38bc13ef112b2f17d4d1a80243fac6a521b5d58228984aae0752d79487fa3b66

Resubmissions

16/04/2025, 11:04

250416-m58gsaz1ay 10

15/04/2025, 17:34

15/04/2025, 06:16

14/04/2025, 08:06

14/04/2025, 07:59

14/04/2025, 07:22

14/04/2025, 07:16

11/04/2025, 21:39

Analysis

max time kernel
149s
max time network
146s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250410-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250410-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
14/04/2025, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecurityTaskManager_Setup.exe
Size

2.9MB
MD5

444439bc44c476297d7f631a152ce638
SHA1

820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
SHA256

bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
SHA512

160f4b095d37a9f4c6279a4a19f072e170c5f819d0e8e588b2503711b9e2eaac9567b48a9e42bf15af50ba60e64ef97a64e003230369aec0b032cb2030fdca00
SSDEEP

49152:4s+HgXcROcfipeyNcRmyQLCUOE+N+2JLKmltavtaKhGiD79l+90U:4s+9ROcapelxQLGEjscg6939l+V

Score

5^/10

defense_evasion discovery spyware stealer trojan

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000\Control Panel\International\Geo\Nation	TaskMan.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3276626056-3619442337-829025701-1000\Control Panel\International\Geo\Nation	TaskMan.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 3 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	TaskMan.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	TaskMan.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	TaskMan.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_english.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_russian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\order.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\ordina.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\taskman_de.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\taskman_ru.chm	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_portuguese.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\manual_fr.pdf	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_czech.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_deutsch.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\readme.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_dutch.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_korean.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\liesmich.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_de.pdf	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\taskman_en.chm	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\Formulaire.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\leggimi.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\leggimi.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\LisezMoi.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\readme.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\ascode.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\bestell.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_czech.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_french.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_fr.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\taskman_fr.chm	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_russian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\LisezMoi.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\manual_en.pdf	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\sqlite3.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_polish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_polish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\liesmich.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\SpyProDll.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_en.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\file_id.diz	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_danish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_deutsch.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_en.pdf	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_fr.pdf	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\file_id.diz	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_english.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\order.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\psapi_.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\Setup.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_korean.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\SpyProtector.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_ru.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt	setup.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3284_582675441\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3284_582675441\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3284_582675441\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3284_582675441\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3284_582675441\_metadata\verified_contents.json	msedge.exe

Executes dropped EXE 4 IoCs

pid	Process
1572	setup.exe
5068	TaskMan.exe
1160	TaskMan.exe
4088	TaskMan.exe

Loads dropped DLL 9 IoCs

pid	Process
5068	TaskMan.exe
5068	TaskMan.exe
5068	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks whether UAC is enabled 1 TTPs 3 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TaskMan.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TaskMan.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TaskMan.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskMan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskMan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskMan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecurityTaskManager_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133890913474992828"	msedge.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	TaskMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	TaskMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	TaskMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	TaskMan.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3276626056-3619442337-829025701-1000\{4A29301A-4663-4657-A5F7-D8EB2331E1B8}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	TaskMan.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	TaskMan.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	TaskMan.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	TaskMan.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
5068	TaskMan.exe
5068	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
3284	msedge.exe
3284	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1160	TaskMan.exe
4088	TaskMan.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeDebugPrivilege	5068	TaskMan.exe
Token: SeDebugPrivilege	1160	TaskMan.exe
Token: SeBackupPrivilege	2124	vssvc.exe
Token: SeRestorePrivilege	2124	vssvc.exe
Token: SeAuditPrivilege	2124	vssvc.exe
Token: SeDebugPrivilege	1160	TaskMan.exe
Token: SeDebugPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1160	TaskMan.exe
Token: SeDebugPrivilege	4088	TaskMan.exe
Token: SeDebugPrivilege	4088	TaskMan.exe
Token: SeDebugPrivilege	4088	TaskMan.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5428	msedge.exe
5428	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
5068	TaskMan.exe
5068	TaskMan.exe
5068	TaskMan.exe
5068	TaskMan.exe
5068	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
1160	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe
4088	TaskMan.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 1572	3040	SecurityTaskManager_Setup.exe	80
PID 3040 wrote to memory of 1572	3040	SecurityTaskManager_Setup.exe	80
PID 3040 wrote to memory of 1572	3040	SecurityTaskManager_Setup.exe	80
PID 1572 wrote to memory of 3492	1572	setup.exe	82
PID 1572 wrote to memory of 3492	1572	setup.exe	82
PID 1572 wrote to memory of 3492	1572	setup.exe	82
PID 3336 wrote to memory of 5068	3336	explorer.exe	85
PID 3336 wrote to memory of 5068	3336	explorer.exe	85
PID 3336 wrote to memory of 5068	3336	explorer.exe	85
PID 5068 wrote to memory of 5428	5068	TaskMan.exe	94
PID 5068 wrote to memory of 5428	5068	TaskMan.exe	94
PID 5428 wrote to memory of 2264	5428	msedge.exe	95
PID 5428 wrote to memory of 2264	5428	msedge.exe	95
PID 5428 wrote to memory of 3320	5428	msedge.exe	96
PID 5428 wrote to memory of 3320	5428	msedge.exe	96
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97
PID 5428 wrote to memory of 1636	5428	msedge.exe	97

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
  ".\setup.exe"
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe" "C:\Program Files (x86)\Security Task Manager\taskman.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3492

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files (x86)\Security Task Manager\TaskMan.exe
  "C:\Program Files (x86)\Security Task Manager\TaskMan.exe"
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.neuber.com/taskmanager/index.html
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x318,0x7fff345ff208,0x7fff345ff214,0x7fff345ff220
      4⤵
      PID:2264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      PID:3320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
      4⤵
      PID:1636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2568,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:8
      4⤵
      PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
      4⤵
      PID:5412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
      4⤵
      PID:1248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4872,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1
      4⤵
      PID:5324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5364,i,16649660404670773886,11360259731631889719,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
      4⤵
      Drops file in Windows directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x2ac,0x7fff345ff208,0x7fff345ff214,0x7fff345ff220
        5⤵
        
