hxxps://drive[.]google[.]com/file/d/1gHuduEAeMdxpfq-9pT6f9B9muv6k50AE/view

Analysis

max time kernel
480s
max time network
486s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2025 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1gHuduEAeMdxpfq-9pT6f9B9muv6k50AE/view

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	rundll32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	rundll32.exe

Executes dropped EXE 15 IoCs

pid	Process
1916	Set-up.exe
2196	Set-up.exe
540	Set-up.exe
4920	Set-up.exe
696	Set-up.exe
5832	Set-up.exe
1544	Set-up.exe
5208	Set-up.exe
5880	Set-up.exe
1164	Set-up.exe
4984	Set-up.exe
4912	Set-up.exe
5656	Set-up.exe
1224	Set-up.exe
6084	Set-up.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
8	drive.google.com
13	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 15 IoCs

pid	pid_target	Process	procid_target
2796	1916	WerFault.exe	134
1224	2196	WerFault.exe	139
5284	540	WerFault.exe	143
5404	4920	WerFault.exe	147
5604	696	WerFault.exe	151
5504	5832	WerFault.exe	156
2416	1544	WerFault.exe	172
5544	5208	WerFault.exe	177
5936	5880	WerFault.exe	184
5164	1164	WerFault.exe	188
1372	4984	WerFault.exe	192
5388	4912	WerFault.exe	196
2816	5656	WerFault.exe	197
3284	1224	WerFault.exe	202
6056	6084	WerFault.exe	206

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
2108	msedge.exe
2108	msedge.exe
4980	identity_helper.exe
4980	identity_helper.exe
5672	msedge.exe
5672	msedge.exe
5672	msedge.exe
5672	msedge.exe
6092	msedge.exe
6092	msedge.exe
2104	sdiagnhost.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3836	OpenWith.exe
4228	msdt.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	1040	firefox.exe
Token: SeDebugPrivilege	1040	firefox.exe
Token: SeRestorePrivilege	3012	7zG.exe
Token: 35	3012	7zG.exe
Token: SeSecurityPrivilege	3012	7zG.exe
Token: SeSecurityPrivilege	3012	7zG.exe
Token: SeRestorePrivilege	4552	7zG.exe
Token: 35	4552	7zG.exe
Token: SeSecurityPrivilege	4552	7zG.exe
Token: SeSecurityPrivilege	4552	7zG.exe
Token: SeRestorePrivilege	4516	7zG.exe
Token: 35	4516	7zG.exe
Token: SeSecurityPrivilege	4516	7zG.exe
Token: SeSecurityPrivilege	4516	7zG.exe
Token: SeDebugPrivilege	2104	sdiagnhost.exe
Token: SeRestorePrivilege	224	7zG.exe
Token: 35	224	7zG.exe
Token: SeSecurityPrivilege	224	7zG.exe
Token: SeSecurityPrivilege	224	7zG.exe
Token: SeDebugPrivilege	2336	taskmgr.exe
Token: SeSystemProfilePrivilege	2336	taskmgr.exe
Token: SeCreateGlobalPrivilege	2336	taskmgr.exe
Token: 33	2336	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2336	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe
2336	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
3836	OpenWith.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1040	firefox.exe
1916	Set-up.exe
1916	Set-up.exe
2196	Set-up.exe
2196	Set-up.exe
540	Set-up.exe
540	Set-up.exe
4920	Set-up.exe
4920	Set-up.exe
696	Set-up.exe
696	Set-up.exe
5832	Set-up.exe
5832	Set-up.exe
1544	Set-up.exe
1544	Set-up.exe
5208	Set-up.exe
5208	Set-up.exe
5880	Set-up.exe
5880	Set-up.exe
1164	Set-up.exe
1164	Set-up.exe
4984	Set-up.exe
4984	Set-up.exe
4912	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1736	2108	msedge.exe	83
PID 2108 wrote to memory of 1736	2108	msedge.exe	83
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3516	2108	msedge.exe	84
PID 2108 wrote to memory of 3576	2108	msedge.exe	85
PID 2108 wrote to memory of 3576	2108	msedge.exe	85
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86
PID 2108 wrote to memory of 4932	2108	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1gHuduEAeMdxpfq-9pT6f9B9muv6k50AE/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4cd146f8,0x7fff4cd14708,0x7fff4cd14718
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,13264798847728216348,10508991236692716689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3836
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\ELEERECCCLS13.3.1.WIN.IEMOJ98.rar"
  2⤵
  PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\ELEERECCCLS13.3.1.WIN.IEMOJ98.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf10932e-5896-47af-a27b-a6359a88188a} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" gpu
      4⤵
      PID:5312
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82786080-9973-494b-87cc-00d15dd02b55} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" socket
      4⤵
      Checks processor information in registry
      PID:1900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3192 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed5c9b4b-0bc2-447a-b4fc-d67332bf1c3c} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" tab
      4⤵
      PID:5516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 2 -isForBrowser -prefsHandle 3996 -prefMapHandle 3124 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e7e29d2-5e04-49f8-804d-aef1710d6485} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" tab
      4⤵
      PID:2196
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4596 -prefMapHandle 4632 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb891201-a69c-4136-bf24-25ac191d7fe9} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" utility
      4⤵
      Checks processor information in registry
      PID:3116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5504 -prefMapHandle 5324 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {289f741e-e53b-40c2-ac7e-490c9358032e} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" tab
      4⤵
      PID:5152
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5724 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d155ab8b-47de-4a9a-b598-4be6c9b61f6f} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" tab
      4⤵
      PID:3800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5904 -childID 5 -isForBrowser -prefsHandle 5912 -prefMapHandle 5916 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {024665dd-5df7-406f-8888-c829e0db927f} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" tab
      4⤵
      PID:3092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6352 -childID 6 -isForBrowser -prefsHandle 6340 -prefMapHandle 6320 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c9f4e6-35ad-4760-aa80-677609d48b31} 1040 "\\.\pipe\gecko-crash-server-pipe.1040" tab
      4⤵
      PID:1724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3700

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21165:120:7zEvent3545
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3012

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap18491:116:7zEvent13216
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4552

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 1768
  2⤵
  - Program crash
  PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1916 -ip 1916
1⤵
PID:2724

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 2248
  2⤵
  - Program crash
  PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2196 -ip 2196
1⤵
PID:4732

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 2228
  2⤵
  - Program crash
  PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 540 -ip 540
1⤵
PID:3612

