Analysis
-
max time kernel
143s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-04-2023 16:10
Static task
static1
Behavioral task
behavioral1
Sample
magicmic_setup-com_filme.exe
Resource
win10v2004-20230220-en
General
-
Target
magicmic_setup-com_filme.exe
-
Size
4.4MB
-
MD5
52c70ce717a8ae88da8f9f5774b6ca27
-
SHA1
8ddeff940fd572a24b088aa99ba7d35ce0d34468
-
SHA256
0f836f11ce6f1e59df517a404072051640591ed9cd07251ba097dd68e604c6a0
-
SHA512
7f11af5d6bbd86ba30ae9d6c1734a1cbf17badf2e85a20c741d984149d7ad8b06b79372ad2ae9bf6e2220b667344eefe39f9b02bf52b4f92e26a64ccd96c1253
-
SSDEEP
98304:fAiCWc5+gW4oEpKpRmAPgq3aUeffMP5zaH4IqNjSsKCpqX:Yixc5doE8pRmegq3cHWaYIqNJ1
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Drivers directory 5 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\MFDriver.sys DrvInst.exe File opened for modification C:\Windows\System32\drivers\drmk.sys DrvInst.exe File opened for modification C:\Windows\System32\drivers\portcls.sys DrvInst.exe File opened for modification C:\Windows\system32\drivers\SET7A70.tmp DrvInst.exe File created C:\Windows\system32\drivers\SET7A70.tmp DrvInst.exe -
Executes dropped EXE 6 IoCs
pid Process 2548 imyfone-download.exe 3908 imyfone-download.tmp 5004 _setup64.tmp 4184 AutoDriver.exe 4124 devcon.exe 4780 devcon.exe -
Loads dropped DLL 41 IoCs
pid Process 4184 AutoDriver.exe 4184 AutoDriver.exe 4184 AutoDriver.exe 4184 AutoDriver.exe 4184 AutoDriver.exe 4184 AutoDriver.exe 4152 regsvr32.exe 4152 regsvr32.exe 4152 regsvr32.exe 4152 regsvr32.exe 4152 regsvr32.exe 3660 regsvr32.exe 3660 regsvr32.exe 3660 regsvr32.exe 3660 regsvr32.exe 3660 regsvr32.exe 3660 regsvr32.exe 3660 regsvr32.exe 1900 regsvr32.exe 1900 regsvr32.exe 1900 regsvr32.exe 1900 regsvr32.exe 1900 regsvr32.exe 1900 regsvr32.exe 1612 regsvr32.exe 1612 regsvr32.exe 1612 regsvr32.exe 1612 regsvr32.exe 1612 regsvr32.exe 3912 regsvr32.exe 3912 regsvr32.exe 3912 regsvr32.exe 3912 regsvr32.exe 3912 regsvr32.exe 3912 regsvr32.exe 2404 regsvr32.exe 2404 regsvr32.exe 2404 regsvr32.exe 2404 regsvr32.exe 2404 regsvr32.exe 2404 regsvr32.exe -
Registers COM server for autorun 1 TTPs 36 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVVideo.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVVideo.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVVideo.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 17 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\SET7743.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\mfdriver.inf_amd64_0e3f176af7e160c0\MFdriver.cat DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\mfdriver.inf_amd64_0e3f176af7e160c0\mfdriver.PNF devcon.exe File created C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\SET7754.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\SET7764.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\mfdriver.inf_amd64_0e3f176af7e160c0\MFDriver.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\MFdriver.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\SET7754.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\mfdriver.inf_amd64_0e3f176af7e160c0\mfdriver.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51} DrvInst.exe File created C:\Windows\SysWOW64\iMyFone MagicMic\iMyFone MagicMic.lnk imyfone-download.tmp File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\SET7743.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\mfdriver.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\SET7764.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{9600e86a-9069-7e45-bfd5-0a174ef2dc51}\MFDriver.sys DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt DrvInst.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\iMyFone MagicMic\x86\api-ms-win-crt-environment-l1-1-0.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-407TS.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Cover\VoiceLab\is-NGS75.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\FeedbackRes\QM\is-MT2R1.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\Member\is-BHJRE.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFCore\MFMainWindowTitle\is-BFSD4.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFCore\MFMainWindowTitle\is-7QL5C.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Cover\VoiceLab\is-MKGRR.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\language\qm\is-23QMM.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\qss\is-UDLJU.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\imageformats\qjpeg.dll imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\x86\MFAudioRT.exe imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-CMV1H.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-8RV30.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Audio\Soundboard\is-5KOFG.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\Application\VoiceChanger\is-DQMJI.