\D3DCompiler_47_cor3.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\es\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Diagnostics.Debug.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\zh-Hans\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\es\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\fr\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\fr\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\msquic.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Collections.Immutable.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\System.DirectoryServices.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Threading.ThreadPool.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Data.DataSetExtensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ru\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\zh-Hant\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\tr\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\zh-Hant\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\zh-Hant\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Security.Principal.Windows.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ko\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\it\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\.version	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Reflection.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\tr\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ru\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Web.HttpUtility.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\pt-BR\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\tr\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\cs\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\System.Windows.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\pt-BR\UIAutomationClient.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ko\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Threading.Overlapped.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\cs\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ru\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\PenImc_cor3.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\Accessibility.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Reflection.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Web.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Runtime.Serialization.Json.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Net.NetworkInformation.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\pt-BR\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\pt-BR\System.Windows.Forms.Design.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\ja\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\fr\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\tr\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\PresentationFramework-SystemDrawing.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\Microsoft.Win32.Primitives.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Globalization.Extensions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.IO.IsolatedStorage.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Console.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\tr\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Numerics.Vectors.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\netstandard.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Globalization.Calendars.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Security.Claims.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.12\System.Text.RegularExpressions.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.12\fr\System.Windows.Forms.resources.dll	msiexec.exe

Drops file in Windows directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI7373.tmp	msiexec.exe
File created	C:\Windows\Installer\f794754.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\f794743.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f794749.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI69FB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f794740.ipi	msiexec.exe
File created	C:\Windows\Installer\f794742.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f79474c.ipi	msiexec.exe
File created	C:\Windows\Installer\f794752.ipi	msiexec.exe
File created	C:\Windows\Installer\f794748.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f794746.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6BB3.tmp	msiexec.exe
File created	C:\Windows\Installer\f79474f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f79473d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4F3D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI58D2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6469.tmp	msiexec.exe
File created	C:\Windows\Installer\f79474e.msi	msiexec.exe
File created	C:\Windows\Installer\f79473d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6575.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f79474f.msi	msiexec.exe
File created	C:\Windows\Installer\f794740.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f794743.msi	msiexec.exe
File created	C:\Windows\Installer\f794746.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8496.tmp	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	windowsdesktop-runtime-8.0.12-win-x64.exe
File created	C:\Windows\Installer\f794749.msi	msiexec.exe
File created	C:\Windows\Installer\f79474c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f794752.ipi	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-8.0.12-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-8.0.12-win-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsdesktop-runtime-8.0.12-win-x64.exe

System Time Discovery 1 TTPs 1 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
1984	iexplore.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5af8ac342c04f429fa69b93996718e100000000020000000000106600000001000020000000b3ca48be37f9b72066baa024dec1af1783cf7cfe96eba0e1c5198ec7041d96f5000000000e8000000002000020000000bf926cd0de07d15d63c7cbf25e9640c27934adeb9fc59cb7893af8fdb5d68d00900000003c0adacc535326a195d86956ffb02e545cb8821e144b1d7210e6c276732feccc0c663fdaa5133ce7b923ee6f72bdc52c5cf31971cc41a32724afc19108fe46c996be7ed7a88306984ea97e5faec11e1d8c6e4e043c0baa09aac2c4377a8b99087076d81bfca6918592c6df67a55535284c69c4c815aac7825e8a85ef41e5484ad44df746a8d9f3eba371638c486b7f2b4000000047557a6cf9e05dca4b914267e66a901598780ee400e2b1f8223fe5b943d3c26b23d2bce4367ce8bc8e50855402a9305e33d08b8b289d4a60207b107d78e04082	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2D53B61-DA7E-11EF-B4EC-5E7C7FDA70D7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30cd558a8b6edb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5af8ac342c04f429fa69b93996718e100000000020000000000106600000001000020000000064b04adc5c384085fd15458c55e08ce1b6f0505fbfd26e6bed6d57c394d4d51000000000e80000000020000200000002c8a7614c3ab0f865713d8b937b70e8e92918d36b73fb94a69349ab78d8a27542000000059cfb102bcc146c3ee43d1964927b4fc651bf9176443b3bc785674ab150ca4a1400000001b4eb11273cda7fbcadf8ffc61f31113411afe2c121228c17b954a9e0ab78f1838f427a69bd0499aef44cb1fe9df080f3843de14c870a9af0c5ed963722b8f3b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.48.26165_x64\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}	windowsdesktop-runtime-8.0.12-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\DisplayName = "Microsoft .NET Host - 8.0.12 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D881F2EC0135A4B72CA89D27FD72F577\D93E6C4CEA84C62469C064DE4374DDBE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6D91DC17844CD5B4A983107814572309\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_64.48.26165_x64	windowsdesktop-runtime-8.0.12-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.48.26165_x64\ = "{C9C872D5-3CA9-4E0E-AF90-1B85325F9243}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.48.26165_x64\DisplayName = "Microsoft .NET Host FX Resolver - 8.0.12 (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Version = "64.48.26165"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Dependents	windowsdesktop-runtime-8.0.12-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\619CCA902E35242631A12DC1EF9D523B\5D278C9C9AC3E0E4FA09B15823F52934	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6D91DC17844CD5B4A983107814572309	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.48.26165_x64\Version = "64.48.26165"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\946606E165E7F254A84C94C5071D3E14\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\Version = "1076913717"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\SourceList\PackageName = "dotnet-runtime-8.0.12-win-x64.msi"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{71CD19D6-C448-4B5D-9A38-018741753290}v64.48.26178\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\946606E165E7F254A84C94C5071D3E14	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_64.48.26165_x64	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D278C9C9AC3E0E4FA09B15823F52934\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D278C9C9AC3E0E4FA09B15823F52934\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_8.0_x64\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}	windowsdesktop-runtime-8.0.12-win-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_64.48.26165_x64	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\PackageCode = "7CF739BF6691FB44FA025F6CA00692A8"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_64.48.26178_x64\DisplayName = "Microsoft Windows Desktop Runtime - 8.0.12 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B7B1D23592C55D369A3E60E327E05E82	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EF8AAF4D6125836540A99EE19E9C5D62	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}	windowsdesktop-runtime-8.0.12-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{1E606649-7E56-452F-8AC4-495C70D1E341}v64.48.26165\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6D91DC17844CD5B4A983107814572309\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}	windowsdesktop-runtime-8.0.12-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\PackageCode = "08EFA12FFC815334EA5AC128CF5D8DF3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\946606E165E7F254A84C94C5071D3E14\ProductName = "Microsoft .NET Runtime - 8.0.12 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D278C9C9AC3E0E4FA09B15823F52934\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D93E6C4CEA84C62469C064DE4374DDBE\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_64.48.26178_x64	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_64.48.26178_x64\ = "{71CD19D6-C448-4B5D-9A38-018741753290}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_64.48.26165_x64\ = "{1E606649-7E56-452F-8AC4-495C70D1E341}"	msiexec.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1912	chrome.exe
1912	chrome.exe
2692	msiexec.exe
2692	msiexec.exe
2692	msiexec.exe
2692	msiexec.exe
2692	msiexec.exe
2692	msiexec.exe
2692	msiexec.exe
2692	msiexec.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2872	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2872	7zFM.exe
Token: 35	2872	7zFM.exe
Token: SeSecurityPrivilege	2872	7zFM.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2872	7zFM.exe
2872	7zFM.exe
1984	iexplore.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1984	iexplore.exe
1984	iexplore.exe
332	IEXPLORE.EXE
332	IEXPLORE.EXE
332	IEXPLORE.EXE
332	IEXPLORE.EXE
1344	firefox.exe
1344	firefox.exe
1344	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1984	1180	Xeno.exe	32
PID 1180 wrote to memory of 1984	1180	Xeno.exe	32
PID 1180 wrote to memory of 1984	1180	Xeno.exe	32
PID 1984 wrote to memory of 332	1984	iexplore.exe	33
PID 1984 wrote to memory of 332	1984	iexplore.exe	33
PID 1984 wrote to memory of 332	1984	iexplore.exe	33
PID 1984 wrote to memory of 332	1984	iexplore.exe	33
PID 1912 wrote to memory of 2208	1912	chrome.exe	37
PID 1912 wrote to memory of 2208	1912	chrome.exe	37
PID 1912 wrote to memory of 2208	1912	chrome.exe	37
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 2536	1912	chrome.exe	39
PID 1912 wrote to memory of 1832	1912	chrome.exe	40
PID 1912 wrote to memory of 1832	1912	chrome.exe	40
PID 1912 wrote to memory of 1832	1912	chrome.exe	40
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41
PID 1912 wrote to memory of 1028	1912	chrome.exe	41