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 2236
  2⤵
  - Program crash
  PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4920 -ip 4920
1⤵
PID:1156

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 2248
  2⤵
  - Program crash
  PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 696 -ip 696
1⤵
PID:5732

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" t -an -ai#7zMap18735:130:7zEvent16237
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4516

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 2240
  2⤵
  - Program crash
  PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5832 -ip 5832
1⤵
PID:3500

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe" ContextMenu
1⤵
PID:3744
- C:\Windows\System32\msdt.exe
  C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWE391.xml /skip TRUE
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4228
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
    3⤵
    - Checks computer location settings
    PID:4400
  - - C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
      "C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 2344
        5⤵
        Program crash
        
        PID:2416
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
    3⤵
    - Checks computer location settings
    PID:3468
  - - C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
      "C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:5208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 2400
        5⤵
        Program crash
        
        PID:5544

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2104
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yagbfbf0\yagbfbf0.cmdline"
  2⤵
  PID:2356
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE98D.tmp" "c:\Users\Admin\AppData\Local\Temp\yagbfbf0\CSC7D3AB551CC7B49898EA7888636DD606B.TMP"
    3⤵
    PID:3180
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yd4sbggm\yd4sbggm.cmdline"
  2⤵
  PID:5652
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEA48.tmp" "c:\Users\Admin\AppData\Local\Temp\yd4sbggm\CSC371405016BD44C1796548D47F3CF6B40.TMP"
    3⤵
    PID:1936
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rlkkw34f\rlkkw34f.cmdline"
  2⤵
  PID:6028
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF0A1.tmp" "c:\Users\Admin\AppData\Local\Temp\rlkkw34f\CSC26048AC4C9DD43F48876416122D9788C.TMP"
    3⤵
    PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1544 -ip 1544
1⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5208 -ip 5208
1⤵
PID:1340

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\" -an -ai#7zMap14126:130:7zEvent15165
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:224

C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe
"C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 2152
  2⤵
  - Program crash
  PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5880 -ip 5880
1⤵
PID:2132

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 2264
  2⤵
  - Program crash
  PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1164 -ip 1164
1⤵
PID:3236

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2336

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 2240
  2⤵
  - Program crash
  PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4984 -ip 4984
1⤵
PID:3528

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2136
  2⤵
  - Program crash
  PID:5388

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:5656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 2240
  2⤵
  - Program crash
  PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4912 -ip 4912
1⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5656 -ip 5656
1⤵
PID:3664

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:1224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 2160
  2⤵
  - Program crash
  PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1224 -ip 1224
1⤵
PID:5972

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:6084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 2228
  2⤵
  - Program crash
  PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6084 -ip 6084
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Installer\Icons\LTRM__win64\appIcon2x.png

Filesize
5KB

MD5
1ac8880ba8b88b522867b307ef82af4b

SHA1
20f6cad40533139611058f985d9a388e2e1ab08f

SHA256
03198342c1e9273a8ba7e9e603990316e5401b8c0793e4b96e6e642bc588329e

SHA512
9f24b2ca43e7a45d43495c7e87026415c6ee175c7f013a058070173343be913c9c67b7d3c7b925d81f47c484a73348e81862244bd7a3e3c4912a71584e3be7ae

Download Submit
C:\ProgramData\Adobe\Installer\Icons\LTRM__win64\carousel\carousel.js

Filesize
2KB

MD5
0e3869d848664a9a6d6b0f30201419c9

SHA1
713f2838bcb2fc2096d5ff292f6eeaa407e86c52

SHA256
2acadd3f2a3f60f94f71bf9cb094e88b4a0fe2efe3a468baf1d05ac07fb86cb5

SHA512
33871ddf63b54f9199485744f6732c018750699ddcb257bed72b3430132ad263b57f3a4c69dcb9b2234997121773fadef2e54f359632e9598e214bbc8d60bbe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
471B

MD5
8d936030c133cf3a5a149cd42112fc43

SHA1
fab83773f67c6b48223c066044b862351b2b2f74

SHA256
3c3d3c5427df09f97043c494808dc7a63ccbcd2b45ad96d857c779c22ee2489f

SHA512
9519ec709d0602f536143e8465f127053e020b59a380bda7b564a8cfb65910aa4ea6864dc04da3f147ce929512fd4e07190602a38258306d33a6b0b425bf714d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
471B

MD5
5f44705274d52d9a30517546187f9180

SHA1
e81e546f67a4b39d0d481b189007d6caac7fddac

SHA256
5f53cf0baf6b666a0a9e5bae8fa56301a7b4f572669c60bb0a4bd1ec909b1450

SHA512
74c894fd32d45441b3893ffe67b849ee6880d07a364dfc6208f92e465c7877ee646412620d4ba34fbae07b587f1232cf954540dccba553334d1a4e19c4c7d1f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
396B

MD5
e85939a7ee723230720efdf2ea3d5686

SHA1
2f05527276339ae42c356785c74812e08db4a474

SHA256
09aa7d2162ed2dce185dda810b1091d35a49bac17592213c20bf96412ea01c9f

SHA512
a1fbe66f5f1b6d702c44220859d7ebb767aba0ee175c568bacac2e7f4b4a51e6897494f303b250cf74d331fda2c70ea65da06d1c24f6513619e6f84b8ef06167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
408B

MD5
e50da3a3f8408c790bf7e1179b599490

SHA1
f5b3ee005a1f9e9b010a3c3db0ce3ae808d99b5b

SHA256
7837d711df4e622ae6bbf4b1dee1c07da19b2ab67ba3cc7338d09643c9ff8f58

SHA512
1a6ee03da7fa2392c82788e3f3fa60659327f7806ccbc2aaae7ea255a9c1b03f3177641438f60c7a3fd5c6bccbe3a3d0505a08cb7e2607b0451160da11299df0

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2025012620.000\PCW.debugreport.xml

Filesize
3KB

MD5
c7410ed90cd5697eeaa8fd7eaf95847f

SHA1
d35331725d67859d83661685ea2387b92d2b5f41

SHA256
58c8aee9d8ac30baf2b7ea78753b33dc0af90d487a54d80ed9049cce76cabf34

SHA512
b98331c251188b1e7eee1696e1c9299be5f9a31276d73fc08a6d73584e3483777b56cd15c3a8e245ef973e85001638fe5efea41cd381c029e638f94238550e4f

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2025012620.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\06ac0f22-fe78-4cc3-bffd-0ab1398780fc.tmp