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\Uninstaller\unins000.dat imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\api-ms-win-crt-conio-l1-1-0.dll imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\ucrtbase.dll imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\vst\bianshengqi.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\imageformats\is-4A9NR.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\language\qm\is-9KM7L.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\Member\is-5GD7U.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-PSVVN.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-52EC4.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Cover\VoiceLab\is-RNO2Q.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\vst\is-E2NME.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\mediaservice\qtmedia_audioengine.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Cover\VoiceLab\is-7309I.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\Member\is-48I36.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\api-ms-win-core-util-l1-1-0.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\Member\is-86269.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFCore\is-TCUEM.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFCore\is-28KG7.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\Application\is-ID5QS.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Audio\RandomBodyNoise\StyrofoamSqueak\is-SCDS8.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\FeedbackRes\skin\button\is-6P18S.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFCore\MFMainWindowTitle\is-5HI5M.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\Application\is-AMI59.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\button\is-I15R5.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\x86\is-G4RSH.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\ssleay32.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Cover\VoiceLab\is-8V2IQ.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-34VVL.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-J8M0Q.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Member\language\is-DAQU9.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\platforms\is-OU8QQ.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\SetView\is-0FIHK.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\vst\is-BA30S.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\MFUninstall.dll imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\imageformats\qwebp.dll imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\x86\api-ms-win-crt-heap-l1-1-0.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\Uninstaller\unins000.dat imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\is-4RHQB.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\Application\is-GHQAG.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\ReviewImage\is-UFS20.tmp imyfone-download.tmp File opened for modification C:\Program Files (x86)\iMyFone MagicMic\vcruntime140.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\Application\LeftNavigation\is-1VVTJ.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\button\is-64TT3.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\x86\is-RPTTT.tmp imyfone-download.tmp File created C:\Program Files (x86)\imyfone_down\magicmic_setup-com_filme\language\Chinese\pr_3.png magicmic_setup-com_filme.exe File opened for modification C:\Program Files (x86)\iMyFone MagicMic\x86\api-ms-win-core-profile-l1-1-0.dll imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\Member\trial_limit\is-D7PHI.tmp imyfone-download.tmp File created C:\Program Files (x86)\iMyFone MagicMic\skin\PictureNormal\MFVoiceChanger\Application\UseGuide\is-14GD6.tmp imyfone-download.tmp -
Drops file in Windows directory 7 IoCs
description ioc Process File opened for modification C:\Windows\inf\oem3.inf DrvInst.exe File created C:\Windows\inf\oem3.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\INF\c_media.PNF devcon.exe File opened for modification C:\Windows\INF\setupapi.dev.log devcon.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom devcon.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags devcon.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 devcon.exe -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 2424 tasklist.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 41 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{20884BC2-629F-45EA-B1C5-FA4FFA438250}\0 = "0,4,,494E4458" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\ = "LAV Audio Status" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\ = "LAV Video Properties" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\ = "LAV Audio Mixer" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVVideo.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\CLSID = "{171252A0-8820-4AFE-9DF8-5C92B2D66B04}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\ = "LAV Splitter Input Formats" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\FriendlyName = "LAV Splitter Source" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\FriendlyName = "LAV Video Decoder" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVSplitter.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\ = "LAV Video Decoder" regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\FilterData = 02000000030080000200000000000000307069330000000000000000e500000000000000000000003074793300000000f00e0000000f00003174793300000000f00e0000100f00003274793300000000f00e0000200f00003374793300000000f00e0000300f00003474793300000000f00e0000400f00003574793300000000f00e0000500f00003674793300000000f00e0000600f00003774793300000000f00e0000700f00003874793300000000f00e0000800f00003974793300000000f00e0000900f00003a74793300000000f00e0000a00f00003b74793300000000f00e0000b00f00003c74793300000000f00e0000c00f00003d74793300000000f00e0000d00f00003e74793300000000f00e0000e00f00003f74793300000000f00e0000f00f0000407479330000000000100000f00f0000417479330000000010100000f00f0000427479330000000020100000f00f00004374793300000000f00e0000301000004474793300000000f00e0000401000004574793300000000f00e0000501000004674793300000000f00e0000601000004774793300000000f00e0000701000004874793300000000f00e0000801000004974793300000000f00e0000901000004a74793300000000f00e0000a01000004b74793300000000f00e0000b01000004c74793300000000f00e0000c01000004d74793300000000f00e0000d01000004e74793300000000f00e0000e01000004f74793300000000f00e0000f01000005074793300000000f00e0000001100005174793300000000f00e0000101100005274793300000000f00e0000201100005374793300000000f00e0000301100005474793300000000f00e0000401100005574793300000000f00e0000501100005674793300000000f00e0000601100005774793300000000f00e0000701100005874793300000000f00e0000801100005974793300000000f00e0000901100005a74793300000000f00e0000a01100005b74793300000000f00e0000b01100005c74793300000000f00e0000c01100005d74793300000000f00e0000d01100005e74793300000000f00e0000e01100005f74793300000000f00e0000f01100006074793300000000f00e0000001200006174793300000000f00e0000101200006274793300000000f00e0000201200006374793300000000f00e0000301200006474793300000000f00e0000401200006574793300000000f00e0000501200006674793300000000f00e0000601200006774793300000000f00e0000701200006874793300000000f00e0000801200006974793300000000f00e0000901200006a74793300000000f00e0000a01200006b74793300000000f00e0000b01200006c74793300000000f00e0000c01200006d74793300000000f00e0000d01200006e74793300000000f00e0000e01200006f74793300000000f00e0000f01200007074793300000000f00e0000001300007174793300000000f00e0000101300007274793300000000f00e0000201300007374793300000000f00e0000301300007474793300000000f00e0000401300007574793300000000f00e0000501300007674793300000000f00e0000601300007774793300000000f00e0000701300007874793300000000f00e0000801300007974793300000000f00e0000901300007a74793300000000f00e0000a01300007b74793300000000f00e0000b01300007c74793300000000f00e0000c01300007d74793300000000f00e0000d01300007e74793300000000f00e0000e01300007f74793300000000f00e0000f01300008074793300000000f00e0000001400008174793300000000f00e0000101400008274793300000000f00e0000201400008374793300000000f00e0000301400008474793300000000f00e0000401400008574793300000000f00e0000501400008674793300000000f00e0000601400008774793300000000f00e0000701400008874793300000000f00e0000801400008974793300000000f00e0000901400008a74793300000000f00e0000a01400008b74793300000000f00e0000b01400008c74793300000000f00e0000c01400008d74793300000000f00e0000d01400008e74793300000000f00e0000e01400008f74793300000000f00e0000f01400009074793300000000f00e0000001500009174793300000000f00e0000101500009274793300000000f00e0000201500009374793300000000f00e0000301500009474793300000000f00e0000401500009574793300000000f00e0000501500009674793300000000f00e0000601500009774793300000000f00e0000701500009874793300000000f00e0000801500009974793300000000f00e0000901500009a74793300000000f00e0000a01500009b74793300000000f00e0000b01500009c74793300000000f00e0000c01500009d74793300000000f00e0000d01500009e74793300000000f00e0000e01500009f74793300000000f00e0000f0150000a074793300000000f00e000000160000a174793300000000f00e000010160000a274793300000000f00e000020160000a374793300000000f00e000030160000a474793300000000f00e000040160000a574793300000000f00e000050160000a674793300000000f00e000060160000a774793300000000f00e000070160000a874793300000000f00e000080160000a974793300000000f00e000090160000aa74793300000000f00e0000a0160000ab74793300000000f00e0000b0160000ac74793300000000f00e0000c0160000ad74793300000000f00e0000d0160000ae74793300000000f00e0000e0160000af74793300000000f00e0000f0160000b074793300000000f00e000000170000b174793300000000f00e000010170000b274793300000000f00e000020170000b374793300000000f00e000030170000b474793300000000f00e000040170000b574793300000000f00e000050170000b674793