        PID:564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
        5⤵
        
        PID:3888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3
        5⤵
        
        PID:5116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=2504 /prefetch:8
        5⤵
        
        PID:4328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
        5⤵
        
        PID:2304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
        5⤵
        
        PID:2244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
        5⤵
        
        PID:6088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4524,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=4636 /prefetch:1
        5⤵
        
        PID:2712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4948,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
        5⤵
        
        PID:1172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4356,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8
        5⤵
        
        PID:4440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5356,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
        5⤵
        
        PID:1420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
        5⤵
        
        PID:4508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
        5⤵
        
        PID:6088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5752 /prefetch:8
        5⤵
        
        PID:1900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4316,i,7039797479650583733,3421511904864149688,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
        5⤵
        
        PID:5928

C:\Program Files (x86)\Security Task Manager\TaskMan.exe
"C:\Program Files (x86)\Security Task Manager\TaskMan.exe"
1⤵
- Checks computer location settings
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2332

C:\Program Files (x86)\Security Task Manager\TaskMan.exe
"C:\Program Files (x86)\Security Task Manager\TaskMan.exe"
1⤵
- Checks computer location settings
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4088

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\SecTaskMan\WindowsUpdates\~jb.chk

Filesize
8KB

MD5
0ea1382b413dd5b949b7a355b69b5cc2

SHA1
edbc34701abe76538afeada9190053ce3433965f

SHA256
ef391bdbb556eb87e784409e73cdc7a4fe80231133eeb259efd7ed26923decd1

SHA512
31fec0f6c908d17daabc678f2fb295e57dc291a8ca41c3d59a2c6d83fb2f81fd90b82755153d6eba1d107f68c449ffa3b968b1c9dc6e3560677e31a7b643fd92

Download Submit
C:\ProgramData\SecTaskMan\WindowsUpdates\~jb.log

Filesize
5.0MB

MD5
b42b2409a7dd4bfa18b28e00517669ee

SHA1
e97ff17d9e199f5696443c2dceaf44a14f7accdb

SHA256
3d498726fe2f2125c9ba1361a6525f9357095062b4866ce3082b8498bcc14404

SHA512
9a0a7abbf7377150f3d9bc79c686126dc8cfec6c91613a4e73b3521d3240dcd694482de06d31bb473eb0e5a9da72bb712e9fb57ed291be6136e9dc8c67e09119

Download Submit
C:\ProgramData\SecTaskMan\WindowsUpdates\~jbtmp.log

Filesize
5.0MB

MD5
5f363e0e58a95f06cbe9bbc662c5dfb6

SHA1
2e95d7582c53583fa8afb54e0fe7a2597c92cbba

SHA256
c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29

SHA512
f1e554807f6e927530f7461e2ed5e8e3509c0245e082b2db5c88763a3764d1278b88d0d220f8b7050a71b2677e463fb7a3ad1d5b0fe6588c6ff18fddf977864c

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg

Filesize
141B

MD5
c04854fc1d0b30e0c17bacad3d181756

SHA1
44cf7fba687e51ce456ef3991a677fefef92644b

SHA256
5b8716810afdb738d7f27ffb8bf44fd805001960255c369eef11ad3f913393d6

SHA512
3fac918548ab8f66b87d128b63b646dead92fc3c126ec7552a85b179f359f4cd55ff6363b22f95bfdae0695f8c57dc2ff0ebedb0be18934fb0078fe37926bfb9

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg

Filesize
626B

MD5
a4630ceef2e9a3c9ff329ee844309359

SHA1
7b35d856ec540ca106365824d503dbdb14e016b5

SHA256
a45114b1c1927a7113a9db03e9377ec0fe2ca5bc251286e704f114658e2a7c0a

SHA512
888e47d461273bb734cbdb7f9fec41d188d5655b7f2c1c847b771773c2e20ca168ae3432f9decbe9b79f3c4ff46b734a8f2a4a0d9df79165dcb86efa4c2921b8

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg

Filesize
1KB

MD5
5c42dcb42fdd4666306b8ae4ff084001

SHA1
c6db8d3f809953e9e254a7a485f4a812faf565fd

SHA256
a9825f4ac10d32cacb05b9af0ed0782f7a3227e33b780736b83a2ea0eefe1e02

SHA512
6d0db99f643f96104f73dfb30ac57b13eaaf8ac58bd74188133e13188c9b9dfd5c680af762aa71ff6fb4b317abcf3de083938704692d457930fc1cc9d7851e51

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg

Filesize
2KB

MD5
4d939643afb03c19c305d061fb5bc033

SHA1
d3bc5d80e06827de7c0d27c47f5e6e501cdbf45e

SHA256
ec8484c35ed85e0dd17c560182b55c7a66f57bbe4f10d98bc9d2e19dd6c5d2df

SHA512
215d47022cbf176ca83ea63bd81b64c21ca2bee08d931ef5a30a23d078688fe2ad26c874c29d595d2b8c9d437c41d2494af13e7fff4f38aeca9ec43dfebc6c5c

Download Submit
C:\ProgramData\SecTaskMan\icm_4F4A3A46297B6D117AA8000B0D813018.dll

Filesize
10B

MD5
a63c90cc3684ad8b0a2176a6a8fe9005

SHA1
9694c4ebd673a5e2fd26e4b2e64f92e914ebd95f

SHA256
01d448afd928065458cf670b60f5a594d735af0172c8d67f22a81680132681ca

SHA512
19bd3cbb62b1937957a11cabd0d39860582b6928e77d0e0ea5ee7f3b2f8cacb3dea8ea0972651adc3245fd10926f2f31e80377196e4e6c7ee2bd74051e58bcba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\79e7f958-a11b-405f-8050-bb556a9a9668.tmp