Filesize
10KB

MD5
3c818f66fa3f2b74eb3352cb457fec20

SHA1
7ef0497aa726c2b0cec27e5626eb430264b01c92

SHA256
7f4505e063b653328e4b1cdcaabd1fc6ebe51d728039417973c66a9a5253ecf2

SHA512
c785f72236c0468a5ec4005f29541263736c01fe1c6ec2a7e075b3ae991bfd0b94c73dbc2ab3d46ecc173e7124d0a77aaf7b67ce14d11b9cffa665a74fe06190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
82063dc72fa45c759a79488743ef839c

SHA1
77512fd38bc78bfb940b7ba14e51ba027055ed63

SHA256
f2d413471c8a0628f7a1e74e71efdcb93849f443aaf1412040ec7790ef2b0b73

SHA512
48b146479d06600490b6b43fad32c11c91d4888ecb010b689ccb23935377f32bbb8cb64f3fd3c7f443bfb1019e9f5390f2cabc40e32d33407b80a7ebbd8e6f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03fc76f5318a61aa9d9b32db974297b0

SHA1
db9e324a5761348f4d42adcb78b02451f9c9293c

SHA256
9a4db07fef52b009c43725d35d1fb0737d570c17801d04ecd48424536ad2a2f1

SHA512
04f7d0f790978515cc4a6dc59d9f0db7049f65e3c4a7c8a0e675812b83be14193276c8f8b8a2049fc433062694fd0210c97c6d570829f86b7cab80794cbb595d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
269b39107f5f9979acc7a89e1cc23a45

SHA1
499792aa98064cafd7a1d80c5c7348e4a64e57a2

SHA256
6e42d8207b91c16dc959bb020b6070137a4fa4781c55f128b795fae3fd7c186e

SHA512
c4eb2355b383da4901fe3351ef53027770d1225225079d07cfa8a8f7d6068e33fb162caea2186bacdfaff323c72e5f27593b14f8e4fb4cccca9749734a429afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37e77925de96588b3724056fb16c579f

SHA1
7bbaaa767f82d54025a30733a69a1c717e852db4

SHA256
b5a228f8de874e2f118b2ec36a3dc07c26de2da669b2ae335e996fa451299dc9

SHA512
918414d8ed4e77668f84b724275b45c6425bd132e42e078ef1bd48af44713c7b4e1c8b451f860e49e16ce6d808457f357ba9b0958e4330d6e7419bd8b9d8c38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5493cd73a2e3355fcf48d824a8fe256e

SHA1
dcf57a5251f7d8bf2f9d159203f857d363789bc7

SHA256
1fe09d616775d8726690e06c0f717093ba43122be0aab914cb6fe077d3f49015

SHA512
5eccfe66cf497a183dc92e4dede8065dcb69eeac206460fd19e9cf4bb7acf5aa51ce5be69c4a9870c78b86cfb30c7e7195a406ca15344c0fc6d392177adc97bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f89b228bc20b0d6a4d595a24e371c66e

SHA1
783331f95b1fb95e64e0d5c9b9e5fc3f8f6b0470

SHA256
aeb4dfd90b7de2bb74cd4ae7374d5b88e76a74058b2ca330a8adaab04d98757b

SHA512
2a30bff3ce845029ca0278b9080fea8712614926c3f5c9457c845815e911fd4726936b293985f779531a796f9724cd61fc09eba40f8a3c0cb11567bc9206203a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4429f641b28e8d5eb85ba715e66764c9

SHA1
bd3e8892dcdf76f483840cfcb1f7828974711310

SHA256
fa30abd7c4e6bcece94e68c5cb171e843a86eb869c659a57312397b41b256001

SHA512
a128edda2b6d2054970836c95518a36f3c04b499f4bb5d511a22f231b1e78369d10520925b08b1333294213a6fcd630d28c46a1c68cafe50bdf2d57494e54831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17c113e834bfed2d3fb7e936da22e774

SHA1
a0955bba70f92efa9724ab434712e1b5e4bedd4b

SHA256
f45d64e891ba5777273adcf23bfcdc610cc7c1dff0700653cb784ff0213f62f6

SHA512
15a3d619c4adbf3fd4b06a13ba693ef329d29cf385540465a18429cebe886845f55bdbbfc5b24c85f04b7611770a484cef3da9287b85319a1adc3d54012f6826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44b35d9fdc375fe4682291de355019fe

SHA1
94d1dc0647b7b193ae869f52e184cc3c8f83d76e

SHA256
2a728d7b2365b260ab73a0826e86c87fe31321a2839a2c1d9f795f5d54695e4a

SHA512
4c175ee5b7e9ec71ab1a9af7d13b203bdf1a4ef76f2c4cb9759d391a415e6655f445636aba59dacfa7218c6f8ceb6d6fa0b34040b6683cd170fb4655043db38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bef14c0e-e129-4b31-8eda-f5c80bc7e5ef.tmp

Filesize
3KB

MD5
45eecac46935783018644ee0704bd65b

SHA1
c63decb4671fa4a41d2d97941d38f56d0f90a16c

SHA256
acbf465ef01478f0f94b84e37c857440e061bc35d6c68e41fb73f3cee14c3753

SHA512
109f9c2a00d6025689875f67e78e6c47dc8263ab053bf0a101770ec2fb3cdad7dd9afbe3b056e3a77305f4ec7d4650694d883d878c4d2dd0a701b3d672ee8c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
827bed61150a8a70cea18c69c70cf70a

SHA1
5a947cbd2a42f524a680a69f99abf6ece6487b4f

SHA256
973a13763bb65d919f31dea52778daed9d39fecaf2a293f203d064717484fb97

SHA512
dfa10e6cced51ac6da526620902b6cde77cdb2868b061fce5c97f25b95364f1a5da0e83216431906c19727bcb8356d7899e8c1422342e59995b5a313217edc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6808a4ca68b2a558c39411332b372ae6

SHA1
29041aeac399da2f6c43b13e2d99ce106149a4f2

SHA256
761b3755f78515745ecd9399316cacc4b6b10f35fe7429064f34089e1c07e877

SHA512
9a823f0b5e363d11f9996406ecfa3e705154914d84ebd18e8a657a6e51dcc9866e9f6694cf61f2adc7667e7f80bb2c2ee4b212cb3df537d04905f04d9bd1237a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
41e24bf4af0f6f72212ecfcd5ef70f9d