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2872

C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe
"C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win7&apphost_version=8.0.11&gui=true
  2⤵
  - System Time Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:332
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:3093514 /prefetch:2
    3⤵
    PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b59758,0x7fef6b59768,0x7fef6b59778
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1508 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1364 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:2
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3596 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3816 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3480 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3776 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3460 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3060 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2468 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3548 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2320 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1792 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3948 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3696 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3872 --field-trial-handle=1196,i,11127053268034405385,1561509065956770003,131072 /prefetch:1
  2⤵
  PID:2492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.0.1853994055\609246907" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7502917-39b1-4659-ae34-c8e5cdf4d737} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 1292 101d8b58 gpu
    3⤵
    PID:980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.1.623343067\824522895" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d530222b-4ff6-42b9-b43f-430c42fb9d3e} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 1500 e6f558 socket
    3⤵
    - Checks processor information in registry
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.2.1142658243\1307560022" -childID 1 -isForBrowser -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {209a1226-3ce4-4b36-8036-c9bf51d4c039} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 2120 1a298558 tab
    3⤵
    PID:1180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.3.658865147\871832266" -childID 2 -isForBrowser -prefsHandle 1664 -prefMapHandle 1856 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d10fc8b1-dc99-45eb-bb57-21275251b391} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 576 e70758 tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.4.139414804\422043033" -childID 3 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {812a7046-7968-4ca8-b74d-90fda9d85db5} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 3020 16cc4558 tab
    3⤵
    PID:320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.5.651832976\1951446054" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3900 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f0a68db-3a95-44b6-a097-33d0341eb5e0} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 3888 1e415c58 tab
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.6.335897856\964738659" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d402d4-35b0-427b-8613-b6406114923d} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 4036 1fa62d58 tab
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.7.303658247\1855857690" -childID 6 -isForBrowser -prefsHandle 4236 -prefMapHandle 4240 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01de5e9a-e802-4d6c-977f-f28433dc6c25} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 4224 1fa63958 tab
    3⤵
    PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.8.1547172823\1683118549" -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c43bf57-efef-4790-b198-c57d7a31dacb} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 4504 1a36b658 tab
    3⤵
    PID:2040
- - C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe
    "C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3012
  - - C:\Windows\Temp\{3D0BE644-6453-41B7-96DD-162A3D0B3236}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe
      "C:\Windows\Temp\{3D0BE644-6453-41B7-96DD-162A3D0B3236}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-8.0.12-win-x64.exe" -burn.filehandle.attached=292 -burn.filehandle.self=296
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2872
    - - C:\Windows\Temp\{6A54ABB9-E91B-43B1-8E81-4352C708D235}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe
        
        "C:\Windows\Temp\{6A54ABB9-E91B-43B1-8E81-4352C708D235}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe" -q -burn.elevated BurnPipe.{1C8B5D8F-2C45-448B-B103-28078E4842B7} {3DB8DD80-4579-406B-B39C-D1A5C8E10819} 2872
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2176

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2692
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C1546ED9DF0317A3F58199C071172E5E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B1BB815E71C0DCE1D0F3299F592EB2A8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3520
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AD18B7BA4659DB47864109A6C7A70F96
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4036
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 887D2088BB8CE956E9C27A11150E33DB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3632

C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe
"C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3352 -s 1112
  2⤵
  PID:3436

C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe
"C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe"
1⤵
- Executes dropped EXE
PID:3480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3480 -s 1136
  2⤵
  PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b59758,0x7fef6b59768,0x7fef6b59778
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:2
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3876 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1132 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=1328,i,16764758409532116902,16145427670593780215,131072 /prefetch:8
  2⤵
  PID:3016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec
1⤵
PID:2860

C:\Windows\system32\SndVol.exe
SndVol.exe -f 46269602 25844
1⤵
PID:3288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3960
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:3944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.0.1499593315\1238511559" -parentBuildID 20221007134813 -prefsHandle 1132 -prefMapHandle 1124 -prefsLen 21651 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c08b0d-7dc9-4273-863e-4bafa365d9d9} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 1196 b2e9058 gpu
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.1.1763971248\366194400" -parentBuildID 20221007134813 -prefsHandle 1336 -prefMapHandle 1332 -prefsLen 21696 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65059d89-737b-4ce7-b711-4470ee5b30b6} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 1364 3e30b58 socket
    3⤵
    PID:936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.2.1380216866\671873630" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 2060 -prefsLen 22157 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1035cb2e-afd8-4ed4-bfc3-51f4ccb4beb2} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 2076 1a246b58 tab
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.3.223796208\1932071445" -childID 2 -isForBrowser -prefsHandle 2624 -prefMapHandle 2620 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {701c69b6-0fde-4793-98f4-adf174dbb32d} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 2636 1bee9958 tab
    3⤵
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.4.690216807\1742020152" -childID 3 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {920202f9-c72d-48a1-abd6-2ac08d0f0515} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 2760 1c1d9c58 tab
    3⤵
    PID:2824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.5.658618532\83509106" -childID 4 -isForBrowser -prefsHandle 3372 -prefMapHandle 3356 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {085640ce-36b5-48df-bd01-486439c2bf65} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3352 1d42e158 tab
    3⤵
    PID:956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.6.1156171765\62595478" -childID 5 -isForBrowser -prefsHandle 3492 -prefMapHandle 3496 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38e3b6bf-283f-4893-9b40-7fb911171285} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3480 1e61da58 tab
    3⤵
    PID:2968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.7.660957839\576692154" -childID 6 -isForBrowser -prefsHandle 3684 -prefMapHandle 3688 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3abf620-66cd-45f0-8ee5-5b7955322ce4} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3672 1e68cb58 tab
    3⤵
    PID:1396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.8.281048008\661568409" -childID 7 -isForBrowser -prefsHandle 4156 -prefMapHandle 4148 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea1ffd92-4de1-4c0c-8bd8-7d55365d6ee9} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 4168 20820058 tab
    3⤵
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.9.384090733\1021989349" -childID 8 -isForBrowser -prefsHandle 4000 -prefMapHandle 4560 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {719f7b1e-461a-428c-80e7-57ac222a889a} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 4580 2055e558 tab
    3⤵
    PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.10.501389133\2027574237" -childID 9 -isForBrowser -prefsHandle 3640 -prefMapHandle 3628 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d018939-62d9-4ee4-b9e3-aaafa1c68cb2} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3572 2055d658 tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.11.1934818992\1654422436" -childID 10 -isForBrowser -prefsHandle 3536 -prefMapHandle 3944 -prefsLen 27342 -prefMapSize 233816 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9343cc-8e6e-4293-a67f-7509955d4248} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3424 1e894858 tab
    3⤵
    PID:2284
- - C:\Users\Admin\Downloads\VC_redist.x64.exe
    "C:\Users\Admin\Downloads\VC_redist.x64.exe"
    3⤵
    PID:2444
  - - C:\Windows\Temp\{64072343-3C2A-4786-80CA-4CCAE95BD992}\.cr\VC_redist.x64.exe
      "C:\Windows\Temp\{64072343-3C2A-4786-80CA-4CCAE95BD992}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x64.exe" -burn.filehandle.attached=292 -burn.filehandle.self=296
      4⤵
      PID:3388
    - - C:\Windows\Temp\{BE42375D-EA0A-4528-9E28-4CEF20874D42}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{BE42375D-EA0A-4528-9E28-4CEF20874D42}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{120B9488-19D2-4EDC-94E5-C0A128B539D9} {7CE7A627-9AE0-44FD-9D69-BC2144C24E5A} 3388
        5⤵
        
        PID:3284
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=500 -burn.embedded BurnPipe.{B8292DD2-3650-4D58-84DD-BFEB9CE6A73D} {E1284F14-5C14-4CC9-B3B3-C9DD9097BA8B} 3284
        6⤵
        
        PID:2936
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=500 -burn.embedded BurnPipe.{B8292DD2-3650-4D58-84DD-BFEB9CE6A73D} {E1284F14-5C14-4CC9-B3B3-C9DD9097BA8B} 3284
        7⤵
        
        PID:2956
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{5517A2C6-A856-4978-9AA6-94F5DCA99E1A} {4E95386F-AC28-4E79-851F-FAB94CE458AC} 2956
        8⤵
        