Filesize
46KB

MD5
5058b168d852b61165b7ccf3ee33f662

SHA1
4fc418b16e64863c416b17b810df3d96c079bd50

SHA256
552017170dc04e0a2ab8585c54e7c593c61ece20c49c778ce63195eff86ddf54

SHA512
2d94e8b42339d4dac2657282270df88cdbdf222b9ea84a4c61b4d215b5985645e3f45ed3473fcee4adcc7682ea92945325a14483c76d85e49fbee9273878d9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0bc8e29dbfff94aba9a4fa7ec90e4d3c

SHA1
6ab03f2649d77317c7b161f565496eefd1b23313

SHA256
bb88f319f7ba0cbde05d97bb5d0bbbd73d7665e8fc488a7f0e0068e5e10b22df

SHA512
fde88cdd6a14121edb316a447236fad2c2c9abcab69da78ef61c409ee35785efa53b8e84b7be6eb24c1e9ea886a5e37699ff2a8899dcd55bc1246210c938026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
657f6846d992b1099c0e0294f5e44edb

SHA1
fbaf50f01e636a58067ab53b5352a5be027751ae

SHA256
f13d1a9bd3ffc702ad713e8576b76dccbc4f2830dd021353e3e1f650f37f3f10

SHA512
634164ec9d159b0f16a4b57b1ebc6e16da92a32ea42193e7a08dce674882d9bbcea7ea5ca1b5c1fd41fb96da8db7315eb9d5e721cd3738489825f9a1282d1518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
949fe8788a64e2c52d634268ef344e0d

SHA1
51d3871dcb72e64550e73633ba6c3bfe7858b83a

SHA256
62de53fc5e288f16013852c323b194e608a2832319a6ea8732812e9b52504b78

SHA512
2fb816485c53873312fe9cfbecb650c509913bd6b1af8719e59e459a3a0f7a2322b9de9fe24fff05dbc2ea76e954f18d3fd7942ed61300a42f01baaf83d4a6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585ffd.TMP

Filesize
2KB

MD5
f439eb9196ad9fd91a6a5db271021f5a

SHA1
7cb75e38c4a266cfe541e1df7df18f4fd3f1f28e

SHA256
3f5e074e87cf61f60c71c1bfe5a943c9436799d7cbeb08c0d86124627e73f6e8

SHA512
aeb93f08c93c23439c01686e18dd3586c167fc72ac42c6efbb8ccc46ddce482182efcf87b9e9049c9b0d16f2d2ce184e225686a40307d47718be5472704af688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9892738facdb1c1500c9494a19412a73

SHA1
ee4e70216bc714a4f303104ff8b825a41d472671

SHA256
4d974cc81fa06818a86b8fb6718001f885cd0a9e86a5a029ef9cfb312bf8a2bd

SHA512
f202c34a5b9c2d1613086538ce09033cfc6ce70d52d90a41fbf87ce300b463e9ed30f59421dc7e7d16842bdb05072f15b79ac1853bda004e74e40377b5429572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fd447a585bd2bbbfc09b0e2290eaf685

SHA1
c94b6457cf44840f2f7727793b79e8dbe5cd66a6

SHA256
2c077b8e2da5b7507b0c0cff61051e75acd9cb6b92c1087559620fb42b198c68

SHA512
8b9f896ed5f21247d9faaea2331a0cc256ce5dd114d72912d7cf6acb625f6c52735c3eb6b573043f819724986fa5b6a26b44ac8c75bed511ad1a256b03dda69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
437743f79730af0a7be3a676f709a378

SHA1
fbd32235120bcf3da4d1ed68c35fdc393b0b096f

SHA256
89b431781652be71c0a2b3031114c74ddb333e58ec23e0e818586c4cfd2c77f3

SHA512
d71a7d0dc7cefbf8133579839e9fd958f1b1a011591d19eca658ac40bfad1d3bb84d46ac8304fb8db1506f7477ef9b735e93770179f93ac5e0a16dabd3ba82fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
cc21601827afe9a18bcad3d481c97c47

SHA1
ffbfe87196225d3d2f6a313cac31ddaa2bd12f8f

SHA256
1c9c9ca3233c7d2218dd959d00083ade41f6b925c04812145f531f8636f44aac

SHA512
a3a70703633fdaffce136b5f7e30e513a9c68cc3caa1cba0176bf8d10739e24d175aa949abead02a0b305c15865db15faa466b8e31605a083967c6502d02a51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d220a102-7666-4d49-9216-b1ab463d9d4b\index-dir\the-real-index

Filesize
1KB

MD5
a2c01ff66d92604e6b304fe433c84723

SHA1
ee6dcc127d4307e6f6295083a60c8138629052b1

SHA256
b893d2053201ad3ac8a8e92aadc28d28538699b0039af6e7028fcf82211e3779

SHA512
95aeb0049c678bb3413e5adb26d953ed7ccaa376fdb6f67a33d190dc268f435b51a99af145bd9faa20b4e98acd7691cad508e23f12a0c2c5f9aa6fdac8fb6a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d220a102-7666-4d49-9216-b1ab463d9d4b\index-dir\the-real-index

Filesize
2KB

MD5
c83445745e1a8151459cc972db53f10f

SHA1
5fcbc62f9ce9938da700a6fb70983e8acc421ab6

SHA256
287725798b1b810de70cece163209365b5c0ec78dc2550a5cf816da84770b492

SHA512
bfa3f0051a235d5c44e79fb04b896abf6f0f4c98f1530a6acbb30a6ef50203f9adb9840af29cd51a828bccf8577ddd273b1e61302a374c2b38ef342684bd51b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d220a102-7666-4d49-9216-b1ab463d9d4b\index-dir\the-real-index~RFe58a95a.TMP

Filesize
1KB

MD5
662f9fb42f7fc006fdea902117532796

SHA1
60e3ffe766a96c2ce10d33fbd89b86cc9df538d3

SHA256
85856087f750a535832dcb93fd6c83e633ec79497dd223a1dc344801682c9913

SHA512
8d6858cd8fff9cfdf47d9d6bdbd77438d60d0f1dc93b80426031c336508608d635e95fbfb4837cdeeef169e9b82ae1c2a7cfcac710488ca1f44a13198dfdf116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
d75b66fbb7cad70a5b6cfdb86814b19a