SHA1
6860085d4530fa7300e4413a9200fb1a950803bc

SHA256
cfbaf9d7c369ab2bf94c912dd65fb7812814d46f78e33cf3c4e5c701c52431fa

SHA512
fee1798e476d16ece3d0b555e29a1b8580b3f6c1de175a10e89fa1c9914c9e2242addc6733ffa503354c923f905dfec47ec821a957f3fb0cbc60141dd28dc487

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
3KB

MD5
861291eb1f9dfb028e23b04cceb96006

SHA1
3524ae3a7e884efa2879c0993803253b3acad1d9

SHA256
bee814d206b12857b2d54446d5186e736763d670bc88d3f214aa571cbfb2ed21

SHA512
1744b3cae91fc658980e4926d179ce05a814eafc9feaf502f79fee44bfe7e6e37c4bf971634fa78931b63db91f1ed1c4a95c1de4f9edc63ec9d079bc9753ffd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.0.468.log

Filesize
7KB

MD5
9055b6cde2b6e7363d001115a868efb9

SHA1
9087ff30b98545597dfe8fbd6e830c484b625cec

SHA256
3354688d9f335125d14ee4d5c5de679e38448a473d817843c3b2714e6622cd19

SHA512
e34bc4613a38b8d1230bfcadf1ad8451c03d87b812ce92c65435be29d1006376105fff795a96c0106963aa4e26442beb40d44be440c20041ecdf2cdbb9fd0e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rvwhvcey.vtn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat2708.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat2718.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat2719.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat272A.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\content.css

Filesize
16KB

MD5
edacde36ff06bd26f1907ae092eac998

SHA1
c25e9052ee5b28ec28e2eceee40217302bf2caae

SHA256
257634b6fa84dce998b31d6497330f0a0661efbd270f58289fbe026ed95b6f2c

SHA512
7e8d48e71a51659ea52dccc2d7c542580c9ea1953ec9ca2ad77d3c0926c5bc77167f85121fab2dcb7fd4d6d2f04edbd90815b76979d3269994cf662fadc357e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\content.html

Filesize
6KB

MD5
60e80c05a9d6aa602626fec33cd99e3c

SHA1
7aeaac92d57fbabe5da2c923eb0ad1bb22e647ab

SHA256
5bd6a4bc514b2e697a0f0e8b7b8c0be0af34a9e1c25a628b286a5cdf8e1837d3

SHA512
838de7045b1ee4542d4145276b3fef5ba60dc10ed0066266bebb3e44c5485005d33dceaefb1cf3fd1fd1bc7364622bb85630957a243464c4c738a415b30adf7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\content.js

Filesize
36KB

MD5
d5e6dacf9aa3069e9241780cbc82d50d

SHA1
1b510f2e06b363b4b138afc409a811254f976dca

SHA256
4c3f64961a872731185c0db4d155c9db73f7885ec4596f15098857c5e1fe91f4

SHA512
a3485cd865098e0b6bad5b03936d8ca233eef42ae88f40d660e40a95cf8da1edc4788402c21cfce3eaf7084fadb35d121b1074e0e30adea4c01338aa1a327f39

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\adobelogo.svg

Filesize
749B

MD5
e7b1717b9eba236b9c12be7a980b5b40

SHA1
f1baa3f41ffa5dfff320b7e289964cec54f19a99

SHA256
2a48e8db0f3991de1088936f56c583fe615fae4b9e14f4ebe2b33d29138088f3

SHA512
9c8debe604372ac1fe3945579ee843f13df6f8d40f2c402590743009b39c5f80e859830fc422d7f8d447c4e30f1198584850de657facfaa2b84955d386563b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\alert.svg

Filesize
958B

MD5
332816d7725fc31725b678cff1cb6dcc

SHA1
876f938efb86c1bb1733b47ec279335de97576da

SHA256
8b5469642507c00b9130bf7ed17a1e4d221e2a93dfd4d2972163650c4e94d714

SHA512
5c4a678892b1a550a0c85e77f75c8b56febbfcd92c658dab198197ed17d7fad04d7b65f8adc17e095895366bf933421cae30e430e136870d3e02e9f89d115775

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\appIcon.png

Filesize
2KB

MD5
26e9b0fe7397d9c072da92fcf6951b11

SHA1
4ee24ef82e7ee4fcc980e3caeca90b6e0d99b59f

SHA256
e4c2314a50cf372465c97d955645455ccad1911eed45ff2c2de5a310316ab15e

SHA512
782b380a45eb82aeb69ae07938b9c0f211525fac4718c30b96c28d546a93be1cf000714df2375596cb6d237f3b3cc84f304fca73a732a7e044864ea329013425

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\cancelButton.png

Filesize
295B

MD5
7ae9fb845b9137ef10002fe9d0f5c643

SHA1
9f3fa2b29b1b40e1b6794e5d624524de297a8b59

SHA256
e9e5fc264337bf6845b2cf2720ddcde8936cb120328087917bf94c5911edd74a

SHA512
4420cdfbc47d2ac804f1c05840e4113b098ffc71e95e11ffe8f95342f5a75dc0f35fe8012984b0d645f1310b524f66069ae0c0fe053e0d601d39aded321c15cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\ccIcon.png

Filesize
550B

MD5
8d2c84506f3f48a810eb7232dc000d6f

SHA1
f4a238c1f7c02c7c907368b939efba7512c6be5a

SHA256
c4620bc8b293dd89db628d2002ef9fe02055e2d1cff1f07e18a3e2e4942ab7f1

SHA512
0fcca755a410c7ef4e6f056b7267aaf23d5063dd8230528fc3765ed1e3d12042c930f999a54498e754fcb3565df17636d7a5de2e95e142ae139d17a744ec93a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\ccIconDark.png

Filesize
654B

MD5
13b5f5e052334e0ad6d31845fc859e3d

SHA1
b71022382904d194a5d8f5cb3b1d0dd92e254b16

SHA256
87fd64c46642058fb6d7ae4ab2c71ba5df7ce12ffb8b9383edc7bb7a673f0306

SHA512
79e77ef0cc83c24d3d0f04a2340e248a8dd11469f43740b6453913648cf2c3c5592053dd4a5a34c81f3ffdfdd0fddc5953454ee0d44d3ac946b2ddbe17ada584