        PID:3828

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3620

C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe
"C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe"
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f794741.rbs

Filesize
46KB

MD5
f11ed364c04999079409fe618eaeba7d

SHA1
f0a4911546d45e9eb6917560dbbfa6ec97c6141a

SHA256
941b58b91bdd9b890895edda34dca79aad0b7876c71acdb45388ac24a6d04be0

SHA512
97806f38bfb75e45e584d6c5e2acb411d9891c33a4d5645f22b874cc7bbee51b0cea7a40fee896edec4e949e897b564704083f7d48af4b8747404239092ca1f2

Download Submit
C:\Config.Msi\f794747.rbs

Filesize
8KB

MD5
6989de15932516ccb00bd4710abe2076

SHA1
8509e07b1913c65dec67d8b85b104b2972ae1e2c

SHA256
328a8ef964e3b3f05c06627d85af52b9af3bc9e30f212c071787cae4b35855a3

SHA512
525c86b2cb394ef9547fc59ad6eaec29c4d56dd006eefca7ea955900d9d1850983c375620f34ac3c5197d2e16ad357fcf1d5367cc15ab4297749ed303e296994

Download Submit
C:\Config.Msi\f79474d.rbs

Filesize
9KB

MD5
3402cce9faa7b886fe70d51aec2b4955

SHA1
0fef73043c2cea0cb759ae81975ccc3101520224

SHA256
b6a770ef6d322ba935a6a9d9cd9340924651f38c113baaa5827811b3c2853aad

SHA512
79668c3df9fa46e4d1086482d4c2e77525ec5725a538191fea2f31076914aeb58c2a0b50565bd74c1b374164477e3283f7736ef778d72d69381692df7f6f7322

Download Submit
C:\Config.Msi\f794753.rbs

Filesize
87KB

MD5
54a688d82d23fa1c3555d297127bc4cc

SHA1
39676680e84302937fcfbf4b205603a8da93a0f3

SHA256
8d29c945451a12061806f6130cca8d2c676a7025ccb9605ecb3b6a8f985a7ca9

SHA512
0bd0c2641385e62af5057460c1441a20a3aaf8da81df7e7730273361e5cddf985cc5cf9254201123a6a905c5ad9a39d161743f435150b39e00aabf2bc85fa14e

Download Submit
C:\Config.Msi\f79475b.rbs

Filesize
17KB

MD5
3d7d0d9f82c2185539adca675fb082fb

SHA1
3bfbb3143b7122f984d4e389bad35e6a8bfbfa8c

SHA256
e78365403b88ce9fdf63e9268f23a41e94d3008d652e51365415578d07db6385

SHA512
e5c88f5a3a0f2355e3ffa504effbe2840932f5fdcc70d121c233d391bbea33e48ec0a95450f6fc9c429d540b52bacf935cff858c63b01a67ad74361cdc9c6827

Download Submit
C:\Config.Msi\f794767.rbs

Filesize
16KB

MD5
3eb3772e30bd523afab1932306c433d7

SHA1
67de8d125c932d48e42f8563e4ddd6aa4ea6d661

SHA256
38c45bfd2c0ebc2da36b6874e197ffa6c452ab9ccb46f08b7ef7b2d391071e93

SHA512
e61d0c75830d15787f2d51d26a0101bbf48eb380e77a258c88802c4eadf64470d1be53432310cab90e52b235c4b8080accf0b002eba79acf6bb6c4e0998d1c3d

Download Submit
C:\Config.Msi\f79476f.rbs

Filesize
18KB

MD5
5c780b02b08c9ccc86874d83a7ab88e9

SHA1
9cf937cd6bd165760654c3c15c30b8f8e8cf72b0

SHA256
0560e3b91525e2927b4e0a9ecda1a8807b8227a766f1a1e50deec8196330cbcc

SHA512
7b7aee93ab074409d9673dc25c252129180bf263d2aefe8ec0c4ed9092a6e76a1669894320961e71d71d19ea6eff8591794f5ac0a529d861aa1f7685b32790d6

Download Submit
C:\Config.Msi\f79477e.rbs

Filesize
17KB

MD5
9b04cecc3850f81f079677fc7a571c4d

SHA1
9c2ec426afd9b58a336674dd3820279719f7f119

SHA256
50d1bb9b9450bb7df5d253cad723bdcc6a0c0d024beddc9948effc056c7c8bf9

SHA512
bc86010d042df0df62df08f5c8ba41bd94b2824fe6c498038cc17a639317aec5296db59551659331ec451b1b821146d3fa40214af369409a081b97c02e6cc52e

Download Submit
C:\Program Files\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
93KB

MD5
90630d9ee3e0a5672166a45e00f79a5f

SHA1
d1148f8c7558e9b8a81bf1f50f9e3bed89d9928c

SHA256
1271701f435f7fe4aa81dc7e273ca80b6391b73580ee20b35a956052c95de4cf

SHA512
29e10bd57d1c580ece70b9b7c4a69dc036a5a64012eb89ba360a71be6b808150610ea0737351277a3d4235c02323fabef29f092fa6b2a40f0289f55a7973e93d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2f4a6931e6ac6241250a2cdb9a76e5b

SHA1
aa1308c4d5ede37c07d1b599a5c7f39902c8dcaa

SHA256
f229a1d5fea854702f2c2c8608477f47eb6ee58fb529818a7523121eef9d8508

SHA512
596e0fcfa6365d4d0e6c78e56247b797a0cd82d2809fbeb38ae4adb36d7dbfa5ceb3fc9afaa5ff9abd5971f34da0cd5c3a7f91a777a9f1adea19e47fa3adfe9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ffe82d8375ea65434ddb9e7634faac0

SHA1
d95181d5991d5a3bf9117f048c166ebb3c691309

SHA256
5bd48b81e1ef6e38d5ae5f5896b5fa5a0bce9d738ac067790bb5016a9eff1816

SHA512
3062acb5538afb4adf93661f89d373c5ee93dbe1c6086a0e55f67e17647b0cb5be0429b6022a65be3504f4a2825551598a9f2de282a29e571f16cc7ef58cee5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8e0f55e724b2afc10712ad604c0bc4e

SHA1
575e5ed5ee316e8ddb094ce6254e58b11f29e6f2

SHA256
b7d3a10e11311cd34e00efa53fac5f7ff91259af750e237256c9005884ee1640

SHA512
04232269be3d1ccce2969e0a85e0ae66fde3a38499ad07c38c953773c6968c34d5d9b9a731cab1e423730114b8cf170521bcb8c2119f5aa8309a0c2be677ece4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74ca577556a1c8d98108274e727c66a4

SHA1
38e7b65fc2f34952c079892a380d882da31d04b8

SHA256
749969418973bc66a65619d628ee0454bc2962c095c804eebc76fd6b75500545

SHA512
11caf83a3cd4f21b3072fb90703f995295e54f39fcd74a21e433449d69f467383d42c5592b107b81069bb35f185c96f1b295244b206b827073e6a2c3856eae5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
447bfddca6124c84ffc0f7b1049ac5e4

SHA1
b0ea80673b8d49f59533a79e4248d28991bc683b

SHA256
d661a0677ee8cd1619023ddb3514fb4d53f6d18c9e5f35e7e79f735cb500df00

SHA512
2a688f97c918bb74ff15ea6bdd1c7f506b5a41184c7f6583dfd051fe6083eb463fb7375e69f94b599a1063fe3cbf8ba79c0fe48d4ac4125297be0b0ad4b0a255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
895ef139376ef179d16e4e26a2e5d6cc

SHA1
e30e5ab5f36a8b84ba1fc688032ae6296ab8dc7c

SHA256
f8b6884157d87eda388de4b0d245a8b058d2545732a8b525211aa2a55b30db83

SHA512
f16bd3d052aff6ab9affe82020746b9ae19b30ac8ea9f67a00dbb608a5963023aa8f1655d79a01b47c4c8f9997c63e348e262b5db4d54b765a628a2f07582fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02c1de31cb847df617dd3e3d201a0970

SHA1
cced4ff93cd7aa924e82d60672e9072bfcad03a4

SHA256
06d254fc458b8097d88884ea0c7ddce03e4c81d3cc1ee84df7695da0305dcb8a

SHA512
29e01e2d866391d5e77aba0def5e668f3ba4ce42fb1fafcfecb47418baf6d533d0db72ba6f5b0a565be6325be5424aa06db8754a68554e4987a9072c844ac3b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e471c8ff5fd2ac890b06205dbe089c35