SHA1
23921a1ee7f9fe881214e105b7acf1293948b9d2

SHA256
cd90ed56e119e9c2d027ea5a420e9c3fa8fbed85dcd2dfa23671543e4c86e397

SHA512
1aed634219e78aab5fd28c845a5f25c8d905610022610ee5e8c6ac9b624886d367cec611cc7bcfa6ce460a60b3ea095ef08fb8f85a0be2f382b6db45ea62974c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
54f3ff6adf77be7d57b34ccfd033b169

SHA1
abd2575ae69563aa2468f23ba481d4467a7bfbc6

SHA256
b6e6d6342802b8f1bee42497298ac1d8c7365b9167ce13afb48cfadb67ff0f98

SHA512
472b8f1b4ee239e6361dbb9e5fbacb2676fad1984e93b6396818df7bae73a8f149ed92523b9a464df305bcd7ba2680ddfb27d15be39e625f67aca3c0ef44c97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
eb689bdf3e03c6cab26b03624c076993

SHA1
691f3fcf4976a1499ca2185758abb5079bf2a5f4

SHA256
8c40290cd36607f8d59f38b8c1fe9eeda17d5d5b722deb57236437d6e31dbf40

SHA512
77776f8c869d7bb0b276742f6998554a5aba3eaecb9bdeb0cd53d8c7a10bbe9722903bda5b212f0b398cc1155ea2c83786f64cd559748bbbf28086d39c51349b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585fde.TMP

Filesize
48B

MD5
8030468537d12569efd5b3fecb7ee6cc

SHA1
b737572e906f6fb77ee5dcc358b8171419906ce3

SHA256
843d88e0f308f45b2c4ab4a0b78b2ea49057c19c1795dce4ee597c8a6337526f

SHA512
3fc1be1b762fb0e76d71f6c5b7407b8cc743837aa014e37ddd2ceef26034a2c04ae961f3e701076b4d7feebd9994325cdb1079602a9093b006f5888d00eb5820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
0ad48177c085535ec15aefcba0ab2908

SHA1
d183fc369b715d9275830d4f8bb1e7f01455d5f7

SHA256
e9f900388634a44919e324530677d06d11e3fdf0de22368d3059eb01187833d6

SHA512
56956b9d80ef6aaef730336bd7d12c64c62078853f203fcc72907cf1a4789280de906a032349309cb40e6ab8e35bdc90e247536826d0180c4844f8db12876a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
5ed2c3b3936095bdfad9cdff654fb924

SHA1
5b1d17869926c52c63122e8fdc936fa6bdd843a8

SHA256
c5607ebdacf71eca31abe25ddfdab8c5f1573a1dabc3c2b6ba15a706948dd09f

SHA512
8c6fc38fa83fe5b157b5c4e1bb5b94904ecf0a65852db423a451aa8340d8fed4747fc2f5959ed0022e6eb30fd7ef3cc718ff5975e7a2b94766e47c4cb44989b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
a7fcb844de335645f14f2e6bb0b52e85

SHA1
f0aafde6111ab01190463830489966b8f754d473

SHA256
5948c83d17c40804e97f37424262d3d23a8558f31bc29964b89ea1c084ed2135

SHA512
629d22e76dfa398d44c8838a750a90937cbe8a6f9460c03e978cf85402f15fc33c61db429056115ffb3cac8669aa19cf9f942befa5fbe4c48abe45d853455cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
7f6a74a7119f3da443b5d39c78c93ca1

SHA1
f89a82a6c223aa6fd6296fffe17c55e88b4c9097

SHA256
8960173b7f5b642738e4efbb855fd9d77c62e8ecf800b6fc7234deb198bb6316

SHA512
d37f40249b2468bb06195657986f02a2f33ab10f011e78cfe43999544a85d866211d01cfe923d79205a34b45c76a31b3106471197f37401909a18b4500c3f674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b12b9f5b895b09d4e427eb7b5fad5985

SHA1
82906d09c6440c2990b6395f589eddecbede3284

SHA256
5aba7cdcb81ac878e368b8c78cc4fe9f7d3aee49b1fda1132888b316a241372e

SHA512
2b1bf9eb2ce489a3f45ad055053d2729c4755156acd26c43dd40653173ec6b956207c8e720a58d0322d7b377e1b2b54bb653a51f56cd84f1395560de0a2ec253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
08d0c8801cf5174a73ef4eafd62bfbfd

SHA1
e7901b913b12a772325ed6434315f873a36dd803

SHA256
195b156d14ff067ffbb3a3dc381c2f8908128287cd5f20691d9a45610f46a594

SHA512
065fa79036a89ff8cc14835b4a60fea17927df351248595c8d505aa6397314161f3eb04ba49b98b33658638316049a8c027d31ab6418c6b7ff0b5f84bd6aa4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
4cdcc813a78ea1edb3633b409bfd4a6c

SHA1
db7160ae7980024d70aef75fdca7a64fbaa55af7

SHA256
4f9fffcbca518ec96b69079c416f692369155e8d7da08bf5dcce24e941fb03e7

SHA512
270a9a062cd7eae9002ed7e6c915aa4b4dd61c5d300834e3514248f6ded7c532ae551006d1d96fa00a4bf4773d8abf13d9e9218a4adf2682adb7e462e6384c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie

Filesize
91B

MD5
99bde3452748e34d6c50275110a6a8d4

SHA1
e79cb2a8db7d8490523529d3861f95ba73a20c23

SHA256
d07311acf641866e7e84823d2962f593bb655792301dc61ad6f0c6869d9c5937

SHA512
19fd529c6fe60bbbe3710fed93f14d723a13ad427431f855ed84f5e5e496b9f3eb8a6e8c31d740239eb225753d52a4f464b489fdbdeff4477480026263d0f691

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Formulaire.txt

Filesize
1KB

MD5
ffba8873713b30b189291c9bcc150cfb

SHA1
3aa4582a1f1afbe9ceedde5c2d546b6c92cf9cb4

SHA256
8b093d87c84187d7d74ce4c4711d7d46966a6eb2cb8eba8ebfa2d885d2c046e6

SHA512
2ae87cf05a50d3a0f9b745138f310e4dfe3a7f2b447160c80914071812ce3015a5b1dadd6071d2f23ec83665d46692e73afa7bd17604d75ddc73b642e1922bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\LisezMoi.txt