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\checkEmpty.png

Filesize
167B

MD5
d13cecc413374c4ddc22a9edacde8a11

SHA1
981295dd1f713584591716a6e753346b8a89215a

SHA256
b9c9ae215daf1bb5b6692f527375207aedc138891947e5f6c1c6b549c2ebf39a

SHA512
a717e64430a4680d09c555183c69705998fbec4cb8aa41ac6ad10df9fbd4f4e2243548689f12695760d5b191ed62a38a92558bc88a730004d7119dbe017c6241

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\checkFull.png

Filesize
317B

MD5
9f7974bbcc96f12769c1856045eb7bc7

SHA1
fa0b9b9d709718839ea525ab838260a4e124fb1d

SHA256
e7fcff2549114496e8141f46a7606f740bbadf22c9ad818c40d9ff9b9ea12198

SHA512
bc38c23791a8ad4e596e921bc5e391d39bea998434915d5c25b1b37015a089fe91ce9510774c48fbc91e52400c5843897a5780aa1c2cf5c8b73d3f89a2aa0856

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\dropdown.png

Filesize
224B

MD5
ee8599707751befddb2b94bc79525c15

SHA1
e118b48e25fe42d933377b03fb5a9a710e1c5caa

SHA256
c1f6844923f7c311d996d81eed6d8e769d52df6d95c898187d92997abbb2770b

SHA512
cdce6d59c807dd1d2b13af39e2fe078b0c0ad51b021dc30373e18bde2a807449051f3f9084afa15b2f6d943169c1bc246c7dbe6e965ddacacb961f67269fb548

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\dropdown.svg

Filesize
289B

MD5
4585f70294e7b625dcd1ea8c585067a5

SHA1
11c92ae523b0c588c5469814b0c3c7778cb3f133

SHA256
7e58a1cce147df03605a92ffda1b88ca26005c09d1eb9ae56f37accdebbfe348

SHA512
deb1ce83d9bdff93eff950ed267076e5e8a7bb43cd2dde28561c3d07f68094a9c99df594bf2fdcb38fddf9656cd51475108ad1b29f8c9d4bf197e6da5a093b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\errorIcon.png

Filesize
466B

MD5
7978536150734ceffaf0720837e8b302

SHA1
7c11361af6e41d00beffaf4ef9e677506b32164d

SHA256
5d10637927b7a623428560eaf18fb8eaf439cd8731199c3b4d251b9846841183

SHA512
da5bb4329783ba623e12d3dc50b2c080e8ac2aff4d4f25dc3e1d84561fd9b40b158570b98dd24618762562674fc1b7d10e081677f214ec859ecc5d0b477db0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\folder-open.svg

Filesize
602B

MD5
3530c5040ac9af92cd0a7d347f764593

SHA1
b815ef3654ec2c677e8f8f68d8527b6d8142b4e9

SHA256
daf26ad61aee6152cf7c0e8f2d3936d0c220de2a3c329e6ce0fcc007cb64ca51

SHA512
0ce187a12445054e270337b6bdd6b035e8fadb3b0a4e8c822833c12431bb520340fa509ab3e1df564cbf67700b9ba78ee246689267878d386e88f709d10c1fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\productIcon.png

Filesize
2KB

MD5
c798f5f4b98fd335a77e600ce21e32dc

SHA1
3db71eb6d87c8a4fcc6fded25d420cf7ea79231d

SHA256
9b249680adc23b858b08a62ea83fd8373e3480ff6f9120195314897c6e5f2cea

SHA512
f74351c5a9535920a81ee42f8caf82bb0c97664b6928f921b4bc74cc446ee61884b1620bce5e57abd6e1a3311d6f70c1f66c459ee4531cbf0197093feadd29b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\spinner.gif

Filesize
18KB

MD5
7699a4c54b1f5515a64e93fe3f801321

SHA1
2e51f7e1a331d921eaf15bd7dc9721a742984d47

SHA256
9146e2390273ac868609dac1be7f1a0458b7d4f7ecdfe1eaec107b3211f33aa2

SHA512
4810abfecc92866145a22f73639264574958d6db1157da0b6ff0472c14d8171ffc633fc6ba04843fcfd617ce4f0c19633475d2501ace48f8ee34ec8fa6fded87

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C6C2D02-8612-44B7-91E5-7637049CE6A1}\images\transparent.gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\carousel\Dictionary\zh_cn\locale.json

Filesize
360B

MD5
9fcab8f3d4f4840c927531f5975109c9

SHA1
d433d4dfc1fdac136057f8fd551db01727a749bb

SHA256
b103e04a7ddbeefb389641dd93fafee6119f3316f4133702bb3af38bae92fb4f

SHA512
05a947de06e5594ff031fa4b9aeea39725db4648308ebe7bf12d4db875abadfa4f3982b77c5435de9d498da905ae8c8c69b96bc1dda954288b7f9d7a66701496

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A78A5C4E-993C-48D8-98AC-518C6A67D916}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D020DD03-64FC-4A97-B13C-7F20FBB851DE}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D020DD03-64FC-4A97-B13C-7F20FBB851DE}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D020DD03-64FC-4A97-B13C-7F20FBB851DE}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D020DD03-64FC-4A97-B13C-7F20FBB851DE}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
6KB

MD5
5075259a25a3a24976cde8838349b2d9

SHA1
fa80f6faee0be0045e9aa7825feca88151962a12

SHA256
52724103f40ca37a8833550de078893eb377ad045722d9cf9400196c2ffc5d34

SHA512
32a89dcd52e596c87f8b241a99fae31c5dfad2dc6176edb924fed6f2c1d6c7a440747cbe8d8d350e3e81f2935a52ac2dc5791101acb7a5f810bba07c513adb39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
12KB

MD5
c7e0777da8da40148684fad0012edd87

SHA1
48338d9ffb459def61aeb07e17b50ffc934e9b47

SHA256
da294d7ee0fd5181b4b12478cff12bfbeacffbbc0e3e072248cc00833ce25a8d

SHA512
270332231b4f43ee2e6c9bb26baf7d95f52654c01edd93db7d8bd67a7b671ab2b2e52238ea1d0106fda81c73d98b8c16aa7c8777ae99e0a711a927f5f50b6d77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4cb2da1885e470beed15a6fe892a3df1

SHA1
75eaf738dbd7e65046851ebd482705842c9e2e6a

SHA256
cfdc3353604a183181f63bba1653d0f82449d94b6cc2fb5ce39f36c023039980

SHA512
35f12d5d9a5bfe3ad6efc35d6c7b1cec013c14dc55c5901f5326455b4e1b9de72ed921cf70dc73cc488c9d87391d82a810b0e7db988d68d3df3b53c964e0ad5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ae15694551ec6c6c70e1b226920481cc