SHA1
383dd171b4f01a6ea90b62244d9dd9c5084f992f

SHA256
8de713015ad18840a0d94e4c20d87a12f9359789a903a33f2a3fd328c07a703d

SHA512
90e29174af0a3159d4b45994c0f923299100cfe2d64aa87a15d5a13fc271b9d43c13078ad9aae865391e0d8e133dc6849953bf6c708a2dc02b13da019e6a6f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec1f508e370318206dcdbf8e4027bf1c

SHA1
f12c06de8c0ae5e3b73221c2fcd8e5d7e8b050ca

SHA256
5436a1aa067b064b6c626d9bbb568a759a625650c3edf9602b0826eaa2ad99e5

SHA512
4c1367744e5896a169d02afef97ecc22928abd739b68d04c2ce6ee6e505ea16bac6ae07a0fe0bc722a7a34ea3569dbe7d2d1fec4e018b00f292f548f5b688121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8923fe5a5c6fa512669caf46988d67c

SHA1
f8f9fb5868f3b2f7df081567b3816f5c8798b6a0

SHA256
d777a6bade22cd4302a760355ad5eeb79734d45bcda0f0fc88695e2ef9778089

SHA512
33d5139362e7c9bc07a6158f46d419af0af874bc338e3e6fbad6f84eb3de22123baf76c34fd5d9b778ede617bb74b865a830c22e7ce7729626e4519c33b9f822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a43ece50f3f1789c4f52f9bd1164a769

SHA1
168505d675f9fcd99c64172a1f775eaf0536a973

SHA256
d4c2b52426d04b051fec05b846714a2725a3de9b69f64916c53232cfbbf457a9

SHA512
5f34f9e1065c96044ce835f3f88b42e821e289e834aed06287782d5906826f92688dfb99eeb28674688c115035535ed69cfe8cc7cb7c04f8682cf0c6223a2088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d80fc78696d48b28e84f8ce5213ca624

SHA1
74be558340a1f05bff5976bb4a0556292386cb3b

SHA256
c07d1c636b7bdfaff9b0978b79294bdceb843548c0c94d8013baf182247c951e

SHA512
2c8d3137e902b139b58f53c16eeacca13e15e8a171cbec737afcdc86cbaea098dfdfaba4e206ef541a529c57f2dda65e59d5e005a93c91f862833acee59179f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57fabf8d8422429a631daaef0fef23e8

SHA1
7ccfbbd74d1a583d20d989418ec6236f148c9d70

SHA256
e48ae3ebdfac79c594f7e2840a0cd48ceac568e72d876fd0be9eec25aa4b1a57

SHA512
360a07fc9dff5346bf72c076e5c57344d0b66496be251468d2d9dfd6584b434bd911d89b2f282f17a08dade9dafe0c21fca38cc73bd5c05f7f6e3378a0bb7b20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14751ba08d62c662ebca251fbbbcc359

SHA1
b7c1df708ebe09381ec381119d70df540bfe61d0

SHA256
1220fa43e4ef97e896c57bd2ac5bf5febee371359ba417ee23fb8fbe675e1a27

SHA512
c75a7f5d51ec932d3a8a56f3ef7aca7e4ccad131870839b4f88453e18e1ec932f40497dd49ccb7af850fd0c1c7a9503438e7d38a2a86f05d03652e31c45637c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b8e4e7c61f3e514ce61714be8c3f7cd

SHA1
45bb78ab9a330c0fcef1652671556c83eb8fdfd7

SHA256
6368bb98564961f6b0727d9ad2953594320788b1d4734fc9122684cc02c6ec5f

SHA512
cf02c2f79d57d452faab8b236f514901262eb307b109845adf472420c09a08096ba404e32030ba71596475adc0f10f5e2b9a1e67d4143fb39bdbcaa162a50e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb9f7a008db84e39b841224f3d23369d

SHA1
fed35a89ed471b503ba7c09e693ea220f21acdcd

SHA256
52b5e9d7c5531cbc89dfe5214338ef5fa6ff77a831782b27141236be4b092704

SHA512
5a0fe722221a62f8f22f6a584d6562f67ad640d770c94fa4162448e8e5f2639369374195a71bf58d873e7ca9a765ed9c4a1a4285e095de525f0bd7a5f3e9c08a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ea3e3311e63349da19a8dfaa59aa3d2

SHA1
18d265a36d502e0b84dfa843b6b9795ff5786204

SHA256
35a953caea55ab194a14b35fb298817f785728d758ef08638b8a564284e72c9c

SHA512
5f2393b9f71cda543aa8edeb2e771245e984b7a792e4db4d7e5638fb3d54f6976d3e833af4cfff25f3bcb7d66ce4ac4fd90d59c06aed1a8aa837609f0f691190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6caa7653e5023078a0e26c7824b3ad92

SHA1
9edb523fd5cc4268ce80b9596ee17923e3e031e5

SHA256
032568ea72604b00d64fd287a2e38477e8df917e35aee472836ab2bd87850aa7

SHA512
07d30dbb5975a8a3eed16db24a90a32485fb788490edac47065c4950e6bbba64ef59392f0cb9b17eb8b0b8deb9ecf21d02b63df8ae400897957ff7641b8354f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0328b8bca70008c8f52e3613c4ada139

SHA1
d6e117c84cca9f2c1283564de69f0b407ec5b167

SHA256
39fb825b3c8ba38d9ba80f8243596e4009757d86e0a872c01ed6b97a1dd3d1ce

SHA512
35cb411403d777453446504b156f70dc15f54ef527d62276f71e7e38b7158c75ffdca48b097ba3d61247180918be4bed1a699a13c7f2eac93e3a8acad74bd4fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b452b295d5d2d79df7ccc0bd7044d74

SHA1
995da40117bbaa90a4523e13e6c166b06ca8a3b5

SHA256
d81d299005e5c8e4df1cca07cdf721d4dbc235d5c386f0b646f63173e57ae1e6

SHA512
2f637e0e2541c7d74fe73da58195fb17971fe6e7279f1f6e328eba5e23eed51726ae27bac3af125b69d5a3f61016e1eab391a9ddd342224f0db0c9d820006b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b12a89ace1f2fb4091d00132eac7229c

SHA1
0f0f4c01355fc5c2d9782fc9a8b4a8cef34eb4a6

SHA256
81205b9974706247b7cd1d272e506d923a26c619fdb846949f442b7553e8e82d

SHA512
69e363d96ae9254c3e03dd2cbfe4b9685820d816f6e377ee9c13c14e271487f3297d39dac5fe0c6adf04dd78b690a7cd6fa00a86050fc198bb12943f290b1833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3b9944fb3218c541f661c2121537777

SHA1
c0b5f71114d15aea684d8b80b204676047e0d2a6

SHA256
a84e8c701a477e3f163202bd8aa7d2537f47eddd8d7901de7ffba74ddf220f3d

SHA512
448651a66a915756d08c74b529aa7bf6f19d589679f73690d2485fd91e1b419c615511161f8227f205175477b3f1520cab9bf5f28f8cd98efeedd61f86d4b96f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4208e6e07aeaebc1ad437f6b4428a50

SHA1
2258d9ac5d7f4b3fd6d0cc0253690ac9b183e691

SHA256
bdbd7452b3b806088290e70e0db6d568c51547b1cccaf926be33591ee83bc7ea

SHA512
185ebfd36e5400ad94bb7ecc3230e5ab22f5d560871040a6f050d7e01b6d7790b75cafc51523d271cb4cee9765e4e628224aaba64742ecd4060875432a61e69e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
309408bd7c7c39009487399fbf964490

SHA1
ad57b0ff3247364721c8c3d5bf470bb48c10c508

SHA256
a18ebebe2ad27de82a459d8130338a8f5cf98b30135a786bc0abbc96a57f84e2

SHA512
68773aaab31ba6724ff8840e744d2e433fc1975f2a980cb1a1a430d374250fa2b1911fe63c922721457ec73fffc12e335ce26403e977f87d944cdde1ac4cee49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bb456f6a05900ab8b909f161963ebec

SHA1
ff99bcb72edf95e5c0b137430a1a81a2325bfc3c

SHA256
30229deacc37ad6d41bc908b796a7930f3d0176563413a830bf138e8bb6b1d35

SHA512
28de848909bf02fd244d4166336f13e4cb6f3674fd9810630cab3e33c880c0a4c270ba607e73f6d2c78a95319ec999478f5b0d2570e13e74e5ff99577eef7084