Filesize
8KB

MD5
0637bcd4fccf8d53c05c4935292d5289

SHA1
015a372ee19956efe7557e7fc45c553e8650c742

SHA256
00201a7697011646e1b8aecbd7ab8ee113eef5d01f7db4d9a3a594fbfe11cec3

SHA512
0f874ace456042f19720065d654a2e8049117cc13580feb3a8f52b40f2fdac5fd52429b61c5c9be51c0062dd4238595bb74bb9afb382505fbaba992a5e73abc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe

Filesize
128KB

MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProDll.dll

Filesize
49KB

MD5
642021c03975d907d65803aae9ec3dee

SHA1
cf8821f7e6dcdcccc817a44b52ecad5a49fab07a

SHA256
0289ff37a7d4b6bd44ac96c714fe58329d4b1fdea53f744ac3a5ae731236f87c

SHA512
fb917a2fff05ca44cce9ddee5ecfd5ac79ba943dbb32027353ac428c48aa0b898f9a83bde80cc6c08ed4fcb490046642912bd50c51fecc33d24bff956094a6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProtector.exe

Filesize
141KB

MD5
fe1390ff004aa8fb73f403d603a93a54

SHA1
11b1f9fc0f90629f015cf614da52846eca572332

SHA256
c9d4cae5805c82490facf0bc7f6766b8de645177566532376041af3c4d1000b5

SHA512
67227c7aeb40453293ff3edc23fb5e84eb89e3b56b4b7bf36117390d6937a1c258186c2f25b7ec3be12fbd76b98c5ef2a5c86ea36cb4581307b873f5b486c5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ascode.dll

Filesize
49KB

MD5
7ebfde51ee8e23d22d69b68f7722cc37

SHA1
e057e91ee1934921f5fbc904c11c8e90ddba4b45

SHA256
ca99564a02ca24d1bf6e52505f517ad3eb014884496e49c5afd94fc11b40054f

SHA512
9eb45dcf4f176d268ed81a3f11c0ef1315067e0898a40b59a8e9ad6c051ba85c76fad81a807ffcb9dca7a69ce67bb8101e1270492090045d96de716ef51ca49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\bestell.txt

Filesize
1KB

MD5
481325e02bd95664323a5299da4f8bfe

SHA1
6cbf8548b86496c66614446113c378f502c597ec

SHA256
d9b135d7c0b39e38fef169306599f3f8b1a82d701424892969ea8c5d6e790777

SHA512
4f44805b213698f926fa28c88b90876cd9fdc853d5bd22fa6b579587915e66aa630686a53382669b2e10952732672258d359085bd9e1961aeee9124aa631176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\file_id.diz

Filesize
360B

MD5
85f533f1e1d0c11be713c91f29bbad54

SHA1
a6ecca28854b2f6afa23f3af1befc5c7d88192ea

SHA256
6fed71e2951b70f3e340a982b3d1a2914768d8c9691e6cff465ded170944ba77

SHA512
f9d930bb295db9b2aa00b8262e29a0ec35f48c33bb277f881dd903c81a782e06c6cf0fa279186cb53749a5b08bd8b1e43fefbbaf38b23f0d0199702e701cd822

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\leggimi.txt

Filesize
8KB

MD5
693ea8d965eee7aafd435c2e89474736

SHA1
d2f789dda9d57abfde4b681efd5e9d718dca2b0e

SHA256
70cfe07b5936838059321ce558058797ea3c4c3619bd53dbe05ae3b633ae8bfe

SHA512
7ee605d73ab9f1821d755c936d75b1a10c6221b6fdac664fd129ee398666404e2af8c513e92e47443da6a42c1bfc3f2eada630f5b820994d107851a06ad58a5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_bulgarian.txt

Filesize
37KB

MD5
89f324a12d6e19b549027d3d7bfb7ae8

SHA1
a12479a93c5a70eaf5c4d606dddddefef05ef26e

SHA256
ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5

SHA512
a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_czech.txt

Filesize
35KB

MD5
0d76174d68f5fce7e150c972eeacef9c

SHA1
4adc44d638859253e3befa3407fdbde8866a5456

SHA256
d5a4b68cdf201c17b466bc75d29e91b43dca6abda228caf2b6752e09b8a19058

SHA512
2ca4cbc1ef23a0b11bd32cff0824b655285d4c8f5535e7113f915e607361211e20ab28e6f5f1da2a26190141809f233434135c27598b6a7f14d4376cfb916f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_danish.txt

Filesize
34KB

MD5
1325b58debc1e7a46c705a44b4504734

SHA1
d68af1fc501342923a23569bb058a7e1510c93da

SHA256
d740c5e0e760f7c7547b98d8ff67efa8cc2558fd05c1e086f25919fda5e681f6

SHA512
7427b50a0ca11bc74f9182c0ad2952b7a0495d75b53b8bae4fa88ce8b615bb905171fa7883a8ce6c93b778a36e579b8963646b7aeee5a4c2569a0e562f6bb56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_deutsch.txt

Filesize
39KB

MD5
b33fed70df15a44085aa88647d211c81

SHA1
2ff758266c852d72a6c9aa001c4cb7f50ef15a76

SHA256
a097180501190a3efee4f776485a072a8ba3ec77ae3052932d602b4dfc767738

SHA512
f03330183172e48174c8603dd4ab371b03650ddc9c96941c1cfd9e5b394a60f98a6046d41916992bb8ce42400cb91d7976e4aa2822ee69f950d3e9c7e382d966

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_dutch.txt

Filesize
36KB

MD5
b930f96bb386f7e289310c3f5063178a

SHA1
955a30d309d0dd17d289b918a611bdd9de43cc5d

SHA256
f49bf79f10c2af50e0a584d8f619551b21fe14683f2908ec552fb8364ddbc28a

SHA512
d4a47caf59956e67eaef294ce3e8732365eaf7623d2933b11d7758f80a4b92637dcdbe95ea1a1674f1b69a0b2ee3f97ba529c623c9e7ac9ca585464c0cc0c7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_english.txt