SHA1
ca6efdfbff348aa7647868ee8bf577eda0289f8d

SHA256
ae663a0163d70f4b01def861b3b0b7898301f14dc5f2190d0e318f98417c03a4

SHA512
ca6bb7ccb22b5582e3985c4635cc390c4f2f29e9eabb43115c5e35d7cd74a2abf63d25dd3827134586369631966c69505d78bbd0610dd98233f28b8398d4e8c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
eda586f18a7b26da47e5fcbb43a995dc

SHA1
4c08ea52849d740e85990a6ccda2a8c71a5c5bee

SHA256
21f80cde59a660128e3f7d5b964300614670096d4997f1d0503f7c803db5afbc

SHA512
efcd217acbf8c0735126e8df5551c0f08afc306f71f41dd213e19c99006f72cebf8e9d1cc49dfcb9ec0c979be6abd1fc65331d3ad00cc48790ccc772b91fdcb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\12a01c24-a45d-4623-b332-973202689b3a

Filesize
671B

MD5
d5537015c5b39bf22d66e5e82a1bd980

SHA1
a91c6e6883ecf2005f2b2f85d3ae9271a99e6414

SHA256
f2a33592cf2832cd66971737eabb478c4ab8ffec70edc3dca705ed0ceceb536c

SHA512
d0c785a3531d8d08acd7e74ee697f8dd3120aee47ddb5e72b077661b2c40939e27d885b2bdc628dd9cae37f267dcb3bb28e9a904b18539d6a6910af5a001ac52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\4c49076c-01f0-4c78-8b98-36977241cf6d

Filesize
26KB

MD5
6378dd836110a2e24ff0a91021dd1a44

SHA1
8040c3bf33ce3a78400dd23bb37c9b550d892e61

SHA256
ec01e1fed635275fab2ccd5a551d7ab6fffdd6e046533720807e47dd80128917

SHA512
02d24b4daa17cee18a4a80b3a5806ceb0c60da28798d592101329fd87be5976d25da4c8fde15c953de511a310b5c7381dfcdbe7535f73f06ae53106db50097d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\e51dc99f-564b-4141-9353-3f8393eb4538

Filesize
982B

MD5
603cbd53df58fb36429cbb74f1e5f591

SHA1
3b91b128547844eccc9f8cef8d8c047c079b5ff7

SHA256
0c777d21ed49bcfbfac8bd255cead79df4dcdc04419ae0da0242db0c16219cdb

SHA512
6b49e87eef4a34efa954ce4b13a14dcccf90e6608f9e93d3deba0c6e85ea83be132d12dabb51d452be43f337dfa4aebb0a8216fb3e262eeb97e5622a5935aa42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\e90d98da-cca6-44e3-bff2-00b42d9f9ea3

Filesize
4KB

MD5
65a2b5c917e9b2bfb7fde953de47d592

SHA1
637a25184e2cf40da84236f2f2cf009c3f631d93

SHA256
b7a4298d41c2193e98b7a95432651ff5bfc7797ae0a1c05bc4eaaec2fc6d88e7

SHA512
35963135c915bb0aa80065b220d44db9574399272e0c076928bb52d16e46d05df47a6be46361d30499b4bb2bc12e8d5ed2af5a6b22b9f7fda1ad2367f0914ddb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
9KB

MD5
e99e794613edf500ede1e0df9bf644ee

SHA1
deb96ca7f87c4d6ad1809583e3525b75701b7cd5

SHA256
53fa815296f9154041a334b3b0f9d4cc48bba6b5057fe4faca3375fc211a7880

SHA512
bab5a2a2dd495491ad5bccc4de82e3084a9f66f84667f436c8adb69a2a2f511b4ef5aa739598f7b74553e08c3a0395996f85bf1499ab86a81004e877a4f78fa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
10KB

MD5
7c74444ef1a6f479e6eb3c6d5ad39bbd

SHA1
9842f7ca8619dc0659135bcaef4cb1d40a8b9324

SHA256
a52776b3bcaf9e8d2bf9a4084cb874170680cd8fecb9724b7d3ee219b89e5a32

SHA512
d591482151842908cbbc4786686cd1b04c11559140bf5c2e52f4feefbeb1d8a56e1f1f2c19e3305a054c9ee58259f8ef73685dadb1bd9111056b64f1a3b96287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
3f307bf6a1b770c7bd763b216558f213

SHA1
12a571620b66429af150dbd544e52dfbbe9e31db

SHA256
202d19f89bc7d03730e9d7f21e874cdbd3f7506d74de9c35cf9ccca63f66654c

SHA512
e590f134e1244aebbc14c6a461ca0938d09c665d5824de5ad89f4ecc5649ce88b44cc6178df2a2df6631aa312e52bfceec360922f60cbbf27b83601fc6d31d90

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\Set-up.exe

Filesize
7.3MB

MD5
7a6fd4ba72301800f1eeb6316908d8db

SHA1
9d8305cb33f7c9d2e1cf21fa384e045467879752

SHA256
9e32f603b9046c9f2a23d6a8c64792f3fb6119f0ac374f04c8830e1e0b374f2f

SHA512
26a3452e7c4519f6212789a8f20e33e44f9a3750a7ea5629a1143862d9c327987c6a34243469546503b1de919857d081ba5aec8984c7f498c52064f3e0bceddb

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\products\LTRM\Application.json

Filesize
26KB

MD5
0d8db458fefb83c552afff074a5b6ad7

SHA1
77b16fd52db876faea66ea51ad291d76b07c262c

SHA256
9f9abf9bdca816117388d395ceeb85746eb87760982da30f8cbe5f889a74d68b

SHA512
da7b61ff5c8231a5a9f3cb23f9e4cf38553927efbb08302b1b1e7dd10540a5ee9b621c17d5a5c3a8c562a3c6877f42d398d8015f8536256e3634c7bf1393ef3a

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\products\driver.xml

Filesize
237B

MD5
07240ca8c64259aa16099095802ef69f

SHA1
351379ec8d9dc8a75f2f2c3f1be3854c02d4637e

SHA256
49dd31173d14f9b9adaed35185e27db37f127ee90cd4ca259703753b2ae594d2

SHA512
13a651f6828a64a4661fd1ee68f66b07705606ca6de21964a29ce30f3cf4bce2e21c3fef088363aa088a1e7c1ef40711c9e2979b241e4917f739c9caf2180aa3