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad44d04d31460101a532593992ffbc9b

SHA1
d038a3d1a1f2adbd80952411e0f0a3504903ae58

SHA256
c6f9e1b2df0bfb525ecfd72f11c205044e3ef2f4eda7358b79f910713d326ad8

SHA512
42b4d7e35a684e968f38f8e089d9a0daca9d4b327903af30bfc1117d02ebb7249ac2d321ca94d473fb967611fe1241a35c95351bdba542d0d9d17af3b505c6c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd856c2b8adda6ca828cafbb84c58dca

SHA1
8292827b2ee39010258f1c0c69b5347c967f6493

SHA256
369f73883943f0fc3f3b5619736ad28df8fc40f95e1333a175759c26e869af57

SHA512
afe1da8aa80f22a6b72f7591faaf28ccf37f0a62a64aa0d07bb4fc213a2c25886f6d64d8e3a6ade09b50c35b79cb76813521568e8f7ba25b62ce89ad1765c571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f86fc6b687d5e0fcd0023ca74003031

SHA1
75465dbb48e0be6c5aa16a47cf2e0ad93c196440

SHA256
70c4a54c69dfaa7b50f04634440b9d6109623c6c6d001b00b277470129791a70

SHA512
08ea06f12e84bbec5fac7779f5a04519034321ec96eeea8714d2189910cddbc69d0c4591e4365fd0f9ae757f516a6171868c899ca201082557c8e37f4968b66e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faa6e226e25d7e0cfc0bfb273bf8aad4

SHA1
53b5b2ba7219d4be09845463b14a0b19aee3b40b

SHA256
732b98f79f0481a1246b65ca39262244b486e9f9528d9dda97d70a68bbdd5a13

SHA512
337b58193efd51b0ecdea8aebad1c08ec92050469643c87ba24354688e47f3c31241a2197eaef27e533cfcb04bcda1b19ef1a5299304c4e981a9eca5985fd4f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a4f94fcdd2b0abdc1b3b05ff6206394

SHA1
5612b009f20a845d46893e1ccc6fa0cbc9bb0ec7

SHA256
686f9b8be6b5703950714764073e41fdf01a8208d5fb79666eccdf5d3bf7ba31

SHA512
0553018ff5f15dff9e8f4e818895c9f024b084a6250d6501f74f983919e4a7db2a738a8eae3f45d75d03bd18ea56a124c101f94289b229d16d93936eb00a154a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76b9cd200ba4de3fa4c5005bc2e7963e

SHA1
443701ab3410414c75a8f7f7bf0f806a804d73b0

SHA256
4d004df480dede65ecaa900d8a9b6938f02d445e20a955d86323decd96661f98

SHA512
1d9fc59009b409664919ad67709d4675843b5f46f2260a582aebb3114e7b290128235b7c3686c7cd94907c9d7b70b86fdd2835f0076fbc45e760fdf39eab64d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39ee5e60d6a14e4cf838fedcef98fa9a

SHA1
ca5f796580f3c13c04d035a84cb7c8f56816665d

SHA256
76d3c7edf92ddcd718de7257cbf2229f3fc93f2db5a95375f3ae202b4e262f43

SHA512
b039b882760b07a989e8c9460b0319563c67efae935c5c3f36da564796896415441e0b54690a630fce4396765ab18a11ad2e6bf1487f715a724a634521509231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67f29c0e76757b89a11160fb58e8ed6c

SHA1
a7ab81d8eb6d029197c8fd477b1d36972bb1741a

SHA256
f319c31a08cf0e2cc061ed97cb1ec1caf1743e8e87b3baacd65b37e09aac0e30

SHA512
baeaf213b6ccfc6ba529180d0237918b019b9bb1fd6df3ac5a97782e1c0c6d8795a2550d264296ce5002072fdc7d0712db6b11a6d979e6ae844bbe48694c4bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7cc3791c2fa526c76288c417b5e5468

SHA1
aa27fd560af90d04b3fce2b082b984b796739452

SHA256
0298b7e468be7eff5f55c5022d8219afe5dc835420532c33c71c86aedafad960

SHA512
ebc676da9b5b36ee5c4f3debeca01b9651043197d3270857e2292dfa35eb3ec1bccb90e5d12cbe9c392d015053684f27d4bbc70efc4dbe0c2f43abe418ee8a90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e324c943f77bb2b151cb22d4c8242a40

SHA1
a2f017f573a3cc41657ea225301ad3748577bb94

SHA256
f8ba77bdaf679dab1d6473bec9a7cf2b4d0d73e83eabafe26f70deef940d144e

SHA512
ee3528a48892d04007113c286b3a2a4978958c0fda01d857c5a46fb71b5427fda6e52b4ee15a9ccbe39b41353dd4619c6c7a6ebae48c03776ab2b05fb7be4908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
70d5fb32ea7ad6113a64f0655f15e63b

SHA1
dde9bff87d53c04e5f524c0266ffbe4347e564c0

SHA256
2aae8fa37d9493318fd55444080669615035e71458e3d15e4520d5b649958141

SHA512
cf7e3c1dc3a25cf9b4a4d3a4d0e7bc1dfb712b7ee1ef59c546db4becf51ceebad3dc914e267a8fda981e2483eed274711211d8c5ffa9096b7df405069806fbcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3405be86-3c65-4114-b761-54a6bfe4b3e2.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5dbdb647-5a51-43ae-b163-71486f0b2e29.tmp

Filesize
354KB

MD5
ac98042c2741ac5eb12732f4ee834abe

SHA1
d9a3738d25109b950d40955ff0e3958e3528eec5

SHA256
0dbe451d3b90a5f117e10b49613e87ef04dc207570c21c5b9d6e32f397640571

SHA512
3311abcdba88f8898c3f25be5b82d6021f518ed9be8bcf99079309d4bfb976ae6d5ce17c75a48d7065ec7674951682a2e583e2f54db0f12c00d441baa42c57d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9b1c99d5245940563e9e81e95c4832ec

SHA1
1bc5970a797d7160879f1ab93559a23b736a2ce7

SHA256
5e5e2d6ab15529a13c5f6fddf4908f82199df64cd0fff65ec624e324f6f20a45

SHA512
6d270d67927d391ddb39f5f2c3bbcbe36add45dc5cbf35099b0876b1b1c91f7ff23389e564bdf583fb4245984cd0a8af8f75ef87695296a8dc1d91269763b957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f7ef5c2-b2a3-45fc-bfc3-f643c7a729be.tmp

Filesize
5KB

MD5
b225d6fce12c09d6fab611f83de4b973

SHA1
b895e19e9903918bb59a9a05cf7e37fc2e3cd0aa

SHA256
2116117fbe008517fdfb41c82b5bbfc01fca7b26ea8ff616971c6fb95422fc62

SHA512
fd2e0ba427c3629ac8ffc125fc5b4ac2c8c48994bca92bfbce517c189a5edb59d1c23a9d6e75434dc4534e35203602b680a04a1359e483b8adf6b68a1bfdde44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4497d114b87d4048264acd2cb9c567b6

SHA1
798e221c4c391cbb63ef87882f7c89ac3c15d0d0

SHA256
a7da1216ab71935c760594b9928235a0a2a396f3dc2b4af7d3b39ca4444e1a03

SHA512
cc7d1b19c24c5aab399dec5a337c5ba35f604a63e15974e41aa154a49dd3bf250691a49d36b0a87b13eb87939f1b0a5be8908b35109859d19170d75e1fa1b8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a750da462b33923bd9117427faaad497

SHA1
7e8367dc8bdc047ac8d4ab07c5b32d3483731d4f

SHA256
717f1aa2dd798b150bb56709228b476d0ae9842eca433357bf4d8cb55dfbf258

SHA512
7e6ecd3b102af892f7632eef0dc2d576e05f8eb459f9a384f0f393cf39f54872a3d71946e4c372da870c2032202461efd6b840f7a7c2cc0b57f68b09d1c041b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb81940c3704cc7425182373a7951448

SHA1
dce31ae0627a179cadb4676a5b4f36691cc2897a

SHA256
0c219e9d43c1c944f7e83fe54a0bbf4fb395eec6d75fed79d4ad7e41421998ed

SHA512
3e3f3a2a6b60355af0efcd098adf458b0f58b4528c45053050e68887c1320178ed5fdb79a4161adaedbd431925ef706b4aee6bd6c39c0e61abf06c2e7e65c534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0352c338ffddbfe27ffb4abe90af6a42