Filesize
36KB

MD5
34c121268b1c3fce53172b3933b075a3

SHA1
c44fa37db476886859aaef75878dd7806a7ab518

SHA256
f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4

SHA512
6f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_finnish.txt

Filesize
36KB

MD5
7d873c6c96a6725c7b0cb5dfb1a09e87

SHA1
dae7dd06dd465fc4f98d14d027025eef10c5bf77

SHA256
05dbe3b460b51194c276b9fa2b41292ec52e5e408fa005950f027cf11fb2bc26

SHA512
f5f98f46ae0cfb379f7de9258d12287c2f580181ef713af8a9a0b3f81cbc9cab1c9295e18244989bc875dd177f5f6727431cd0dc8b61dade61acdff09677e398

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_french.txt

Filesize
39KB

MD5
3184a1d71306f0b0b2f73169520c1029

SHA1
59d84aa3bd19d6f2aad47450bb7c28da97057e11

SHA256
1dd3e5d60c64b21c265f4635473f9dfde10d1818f7a6ecb3693089c9e225d390

SHA512
bf7813a1410ff8e6a2fca41229147c121a85dab9dceed79a03e5e174eff98fe02c9e031c40c85e27c6af8a55de976983078d641da51a323c6ead8f3e7362719a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_hungarian.txt

Filesize
39KB

MD5
a54d196a3a36ba5224d4c409489fda77

SHA1
95f6502f4f827f2b70c4aba2ceb8c9a6af9e439c

SHA256
a92d6b1995801bb2e13b8362bacdf2aeaa4efc5abe7a292c1446f60aae553158

SHA512
b774d369c66192ff1ec4cde1f5b11c8e2ef4d856d65bcb0abdee855a7fb41af6a9eebc88934722e13f09ed2d9679986c2556b26d28258778bbd2fbc04e8667ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_italiano.txt

Filesize
40KB

MD5
6fa6baead051fa1ea55a9d617d74843e

SHA1
63adad9e223d3611243478c813906dea3de80115

SHA256
dfcd1e48dcaab1ca041c937a81774ef753cd0e9e3b0eddcc0b4c084585b0ef4f

SHA512
70ed25b4258ade5eda92c6bf3427217cb9dd78b7e843586198de24fcb1ee31a3b0d10613a3d18b06ebc7e2867a5111af5fb7cb7674fd55149767f038f3f771ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_japanese.txt

Filesize
34KB

MD5
0e62e49c4a1868113e00e266d39c47a5

SHA1
2be41ae1857c30caf6e1124b51652ffc35779034

SHA256
1f6e19ca7500dd3193bdb2d384fe1feed96c1b1dbd9e58c4a27c71b90cb10cfe

SHA512
5a8ac80e582545b6d193db5b5e2013aa7ddc7f6e830f5cb497a4a2c1ec31c6dac382157cc0b0f0b8cf17e7247dbb9a094198131fe66e4f58c1c71a5749d2702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_korean.txt

Filesize
31KB

MD5
992c0dde82beac0c0eb86b137744c196

SHA1
8ee1cfccac49a5b9df6d8f3572ecfcbe592676cf

SHA256
312980aa8444655137044d3323ed0f5f3d6d2d4d503512e029ffa4429d92fa6e

SHA512
074caed4ef7044c032960e3aa4240338356323fb3f880588bf35775dca462acfaf792a14d11113f7e814c19d7e947fed15ddec5f764d3b9a896c36a941192541

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_norwegian_bokmaal.txt

Filesize
34KB

MD5
179fe4667bfe1d977d687493f59d7adb

SHA1
b3d900debc52ff3e77fb426636968c1f1feb2800

SHA256
3e7fe5d3b0095143d86173fd99775d8d0065eaafcf9dd683692062e026879922

SHA512
358d51d4f07207ec3017386458d3073e657636505c09cbe1b7e31b3cb778926a9a4a517ecb140e661d3b30586f12e94a5a659cd4cf9ac1332030ddfa3f511c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_polish.txt

Filesize
35KB

MD5
ce3dcf85fa453f3d735005340ef90ae0

SHA1
2c33a89e2d7853d8b1dc40287485f172476129e3

SHA256
f1f0bfd7676420d8668d0676ecce039b84b023dd12ecdcc19ac4b01b1bb9de61

SHA512
db7f772511c79e159ef842bc1effe8ede244bdb0757446e97ddd39761c3540a05a2475f11fe90da2b8a9bf0c532cabecb27051a4bbe459387961294fbbb86bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese (Brasil).txt

Filesize
38KB

MD5
07d5c6cf24d90859e1bbdec962662ac3

SHA1
2f4f9b6e3f1bdb3de3a44ad98427fc55738d4a8f

SHA256
485de5cc9654510903431e32cf7e7b9afaeb0a575bffca7af5f652429654f0b4

SHA512
689bd4b50a107cb2035dc8d9757d44d53b8c97a4a6979bb3cc2181cd416f6a5fab0293889c3dcde8887414590ff17df627da504d1936e3883300da411ab6ec90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese.txt

Filesize
37KB

MD5
57dd15b63e5116d4192756eac357fc77

SHA1
2e4cbdf15c9b2da2658b6e2df1d7faa26d5563cb

SHA256
3692ca1b6e64991835da21e50cd91f2c20395a0a2290655284ec477ed5e241c4

SHA512
316c68da136d6b23d40742e5da545acba87e0c9729663afb43f4a12d40505f8f51657de2ee22c7449d1fa072a9505d16759914e019f47d2b64d4f7fdbd120a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_russian.txt

Filesize
36KB

MD5
27775d53a8f8bdd46d2cd07808540fa5

SHA1
f9c905347ac04e465583f5b57c0248d3bc052783

SHA256
1c0888d6a709c536a3f8f29cea3477c8bd1d91bc7beb68e6854c7228c52555dc

SHA512
96e9734ee5c383045f9779348c2977e87c6db249bd51e75667a46d34e105fbb9e99ab68df1ff9aaf092858f751f03996ec6c27b2b35fee7addc300d9642b3306