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\cs_cz\locale.json

Filesize
405B

MD5
0e66bd0983b2c3516613cc751d69971b

SHA1
551c857dad708f8e0ddc6b618de7966c254abe0e

SHA256
7d3aecdf9b1ea5128ef87a1e6e74dc3e283fb28dd6af8113b4e99040b15747d4

SHA512
44779ee6d29d2747774726b2c3f76a41e6775548d57705f16d59ad3a4ca1be44fb6cd12d1ef0f6f8f228911fc317f6451c403d04f6f1fefb097c8763d5801087

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\de_de\locale.json

Filesize
386B

MD5
d3f198446f78d6e17d85882563ea6b36

SHA1
3bc7c9cc9182935e4ea000ff951ce9493b99fd70

SHA256
e683843b5ecbe6bafd03c26c3762e9e4fe37cb5dc1d9a7188c9158553f3ccdca

SHA512
d3516f25c4f62a5f0787a173f73e001a149e9fbead9ca85964b94f1786635b246ddf182cbf6a46607938c24928939f41c1812db6b9260a81b70cc20b8722d046

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\en_US\locale.json

Filesize
353B

MD5
031aa6225b953a69e223fc71566058b7

SHA1
45a89a91cc432bdb698be076c8cc1db027b3d50c

SHA256
b754524e0f798d8db77bc777a0fed09978fd3fc9d4494f227b7fe07185efd9ce

SHA512
e61497f74508016c8ad755701c907d2d5e053f6e2d7b1228feb0b9276b8ad202975d81ab2806d5c3593adf6ca1bd320d6bbd6a59e565ed300060e851867b52d3

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\es_es\locale.json

Filesize
390B

MD5
592ebf7fadf7792f05ddae25d75a9d59

SHA1
2853af5a44ee3163261bb471cb7a33f0a0bb2ed6

SHA256
1f10dc92034244bbe5435c8d0029773025b929a36f3d30a4a5a3a4526d8a874e

SHA512
59ebddad4576a121b43181547cf0f806e7fc1192428e782233f3e20c4b75e0e7a2febfa809efe7f9296eed38ccc63f9d4f6850c8cdbaabf06ae99d80c93f2f9b

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\fr_fr\locale.json

Filesize
383B

MD5
47c7066b8c2d86ae7047ba355e57230a

SHA1
5702d5eae9b69896db0e2c9ebe8d6f7b83abc6c1

SHA256
e9c432fa590566d463502adcd51a129f789ebc01c59f6409c5734a0109f05156

SHA512
58a0da179b19c507f1ffe8fe4ca1312f2f0c8799c8f4f53a279b1bdfde311105c76bac187ea179598dc7d13fd32fd002fe0f06f5aa1b1a67cf147e7a02dd9f9f

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\it_it\locale.json

Filesize
495B

MD5
78d8a38ab29f2c70fc0552038763561c

SHA1
51ef11689a9e8fd6cf629e2c0238e12d59341e72

SHA256
2c5ffe288391affe2accc1988900d02c3517b652881fba852994d459434239ac

SHA512
969cabda8324cdf3a9cbe0b0b8fdd2a611ef3b813c012a749a89d792c9a9c6ef3ee513c53b76065efd6d1e93ddfa5c31510bf3e25be2fcb86592988cb4abe591

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\ja_jp\locale.json

Filesize
435B

MD5
8eefa1bb3912183d9e3438f91c098841

SHA1
d06c23d25afc8672eace3d214798c5122b664ca7

SHA256
919cba4b8a59f6b69ce16011e50f3bafc76efe58b21032501626cac364d48e9d

SHA512
5027e49717b19842438388b57232b8739e8a1cf15642bf9806e7eb5a749ed9c7a102d2c876cc8d9cf2113558509965cd638b128519071ff6cb06e1b4d5ac7af7

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\ko_kr\locale.json

Filesize
406B

MD5
3a504ea81ba343fab1ebe2a10efaa1a2

SHA1
eddd814cf6ba568a80553a5516bd588b18ce5a52

SHA256
9b4e351eb416e95f6843224227857c528dce2d7a8bd64876204879138208951e

SHA512
57a52b016801fef387c8d33b483dce4d5bd518bd9989ffaf775df4b4dd1bc83e614bf3ace69f779c5047b0bde6b7b4db861530700523acf25110d8846b7e13e4

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\nl_nl\locale.json

Filesize
386B

MD5
c4d0d42780213ddf399e83c60e8f25ca

SHA1
55c4589f3d9a514dee78fd47e7c3696b3df60c79

SHA256
416b4f94812ac0b6bbeb1a5e4f06e587f4ecad75b8efa02072eb7ae92b622b34

SHA512
74edb2fdbdb07a4fef43f3b61bf08188f4ba24cabd75c50c2e53210ea38e345ac7211dab5e761dccb6e0aadfe901b81cf27ec851b640474ab9979996c8841398

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\pl_pl\locale.json

Filesize
415B

MD5
440e7340c381b936d04d8206e966d44b

SHA1
3f5743e2392c734a546f7b9f75b616ae4a121f40

SHA256
7aa4d5a764e0f0a9649a5faa24f14206d0ae44f3e386ed002df2e6f5d359f0a3

SHA512
3adac1c7c6dffd76f6196414919b051cb9152ea073df1313aaff549b7d8d77b73683a83ce03fd87af6a10a6c9223a07c05130d8e96b9d998dc0104fdadee5b80

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\ru_ru\locale.json

Filesize
626B

MD5
3f1235f9c362e368fe52fd708da455b5

SHA1
88bb2da22e940527b61ceceb4d78c992af78126f

SHA256
454f7fe589e1e08f2cf112eddaa839b60951698a84ba87e7767d4dbbcb3a038b

SHA512
d1dce3df39db2db386545f71a5a67b0725906878983944bc97ddb3c95f706cdc71a7a04d717a28428a7e682adcaf40f2f94561c681f4790989876f5c1bdb2bc5

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\sv_se\locale.json

Filesize
378B

MD5
690dbabeee5810ae5b68027eeb148f1a

SHA1
f1624c92497acdfbc53ffb5a891c545b293d01c7

SHA256
270157002492ad80fff2d47f9cdc0257b72bafed053556ddd5b14c910c6a9a8e

SHA512
01f685608ffe85b4beb4bdf20b701944f7b83ab0fbb90b39f379053285e058610fa9f4c6671f4055586674a9a3a849a2784ddede476e4677be9667f3faad8b14