SHA1
b854a3240a67ddc26fca2aee5f8752729105074b

SHA256
fa9ffa419c5122d1f20fc424f0652f7de621ccc6cd1d2562469b7bd593f392a0

SHA512
833f231f90b1c007744bc48a22d0df6f436b563d933b53cd79b1dea011ec71a49ae80be485ab952971e680952cad8c45221b5b0abec79f2e8e6d72dc66ad3b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5d6bf9494cfd98801173792e23cdbe60

SHA1
87803e23e3a56862cfe5941bae68258bb148c187

SHA256
437835f5d91112743bf5f040f8d16d2dadc68e704b755ea3c62aa6b487bd2935

SHA512
f9432678c5da945678488f065609c1135f20a1a0cd9918dc3962a7494926a2a5516275713ce4b0ccd44a1ecd8faff3c245546f22fe6b7f9b88175ad9f7d27a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
777a66c4e36d95cbb6006c348d11516a

SHA1
3299a5a64b42564ab49fa8b4ec4d34c8afe52fc7

SHA256
d9219ded1eb18e8fe26b21f0f4cc660f57cb5e3821eccfdf3127dae824f0c3a5

SHA512
bafa13d8de609e5ab26da8b9f107b34c78aa1490dbe1fd2b54e8d728f37dfcf39601e9dfb238341590c1026ea00d03a80c4588c9c9c62daf9309734eebdfee70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
02c9f0da290be83dd80e5862e0fe2d90

SHA1
a9beda1d57d477eb7ce1a3878644b1dd9b7a245a

SHA256
27812d53e8f44332b48037620f3809c630def8346de3538a85e29afb42995af6

SHA512
455d2e62b12cd4fbe9318ae53c8d740b83705d7394737e1bc73f1e7c4b3e147915f2d2afadaa99e2c601d4ed9fb1343e6b76a34597f2e650ed0f321851f6ee47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
edb4ec515959cba5e5efdfbd1f6a6c88

SHA1
1ef3964e2e3a5eae1d65f24b0b236cdfca6f6444

SHA256
8a80487d64e23a9f9f6ed4f8fed1e40266e4329d84cfada4bb33f024a3bd1315

SHA512
e64b56c4b83013fef9717af1cb628b6c89ad5eaf64a3d8044552ffacca846fdf5f2cb4d5dd68f979d20e6b247a0d8b6afb56bea04abaf9c61533cd12b2088354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
354KB

MD5
63459e8d20c17e81e526632609bdcee2

SHA1
b1b893f1e8191929c8669640a1a2103665ad33be

SHA256
0c530b5b23fda9bc73130eca2aaef528965904a5fd20de2426766f248bd052da

SHA512
c1f7fb14205ffb067fbff2444eb42a716204e79adc76aa701491138b7cafba39b6939d14b6ad84e8394db21b178392c14ed4c4e4115c7888d2e3e622b7318c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
354KB

MD5
68803dd09f48e0549ff6e8190bd4d6c4

SHA1
dc4f843a9ef2e0fd8f81c8195a1f8bd54df28c51

SHA256
65f4a49e3af7647c45aca806d94b51c3bcda5d5dfbccabea1e7b8741498dd034

SHA512
0abe03fc4d6bf1e8486095f45b732a0ee70a584c846987a37c8b7569930dffbd9461a778ca98ace7d26c71f39673dae6d656bbfab7b21e9fb39c8b6549195531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cfa77e05-a0cf-4d9d-b436-9a8927a3f017.tmp

Filesize
182KB

MD5
4a7cc988a483bb837337ce4e770caeba

SHA1
5e5e354a5be03ab61204d39e4ab61f5d9a56223c

SHA256
52ed28d72f2fce041bbcbf3fc8dabe7a7a55edfc6d1614dd19dc3402f3c9b63e

SHA512
b2d81e32a7f3a78a2501a8218f7991b2e7314ed957f7540c2b6abbbeee687c1cf70489fe58f0c1c6bda1e9d18a18020596c24c795aa58a10104847ae6c2bb181

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
9209914d3209ef9ed3bc13ee8483453b

SHA1
0cd742ae2f74e43330904bd93cdcfedd43ea0151

SHA256
e5c30b880e4875e6b85baeffdb6cd2039411ba4e0c33ec163d4d373fad76921c

SHA512
7a1fa2a1adab4811c11756d18c5a710835424b3d473499494f6dfdd138e89f1f3c06a7eece19fc2b78bdc9d941e68df5edb0028a46320e76d91fb6503d16fe74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7ED2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7FDF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF56D3A8ACE07CB555.TMP

Filesize
16KB

MD5
eda8aa7a42cfbaac3da5042903b6a787

SHA1
370ce2cae076fcf7fd5152e75b2258110e3b9943

SHA256
c7e0850c683314c3020c0e437efbf461c04e79566125a93d2a0e690a685bebcb

SHA512
49b29e637250aa7e404dea953b545f099b552d3e8d704bfc7ad776a814902faa64ded8ef7e9d735426f052ab31435445bab50709a44721a2d4e41ea2f367c3a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2275f0690ab3e854c469e58b18831eab

SHA1
ec5c09045b7f61dae4b8e9996ed3edd479083c49

SHA256
cf72b4e4bb58aa7b64090d0f7d907465797e8b38323a5817efeac092446436a7

SHA512
267280048a47a3d2b7bcd6d7281253fbbabf54714eb050e57c7ca6eeafd95170471ab62ec424fd5120bf8ab7386cc52732279756e5552b1c194800273e56f72d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

Filesize
15KB

MD5
328c082ea5e93f025ed977d458e629b0

SHA1
c1143e761c9fc32284968ddcadba78cf7d24652a

SHA256
c07e56179672a77a0398d2a87721b3acaffd198c762efd4422ef20f0556027dc

SHA512
38cf61834eeb42569648e076bf0aeb418a5f8469f35db6b3f07172542a132dd0fd2977e58a3684ddb8b237b45435f063163865ed1f32c5e985d4871e87769ce7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\c9cbd92b-bc5e-4861-b913-bd656186a9ef

Filesize
745B

MD5
19382986f4a67a38bc9e7f97fedbdfb8

SHA1
acbd0a9b29d13795a257ca70e576c13810f06db9

SHA256
cce097d8d81b3fc94a07b2b8f34c362cc655dfc5d8db391a29ec5651db746bd2

SHA512
31e2a8767cb3deeaed63bb9c9dec4d2375846850fb34fb4c3739cdb663f13530397a1ef8459a7832a388abe00b575e5557fc22dff6ab6fcd9a255b63c3d77085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\e8f3476a-9ffc-4bab-ad78-43dc96ce3db6

Filesize
778B

MD5
412c2302cb8c92a0f25ea87f87772046

SHA1
55260ba78832d30dc50a46d0f7ebf85dc6cec35c

SHA256
b6eec417cadcab4e77f62dc6b8cde0487a60bf5e16afd61ad16e81273fe560f3

SHA512
91f7ff5ca5cca894bb217f4a68249de44071bde1f146d23a7d167bfbdf28102cd415d4dc90de513fd6e53f7f67148385996cd9934c09224a25fccbcae995552a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\fda61736-21d6-410a-a4e5-596c2715f0c8

Filesize
11KB

MD5
ba1ae0d68ade80f3bce1d4553372894c

SHA1
49c50e4f40707074e191bb6f4239b8f698160d7d

SHA256
7e9543b8edca2c91aa54f0f81b90abf9db432b53d4761dffa44cd544b5398b8d

SHA512
bd7bc1fea11595d10af49e09acb0c65f2b987545ccd9de042b36cf7be63e7b5e0c7351c689cf99eb6c371f0ad54a88a363b1f4af18d88aa71762ab309d079569

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\places.sqlite

Filesize
5.0MB

MD5
8158d5f3888e6f93eddacc696e43fb62

SHA1
a548e8a47ea6a6b31b23cf209fb734c266870927

SHA256
5b9359bb2a8aa9771e5e695a8ed99053e53f38468000070d13f269f4128dd3fa

SHA512
755bff68444cfad5d6f326e445c418a944c2167c40975a6e3abfaa1670987aa50aef5b89546976c3065950ec5e8778fe70c6fe7421d815885b15360bd174767d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
7KB