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_spanish.txt

Filesize
38KB

MD5
1db8fa700e36994c13075acac2b3d1cb

SHA1
049a77576da0bed590109cc15129686d72e12399

SHA256
00fd546aab44ac4cf4cfd822b249ef7ecfa0a4b8afdd6438ecbfd9705c7ec746

SHA512
24a7ed6098c629bd210e0934c13656d6ece22f4da68296ead9a0883ab395afb90c3f37596b8f0007f4ebffef8688a7b1686c1618182a7299ed17da31636d09fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_swedish.txt

Filesize
34KB

MD5
37f4289c2977a484189b9ff44a590b8f

SHA1
8165528ec43e0131d139e6696ed3317bd283d2d0

SHA256
ef67f369daf2eaa2878330c076654d4dec001d9e365e35888e82fb10cae2153d

SHA512
5684e6d543fffef1e08bb5645c3c4d2e1ae37a03243e9df1c44daf1f40f2514fdff8c7cf702d9c7e78f6dad0a7d93e4ded95ea58442125c85b87621d3839d12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_turkish.txt

Filesize
37KB

MD5
ce97c5cc7ffaa5d6b18d313d4b8eae81

SHA1
1795b8763718fb31d1e0396567232d9891e49d81

SHA256
89ce1dbd43e5d377013f2228de688787350c8f11d908ecbc0ded355c7bc63663

SHA512
9efbfa39beb9e032121c57a3d8f713a387dfb7feda44bea4bdad8a80a2626644da324c01315475445974883aaedc0432ca53920f154427151b9b650d0ebbbc66

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_ukrainian.txt

Filesize
33KB

MD5
df09a44cde9e14378fe3ddd47a8ca3fe

SHA1
39d880fd38980a5dde18c1fb94707711a07878fb

SHA256
59d771c4d45af27f793c38ee78a2a5c5667f877d7f65313cbad93bd8ec3b1fce

SHA512
5a3cf5f280d29496371e4ee8a21966bfd6aaaa208eddf4112d67198ff639798e68338b07ae5b8aeb498c7a3875ce2f42a8f037bf5359ab707d0a6e796510a33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\liesmich.txt

Filesize
9KB

MD5
c002d98fc4f20fd865c5e9a827846227

SHA1
a491a97fd919aa259733877357ae41907ea1e89f

SHA256
d8a27606908582e5de18916e04937caf26c1f3f0803ca4d1a5841a4cd541f10e

SHA512
b627c34087a6a2d7b1a88229dd4dd763c26f3bdb346318e376c1af0036fa256e18be3ddb6d6736d194f2db3f8d88a9ee4266ae85fd00d1ebd21acb35fcf69ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_de.pdf

Filesize
90KB

MD5
17bbdf9fc220e9effacaa5a76cf4b688

SHA1
05982d1a90ac2c19ab7dd71fbbb841fe48485eb3

SHA256
af89a8b1030faf760c16b66524f8a04188e49669faa6f8123e2a4bf0abaa75bc

SHA512
b77461c2785e68307304da7d7c4307d5c13a6df04d3fe89ed95fd50fd3aaf2417dc384ff806b1824089535da05b2ecf2fb8c67a7521430b4c6f1248a70f90f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_en.pdf

Filesize
106KB

MD5
f8dc026ac75362e1e5e41469cddae40c

SHA1
d465fa14ff76602cfaeb3b93bde5bd6fef2b980b

SHA256
d97aad84fc29c2b71ff9d07c645bb1b3db779412f5673f5bd37b55520710cbce

SHA512
08d823c00262f16413cbe461d2bd527c9dadcd1c015ba2466a53146207b1285e8030c584e16cbd7c5d16602783dcf655125127ac53e4804604ee8f2954b277fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_fr.pdf

Filesize
159KB

MD5
2e520e5df20196599be3d391cd2cabbc

SHA1
615cbb1e5d7c2f74cc96e23baaef0e3f64a47744

SHA256
1793d22416e19c15f686c7319146906a41d51bec84488cd4012dfbb3e1d662b0

SHA512
8830444e2acc126939b200ca69b84e9bc9384cf514ecfb6b68d56a3074ececcc344787b00d628e69bf3ef1a93bdf0ad0c2975dea0adf3cc703033ac6c7b318f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\order.txt

Filesize
1KB

MD5
7804e6beed4c16899a2906e78b9a48ac

SHA1
a606e6b2a31511dec5c55a2c173279b001b4b142

SHA256
b219cf498e86556833c2a45d508edfa39065609b0fe02711c8bda925f2330b17

SHA512
4fb6ffad5abb0146de87a9075ecc4def79dd0a899fa4626af70c7fea3fd9b7500465986a3908f34d9e91369c3c92dabd107dbe33b9499a329c826464c313d55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ordina.txt

Filesize
1KB

MD5
f46581e592ad7eefe7068564c1563925

SHA1
04795106725bb6abd226deb305abb49ac9035e64

SHA256
94382fd3bd986b7897b6fbc1a1730adeef8bed24efc29f1a00a3619ed9689878

SHA512
c73f2f287b6bb422fad75eea95990a23deafd80201f2f3f42fe7d0447c28148d10cc90ca5913b3cb8130bab862f36aabb289ebdaa7473b7b877a91deb84c3463

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\psapi_.dll

Filesize
24KB

MD5
f20905d2432a3f160e5f122bc11a6454

SHA1
60d38e62ede037de0ab90bcfee2ce99bf9bc2721

SHA256
45249a3b05447a0d12ef91332e2566552dd78f1fe1eea13c5d4195bee346e220

SHA512
43b9b1160e6607b3acd090c0cbc496c8db901723cd39bebcb41d7203647ff32c3a54e5dbe8f2be337e82da8a25631893283e9f28ef8d1c1cbcf6736a81996688