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\Dictionary\zh_tw\locale.json

Filesize
361B

MD5
bebb9ba86d130666f1dcaf88abac5d9a

SHA1
e07ea165fdfcaa1b073f77f891c248b1669235cb

SHA256
efc69bc38f34fccaaa7fa985dfbd75c0196da23971fba3df349cb8953657e7b0

SHA512
aedd79f53b6f2a923714965320db4e648f8560b6a6d3e53d39b36d16a55d1f9f19bc898b9aad4efe441392dc424936d0b7e04d0a15f1423dd5dec81a7a55d90a

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\carousel.js

Filesize
2KB

MD5
7057230be26daa442c50dcd741b52651

SHA1
6efaa1da034b8168668fdd687f59686976151c08

SHA256
9ad3b97180465322d3ba05f9714fa9f20128a89050a4e02ca3a90b5dea761043

SHA512
03a3df382d0a0c512a30bff830dd154eed44ba1f2cc22a001358073207a7cd91efa49aa87b95cd3e7e4ff1cdbee0f096cfed82f8ac129e39c4063f34beee8d1b

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

Filesize
30KB

MD5
6af297e58edc414ee90c76c2d3ea8678

SHA1
7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333

SHA256
3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5

SHA512
61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\css\styles.css

Filesize
189B

MD5
3a0ec2d2c5020a3cf45c13a87434b285

SHA1
12275d4d51de801ce28c88a0c246de22c6d08120

SHA256
406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab

SHA512
a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\images\01_creativity_for_all_445x239.mp4

Filesize
963KB

MD5
6538f09fdddedc522290e8cf470e1499

SHA1
a3e642419bd22bab0179c20874ef635c037fa1eb

SHA256
77ccbce8f436442013eb0e700f296bfd32c5ef9e98361b758a571953aa330c85

SHA512
4fc83c14fab02b89d5b09c1679bab5fe4867258a8b5597a3127214abb334c9028331d5d80e1be4676c04e913917a74e60e2bcca4acf13b92f69e0dd23873734b

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\carousel\index.html

Filesize
2KB

MD5
4ae648f880552834e7b1eb9cd143c974

SHA1
41b24162122c6f4a284e7fd48d95b3a600edb638

SHA256
3272e9022f5f25c56d7a54df2f03aafcb1cc8519e9db41af7d8d3a3c63e88cc2

SHA512
9ed106d6a490c195c708700a48bbf447ee46f496e6e53ab5ece90d5bc1cb18638b53ceea289a1b5b482f0c8bb7fbaa735f6eee7d8bcdec75c8c4f09464b1de3b

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\config.xml

Filesize
269B

MD5
fc6656e65cbdbc92cc24b60eec7a3d72

SHA1
db7e3089c668bbbbad152acb66e9cf488708d70a

SHA256
2f917740b60e016b74a1388f71bccc5437d65b3a7feb3f89868a827ea04ab530

SHA512
ed7931a25b58fa3118770e3b585760275c0f07b9191396fc5ce5aba7366f0a4f47f84fc687393b600d2837969f8c77194b37cf6ab6c2691461c689a5b1e0e87c

Download Submit
C:\Users\Admin\Desktop\ELEERECCCLS13.3.1.WIN.IEMOJ98\resources\content\images\appIcon.png

Filesize
2KB

MD5
903215217edf05851e7d4735a3aeda0c

SHA1
276c9b676ca28b86116f3f9c6501400a8a36867f

SHA256
0cbe7357815b4aa459f2697e701d6c47f018557d1a1c2ad9ec4443eae45607fe

SHA512
1bec8418663f2f141c845471c7fc11b74d96337542614dcd9ac6ac3e1256d9b247511f9ef42f3c8c0f98d7fe09a6ccf9444dbc933a442417bf8d71513bada9ad

Download Submit
C:\Users\Admin\Downloads\ELEERECCCLS13.3.1.WIN.IEMOJ98\packages\ACC64\3DI\3DI.pima

Filesize
190B

MD5
bfa2825492d0d648a227b6d8a0662e83

SHA1
0c3f1c5fba466792398104812e944a6cd3a9b78d

SHA256
95514c3e12a559ee471e63b22b1b00aff1afe2e0fc60415d022be23df676bc1d

SHA512
68159d2ebc5b4416e448f0fc6960703e826bd01137d18a7a4616619a2090a903ccad1059e29941b08d9c2c881dbb9051ef2d91fa58472dfae1c28ab6da4a62f2

Download Submit
C:\Windows\Temp\SDIAG_611e874c-a5b7-4b1b-b54f-711f3d090805\DiagPackage.dll

Filesize
65KB

MD5
79134a74dd0f019af67d9498192f5652

SHA1
90235b521e92e600d189d75f7f733c4bda02c027

SHA256
9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e

SHA512
1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3

Download Submit
C:\Windows\Temp\SDIAG_611e874c-a5b7-4b1b-b54f-711f3d090805\en-US\DiagPackage.dll.mui

Filesize
10KB

MD5
d7309f9b759ccb83b676420b4bde0182

SHA1
641ad24a420e2774a75168aaf1e990fca240e348

SHA256
51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f

SHA512
7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d

Download Submit
memory/2104-3049-0x000001A17FE40000-0x000001A17FE62000-memory.dmp

Filesize
136KB

Download
memory/2104-3058-0x000001A118EF0000-0x000001A118EF8000-memory.dmp

Filesize
32KB

Download
memory/2104-3068-0x000001A118F00000-0x000001A118F08000-memory.dmp

Filesize
32KB

Download
memory/2104-3078-0x000001A118F60000-0x000001A118F68000-memory.dmp

Filesize
32KB

Download
memory/2336-4032-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4031-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4033-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4043-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4042-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4041-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4040-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4039-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4038-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2336-4037-0x000001F7D22E0000-0x000001F7D22E1000-memory.dmp

Filesize
4KB

Download
memory/2356-3057-0x0000013B84350000-0x0000013B84E11000-memory.dmp

Filesize
10.8MB

Download
memory/5652-3067-0x0000013E14420000-0x0000013E14EE1000-memory.dmp

Filesize
10.8MB

Download
memory/6028-3077-0x0000029466F90000-0x0000029467A51000-memory.dmp

Filesize
10.8MB

Download