MD5
9c3427da149f6395acaa37735059d9af

SHA1
fa47fd47a4d48d5813d855aa26f1d904c1a60c4f

SHA256
a8f9ebec6e15243d2a31b02613f8d4a206245704cfefbdd46e0154409716e7ae

SHA512
fa9ae0c87acedc5140fa82a5b3e1f57c0d56fb16e48eb98ec71b4dc048d2ff2a30f65cc91d82bec06d2cf96c9d468895cafad8269ce914e9fc8aa0c10c12a0c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
7KB

MD5
80f61705950256c79ca0884914dc9304

SHA1
0e11e50ed6f4659ea779dc72db93f3fadac68e07

SHA256
5fc549067c20d91f4cadcd6e034af53b3214bcf6685bc31d57165d41bd49c4ae

SHA512
9aded70c0d70f59b88be3c8d154ef97a9e1ed408c5b4ef1084caca35a4160e80c7158629b217d778afde99b94d6af2ec40add049e99a84133fa39c149e136068

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

Filesize
6KB

MD5
72f82f9a63e9f8d0cd801f439b2c31e1

SHA1
7a913234f88b15e71c910bdd1d97bc0f9dd38cdd

SHA256
efc0de49b144c758ebecc61bee55023f8f3fc7d2a8828d19e309c077e4735ea4

SHA512
40b969ec96496c6b38d7b6ee6555b4f3e3875b1a20912451dc2f5d9aeb1cd10170f43738f47c3b790a1a4b32e9b9bf65465939dd48bb9d3f8da13d3a4a82afa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js

Filesize
7KB

MD5
d1e15bb286f8864acde02f5bce23cc6e

SHA1
89519dcd75b3241f0762bf985c9c69f11786604e

SHA256
308be17145d8e578f50a2619c961c3b0a5acc98b798f8284b01275f927732f58

SHA512
d88a06af3b9cdf0d68db6a05cc84d92ed4cefa6d1dc0ebbf3da9c322b9cf035d812a07a2fc899d6b1189a0f7b887ed14975af71cfc344e35eb85590ff2b6f0e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7d8421f246fbeb10a9c9eb6c7022480d

SHA1
d7c51d3fec2c7c1ae43cb1e9e81707df70e52fda

SHA256
bee8371e00d26e82c672280d022ec1b6ce433c5835a13dc875a0ad0df53aabc6

SHA512
2ac7250f90de0b0f8580c9af1ef74b05a36e1d54f4ffa9ed183f57bf3229a0add35b0743fa0cb85d1fd6ff998f22b054992a251ae25c5df4feec3156c1b185e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a3827872cb6d690e168619a917aa33a6

SHA1
743df618e6675ed00a64a78b7f611b08534a3d15

SHA256
eedec6219a6b890d22f36c6a0e0305d134b3dc4d7d94cffc7090d10e73ef3ee1

SHA512
3effc94970c38c8eddf0971f761f05f4d1abfd57b8678a316511ca28fd16525e4d25deb5b0d1e9759aa334cd39d8c3b6b86c1837e651ce437e8ae039e9e6825e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
bf75cf7bb9e897a68afef2b1885c8661

SHA1
1f9af83916ee25c767d9ed74b10dd768137a000e

SHA256
8ff458d4c7f3ef712536b2439e2d327ef61d57eec6c6f8333b7ceae9b3e9380b

SHA512
9b5f1c84220be12d8fc357bac9af0019af225ccbed6af964ba31f8113040bece82fa00b8361c7f36d96da5426876a6dac04acfd60b4391f2c73ec1c07cd74e9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0995c74c296bdc53fd8854f60ba4be18

SHA1
6152f11a3f9bb59121b668310e56e5a324b5962d

SHA256
e0ebc0b889564c1a567f08241f8a876c5f455ab133c07b17a4823286ea28ad23

SHA512
93bd47cad3f696be5b556874dd9f044d90a26a84c134e4378784674c1a38611aa846a5911a8e292ec725c96cb9c9f902e883ecdbd70dac95d066962ef76f2766

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
95c5ff821467438f94c61f84de0502d1

SHA1
efe00d39676638cc35f11d3ccea5bfcc2514947d

SHA256
99bdbc6191b2571711285d5d46aa1c8efb4d3051408c061853ef996f896c2e8c

SHA512
dcdaae6188f25a68ad496aec2cd390bf74c60a7969131138d883f81e35e31673ce87e3dedc3944de97692a9f2afbf189a3495d7cb12fb2fc56082214fa5580ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4e93a9ded6296da3c97ffb4d26cfaaf1

SHA1
801694435b84055fef0a7e71575797336122126b

SHA256
d3ad510c4a5f3043bc2059944457632955ed0f501a4f85cd4cf3969be65f3c58

SHA512
5ceb8a7202d929bcdcdadb5de80e78e56ea0e4c2d9fa4de4aef9f5f30cfb36de3fdd9682f2f1ebdab5bef75c299d8cbdf138fde33888ff020221bc9fbf81f422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
f8e3cd711ecba0777b6fbe100a398658

SHA1
decdbb4d667087930bd3ad1df048ce052960691c

SHA256
d79e0947361b83c3b09009c6ac72f21d0d51f719cd99de801e7cea89928bbd0e

SHA512
abaf781109d0b88dc638dd805c80e2603380bebae6bbd320e3773e7160a0ac82b90ca17fa04321bddfbb30860f9614c568a7a11c2b21f14ca7e18ad0bc54e8cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
78705817694531bb1c4b9fb3c5a99a56

SHA1
3b6a0fd31e6f91290e4cdddad5c206f4e7b35cd8

SHA256
59818ede65896f3624a7e2eb63dfdc89d45666622cea612ec24a1475320fa688

SHA512
094beef718ffdeae487115996e33801ed062741fc7d054609473930702a07a4749249ec9bc709c1f3df70e0791a0069aa6dd9e6f68c5e074ae49d73d5b09e629

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
ff48b107b2449a647c64baabd49408a1

SHA1
efb868ba125d9ff08474f02b9483d74c36a13cee

SHA256
7bb8644e565ad4bcfd890f9044bccb4d99953a740e9a500b1f820b2fdc3fc240

SHA512
4da2e4b727e7f31f8bffd680453c451b444bdf217c15cb36e353f8bb5ecb6c6481caa7d848558c7d94cfc2d1bc3551ace11e85ffc8ec7a7b570a59c294ea0216

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
16KB

MD5
f91e1ff896b5616919ac97c7095c513e

SHA1
4ec6eed0bac5a8801db10238c7b3a5d35a87be67

SHA256
07382c0d91dad2bb6ba8bd06ea02f12c57abf7c4e5a70672e9f2954d09a4ffd4

SHA512
6448d6cdfde11e1805b6d381111ea062f681807c9dc54ae890305f287b13b6fb57ef3f4d3b909e56b81c99830c086b5702b46ba0f93e695fce2b87b32fa4b26a

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
429c26ed27a026442f89c95ff16ce8c2

SHA1
69ed09faae00a980c296546c9b5e6a8d5f978439

SHA256
2a466648affd3d51b944f563bb65046a3da91006a0d90fb2c0b123487a1fc1b3

SHA512
04641164d9e1eb3183db0c406583626011dfe2b2574551c0ac466ebf44165afcd7d8faf356b8268b4fc9a54db20de010a4e4293594ad2e605950aea65636f4e5

Download Submit
C:\Users\Admin\Downloads\VC_redist.nR1x0XF3.x64.exe.part

Filesize
24.5MB

MD5
223a76cd5ab9e42a5c55731154b85627

SHA1
38b647d37b42378222856972a1e22fbd8cf4b404

SHA256
1821577409c35b2b9505ac833e246376cc68a8262972100444010b57226f0940

SHA512
20e2d7437367cb262ce45184eb4d809249fe654aa450d226e376d4057c00b58ecfd8834a8b5153eb148960ffc845bed1f0943d5ff9a6fc1355b1503138562d8d

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-8.VMssACt5.0.12-win-x64.exe.part

Filesize
37KB

MD5
aa2f6ddf47bc348ce82ae743690db741

SHA1
ae22d117f7805e2c9f821412ee40a4f1bc6ea71a

SHA256
b8531b89303b8d64dd4bd387fd71d3b262808bb14f8c36fa09e586cf131d3daa

SHA512
85bdc1771de34a5881a87c9c6e4892a53fb34de39ed820b624b068e020c42a38d2b5dcd99ad852dba609aef51a98dd23e9a1dcaae69466aa3226673e68ac4fe5