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\readme.txt

Filesize
7KB

MD5
467d46b80fee8540ef1013c05f9e9c61

SHA1
26063f62049b7cd2961e2d5c01ab420d80e3b5eb

SHA256
9e5c9fd3c3e7bee41ea0e4405fee75e6b614d14bcf2b07365150b11e65b54191

SHA512
b977c0b8184118153b3c3a4e15b81956e0c285c468c3f19d2717809bf68a74e3e2d0ca5794f37904275f90cdc0d8e71c0e0f33774fa5d22b2f12a904797fd200

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\sqlite3.dll

Filesize
819KB

MD5
b6f45fbf727f8d872d5dc6fdd6393802

SHA1
558100cb8b451efc205fbd2cde0a8f88bd3c8da5

SHA256
07b9f5c9858f3477f3bb6a11c8283c3a34aa7085f578aec95de37053430de83f

SHA512
d480cb82930551050eacc5b30590b5d1d8dc717baee1936b5576bf330a311f1f1991d5826c2ecbc9b0cb79dcd762ca3221dbdd55025ba858c015cf6e9d8350fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman.exe

Filesize
1.2MB

MD5
3733003588acfbc9ff5df9765c80d405

SHA1
b52befaf06a525407de46499706ffda1df024263

SHA256
0c87006a32e187cb1fef06dc9f19b547c78909e88ab59cc89d7b53aebbae9b4a

SHA512
b6c94eabecb85a507395c4a6c3717471bf2486d5b4dba8d946c0ae960af673455e9ff338f5c6bc33bb55b363c2d6a51fb0660d0aa0d99c6914ffb514f38be32b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_de.chm

Filesize
149KB

MD5
2137aaec5e738be123c4299a9968b0fd

SHA1
3ca050c0aeef2151345bc7b3987d025497580a04

SHA256
ecd1cae3351e256b6cf573dd225bbf07d16f1573db405c7e480d42968f7dc112

SHA512
9510dfc86097dac5959bf91c8ef1d28dd4ed3da78d7d86e18074e2f1c8d7a3c0b126531159eb3e533fb8d27223a3b524407727691d4a0346d579bd2f43eb1cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_en.chm

Filesize
156KB

MD5
ed18c518441bf68870112b570e194dea

SHA1
4d31c97d4917e8ea1d0a3361d15556e5be3f145c

SHA256
d931e949fdf17712d1df0e685fb12aabb56133cab84d7e2c6650208130b98316

SHA512
5db06e0b6c1503cf23ce13e0c1072277795307b65f4ebd3a8c6710b7c6785ab2ef467f10ee409c42c3cc27ff9c1bc64f3818c7aa654efed6f8b3ad672f59fa0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_fr.chm

Filesize
139KB

MD5
c811f6be9a3813dbc6baeff19d583924

SHA1
b7e3eb48c401cd8bd65288b5ae31726aff6aadcd

SHA256
d04cd33d43000e280d2733f1bddf40b9e6cb9a1130fdd69691868f8c7e96da8a

SHA512
26a8c184d72ae27b8a8accd8c175630cd64ca9bac82e8ea2006e1f89edeca4b44d0ec5ff10afe24f9fa4ee40486cdba2787695e0b102796e73432ec9ee47994d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_ru.chm

Filesize
149KB

MD5
ec03fb4196db58f7dbd23f663ceba54a

SHA1
39dbd6f756d5d831c7b586078cc793c6d292ed25

SHA256
14435e49783fb2758b1ef0b4279478759681dbcad77aa9064cdb13359caaacad

SHA512
02b4389db0df3a7511ba1a6d1e9642895b061674a96d739816a747283530bbf017486bc6d4a957e3bb936df1de380c854093f87fa411110e7f6567db68dbe6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\uninstal.exe

Filesize
70KB

MD5
fa9f0f001eeab09b8fadab100ad60d7e

SHA1
56ff1fbcce49dca4050365934ab7242813bd75be

SHA256
709c6c2fb71f06ad8daae77e7af11b3cec059f25793d098d2254572a788ee120

SHA512
7ee2d7c1c4732411fc56236b3457552851f92f0e7e0a358f780fa3e5c505d772906df9e6d9be346029c05bc56615b9a99c179dd023a32b7fae9058f857dc19a9

Download Submit
C:\Users\Public\Desktop\Security Task Manager.lnk

Filesize
1KB

MD5
acaf013cbd3ac0b60c964ab47fc58ab8

SHA1
aa56ffc07273b10bd2a3c4759806467899d25e79

SHA256
349909bc463e3bf333bfa6d346a8e46474722b1b1cc2e61c855b31b2962737b3

SHA512
eb8704898094d23ceb59e2565399b16132f8c0a4077e030237a68e8d890a72c255ac18231bb36b526feb1f38041e9c78ceb7c46317b1060d80a57265beb054cc

Download Submit
memory/1160-434-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/1160-187-0x0000000008F70000-0x0000000008F71000-memory.dmp

Filesize
4KB

Download
memory/1160-431-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/1160-458-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/1160-185-0x0000000008F70000-0x0000000008F71000-memory.dmp

Filesize
4KB

Download
memory/1160-191-0x0000000008F30000-0x0000000008F31000-memory.dmp

Filesize
4KB

Download
memory/1572-95-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1572-96-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4088-848-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/5068-427-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/5068-150-0x00000000091F0000-0x00000000091F1000-memory.dmp

Filesize
4KB

Download
memory/5068-146-0x0000000007B40000-0x0000000007B41000-memory.dmp

Filesize
4KB

Download
memory/5068-141-0x0000000007B40000-0x0000000007B41000-memory.dmp

Filesize
4KB

Download
memory/5068-120-0x0000000008710000-0x0000000008720000-memory.dmp

Filesize
64KB

Download
memory/5068-114-0x0000000008480000-0x0000000008490000-memory.dmp

Filesize
64KB

Download
memory/5068-102-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/5068-98-0x0000000000400000-0x000000000072D000-memory.dmp

Filesize
3.2MB

Download
memory/5068-430-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/5068-429-0x0000000061E00000-0x0000000061EBA000-memory.dmp

Filesize
744KB

Download