Download Submit
C:\Windows\Installer\MSI6BB3.tmp

Filesize
219KB

MD5
928f4b0fc68501395f93ad524a36148c

SHA1
084590b18957ca45b4a0d4576d1cc72966c3ea10

SHA256
2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

SHA512
7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

Download Submit
C:\Windows\Installer\f794742.msi

Filesize
26.3MB

MD5
f1f76514ac9697719c2d5ba7a8fa5af5

SHA1
ed9c8e1c3955e89c6e3f4bc7dfc5a373fd1f3730

SHA256
263d53271d7ef800a43f64831f26c23441aa38d750d79810cf3a07aa30a2694a

SHA512
e7efc11e2dfbaa529bc479e32fd69ef4a0e060063a146d52f295273836cede6f3fd9d00d02ec6183b8224d2b752f17ebffd89f05ccee7fee903200a507774415

Download Submit
C:\Windows\Installer\f794743.msi

Filesize
772KB

MD5
19ce5dce852d18176ab40ad39a055250

SHA1
dca228af6b4a7a3c5058cee1476dd919febc5e56

SHA256
8f7839c3df0e003faf93a04c8f68af56574b53b6e41087dc1a55410af353fd39

SHA512
f344a6f05b172fb2992f42d282011206fd75af915945af7f9e2febb04101182f3d28461ff87538dd906229f82dd46e6a7c447e9e4da25469ab942357819946ca

Download Submit
C:\Windows\Installer\f794754.msi

Filesize
29.1MB

MD5
5d79737646d7668fb58870ab0aa3f2f7

SHA1
00b5c6446ab2ab6e178564b1c6c9f2f1c9a117bc

SHA256
8e0410e95068d999ed2d15a0349a5f2c09a97df3f9897dd2276fd61a3eff9be9

SHA512
3191f47637e1983a38b4143dbf7fce6768c137e61ca6c0932f216ffe75fbf2fbdeb0e9c6c764f6543883f1c469ba7558cea3f2902a060094ff9cceaef84ead79

Download Submit
C:\Windows\Installer\f794768.msi

Filesize
208KB

MD5
09042ba0af85f4873a68326ab0e704af

SHA1
f08c8f9cb63f89a88f5915e6a889b170ce98f515

SHA256
47cceb26dd7b78f0d3d09fddc419290907fe818979884b2192c834034180e83b

SHA512
1c9552a8bf478f9edde8ed67a8f40584a757c66aaf297609b4f577283469287992c1f84ebe15df4df05b0135e4d67c958a912738f4814440f6fd77804a2cfa7d

Download Submit
C:\Windows\Temp\{6A54ABB9-E91B-43B1-8E81-4352C708D235}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{BE42375D-EA0A-4528-9E28-4CEF20874D42}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{BE42375D-EA0A-4528-9E28-4CEF20874D42}\.be\VC_redist.x64.exe

Filesize
670KB

MD5
3f32f1a9bd60ae065b89c2223676592e

SHA1
9d386d394db87f1ee41252cac863c80f1c8d6b8b

SHA256
270fa05033b8b9455bd0d38924b1f1f3e4d3e32565da263209d1f9698effbc05

SHA512
bddfeab33a03b0f37cff9008815e2900cc96bddaf763007e5f7fdffd80e56719b81341029431bd9d25c8e74123c1d9cda0f2aefafdc4937095d595093db823df

Download Submit
\Users\Admin\Desktop\Xeno-v1.1.35-x64\Xeno.exe

Filesize
140KB

MD5
f0d6a8ef8299c5f15732a011d90b0be1

SHA1
5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf

SHA256
326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b

SHA512
5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27

Download Submit
\Users\Admin\Desktop\Xeno-v1.1.35-x64\XenoUI.dll

Filesize
95KB

MD5
38246fb0d91772bb188b74956fcac653

SHA1
5b513501576bfd408c002bc7e3937222bd5880da

SHA256
5467a08450f3330e5aecfcac90b7e2f6005b7031b2e900c6080e894ff435223a

SHA512
66c2db8045386a2e3cf43cd56c9fc72d34108a4092fec0ef83c4817a6e2484ddde4d3366228532cbe60bff02d6e28b6c7354c749db955de236396dc29116251a

Download Submit
\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
c8dbf0ca88facfe87899168a7f7db52c

SHA1
e2cf163ad067b5d3b19908a71ed393711f66cd09

SHA256
94b6e91b93c2202dabd659bff294bee87c22897a30a6b4930b49051c2fb502dc

SHA512
e85c738f5d5a0ae6c3ef75a082712cb3cf2feae4560d316cb110e4eaf3a97d6058d5374da2a5edde39c3114f9aff8a027cbdff8cf49be2425943bac09c39e70b

Download Submit
\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
98da186fd7d7873c164a51c5d7b77f1a

SHA1
725a8b8fdfbe6a1e85674f4b2a7c0dd08411e00b

SHA256
80139e4caa379d87b1d1dafc23ace71d2b330368115f6314140d4ae59c2a78e8

SHA512
587b49a24cc59d4dcb62b59f379d1c9010196a6551cfc99ffdd931eeb0172618f020863191e530d65ad198e57063c57ba6f70bcf80591304243268ea5513f806

Download Submit
\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
e10e077bb06209aedd0d0d378c758f73

SHA1
97a9053a311280678f8ef65dc4e25975c41bd4ee

SHA256
8a7bff1c918539a75c25568db25933d653c003e016fd7791a37186b42bbb7c20

SHA512
571c1fc4192320bd967b603e6cda917a62f4720eb4dcd557ec2913d2558c0cfe68f936198f5809934aaa3a1d6049e8e918eb0e638a7244df5c71ef0c78843191

Download Submit
\Users\Admin\Desktop\Xeno-v1.1.35-x64\api-ms-win-crt-string-l1-1-0.dll

Filesize
18KB

MD5
0f593e50be4715aa8e1f6eb39434edd5

SHA1
1117709f577278717c34365ce879bcd7c956069b

SHA256
bf4ea10be1b64c442ac0ccf4bdf69f6703467176a27e9e14a488d26448a6e179

SHA512
487dcbf7b7f18d62606cb2f05c8feff07e6ecda42e643f5919c6edda66cdb3b8cc393b0d260374f06c10cf54082410fc9f02bd87cc50866bc0c28b0bcec3e658

Download Submit
\Windows\Temp\{3D0BE644-6453-41B7-96DD-162A3D0B3236}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe

Filesize
608KB

MD5
5555cf5ed6a31586a87c77636f1d5fc1

SHA1
f528d1474a024742e723d0f7fe44e242791c1dc9

SHA256
b4b057c09477f0fc9d188db4d1d057eda90756be63faed3744771d22307f4abc

SHA512
0cdc75c9bc05c86055e9e58dfc24d3590fdcfc466e75e58bed9068326cf38230554a56609ae89c0c3802e9cced7eb11c0836fd967009bb52e2c22b0d308e13dd

Download Submit
\Windows\Temp\{6A54ABB9-E91B-43B1-8E81-4352C708D235}\.ba\wixstdba.dll

Filesize
190KB

MD5
f1919c6bd85d7a78a70c228a5b227fbe

SHA1
71647ebf4e7bed3bc1663d520419ac550fe630ff

SHA256
dcea15f3710822ffc262e62ec04cc7bbbf0f33f5d1a853609fbfb65cb6a45640

SHA512
c7ff9b19c9bf320454a240c6abbc382950176a6befce05ea73150eeb0085d0b6ed5b65b2dcb4b04621ef9cca1d5c4e59c6682b9c85d1d5845e5ce3e5eedfd2eb

Download Submit
memory/1900-4637-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download
memory/1900-4636-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download
memory/2936-4503-0x0000000000CB0000-0x0000000000D27000-memory.dmp

Filesize
476KB

Download
memory/2956-4502-0x0000000000CB0000-0x0000000000D27000-memory.dmp

Filesize
476KB

Download
memory/3352-3375-0x0000000000500000-0x000000000050A000-memory.dmp

Filesize
40KB

Download
memory/3352-3376-0x0000000000500000-0x000000000050A000-memory.dmp

Filesize
40KB

Download
memory/3480-3378-0x0000000001E80000-0x0000000001E8A000-memory.dmp

Filesize
40KB

Download
memory/3480-3377-0x0000000001E80000-0x0000000001E8A000-memory.dmp

Filesize
40KB

Download
memory/3828-4465-0x0000000000CB0000-0x0000000000D27000-memory.dmp

Filesize
476KB

Download