300000000f00e000060170000b774793300000000f00e000070170000b874793300000000f00e000080170000b974793300000000f00e000090170000ba74793300000000f00e0000a0170000bb74793300000000f00e0000b0170000bc74793300000000f00e0000c0170000bd74793300000000f00e0000d0170000be74793300000000f00e0000d0170000bf74793300000000f00e0000e0170000c074793300000000f00e0000f0170000c174793300000000f00e000000180000c274793300000000f00e000010180000c374793300000000f00e000020180000c474793300000000f00e000030180000c574793300000000f00e000040180000c674793300000000f00e000050180000c774793300000000f00e000060180000c874793300000000f00e000070180000c974793300000000f00e000080180000ca74793300000000f00e000090180000cb74793300000000f00e0000a0180000cc74793300000000f00e0000b0180000cd74793300000000f00e0000c0180000ce74793300000000f00e0000d0180000cf74793300000000f00e0000e0180000d074793300000000f00e0000f0180000d174793300000000f00e000000190000d274793300000000f00e000010190000d374793300000000f00e000020190000d474793300000000f00e000030190000d574793300000000f00e000040190000d674793300000000f00e000050190000d774793300000000f00e000060190000d874793300000000f00e000070190000d974793300000000f00e000080190000da74793300000000f00e000090190000db74793300000000f00e0000a0190000dc74793300000000f00e0000b0190000dd74793300000000f00e0000c0190000de74793300000000f00e0000d0190000df74793300000000f00e0000e0190000e074793300000000f00e0000f0190000e174793300000000f00e0000001a0000e274793300000000f00e0000101a0000e374793300000000f00e0000201a0000e474793300000000f00e0000301a0000e574793300000000f00e0000401a0000e674793300000000f00e0000501a0000e774793300000000f00e0000601a0000e874793300000000f00e0000701a0000e974793300000000f00e0000801a0000ea74793300000000f00e0000901a0000eb74793300000000f00e0000a01a0000ec74793300000000f00e0000b01a0000ed74793300000000f00e0000c01a0000ee74793300000000f00e0000d01a0000ef74793300000000f00e0000e01a0000f074793300000000f00e0000f01a0000f174793300000000f00e0000001b0000f274793300000000f00e0000101b0000f374793300000000f00e0000201b0000f474793300000000f00e0000301b0000f574793300000000f00e0000401b0000f674793300000000f00e0000501b0000f774793300000000f00e0000601b0000f874793300000000f00e0000701b0000f974793300000000f00e0000801b0000fa74793300000000f00e0000901b0000fb74793300000000f00e0000a01b0000fc74793300000000f00e0000b01b0000fd74793300000000f00e0000c01b0000fe74793300000000f00e0000d01b0000ff74793300000000f00e0000e01b00000074793300000000f00e0000f01b00000174793300000000f00e0000001c00000274793300000000f00e0000101c00000374793300000000f00e0000201c00000474793300000000f00e0000301c00000574793300000000f00e0000401c00000674793300000000f00e0000501c00000774793300000000f00e0000601c00000874793300000000f00e0000701c00000974793300000000f00e0000801c00000a74793300000000f00e0000901c00000b74793300000000f00e0000a01c00000c74793300000000f00e0000b01c00000d74793300000000f00e0000c01c00000e74793300000000f00e0000d01c00000f74793300000000f00e0000e01c00001074793300000000f00e0000f01c00001174793300000000f00e0000001d00001274793300000000f00e0000101d00001374793300000000f00e0000201d00001474793300000000f00e0000301d00003170693308000000000000000600000000000000000000003074793300000000f00e0000401d00003174793300000000f00e0000501d00003274793300000000f00e0000601d00003374793300000000f00e0000701d00003474793300000000f00e0000801d00003574793300000000f00e0000901d00007669647300001000800000aa00389b714832363400001000800000aa00389b716832363400001000800000aa00389b715832363400001000800000aa00389b717832363400001000800000aa00389b714156433100001000800000aa00389b716176633100001000800000aa00389b714343563100001000800000aa00389b71cb712d8d3f24e345b2d85fd7967ec09b414d564300001000800000aa00389b714d56433100001000800000aa00389b714845564300001000800000aa00389b714856433100001000800000aa00389b71484d313000001000800000aa00389b7181eb36e44f52ce119f530020af0ba77086eb36e44f52ce119f530020af0ba77026806de046dbcf11b4d100805f6cbbea6a910bed4d04d111aa7800c04fc31d60133b5236e58ed1118ca30060b057664a20806de046dbcf11b4d100805f6cbbea4d4a504700001000800000aa00389b716a70656700001000800000aa00389b716d6a706200001000800000aa00389b715756433100001000800000aa00389b717776633100001000800000aa00389b71574d564100001000800000aa00389b71776d766100001000800000aa00389b715756503200001000800000aa00389b717776703200001000800000aa00389b71574d563100001000800000aa00389b71776d763100001000800000aa00389b71574d563200001000800000aa00389b71776d763200001000800000aa00389b71574d563300001000800000aa00389b71776d763300001000800000aa00389b71574d565000001000800000aa00389b71776d767000001000800000aa00389b715650373000001000800000aa00389b715650383000001000800000aa00389b715650393000001000800000aa00389b714156303100001000800000aa00389b715856494400001000800000aa00389b717876696400001000800000aa00389b714449565800001000800000aa00389b716469767800001000800000aa00389b714469767800001000800000aa00389b714458353000001000800000aa00389b716478353000001000800000aa00389b714d50345600001000800000aa00389b716d70347600001000800000aa00389b714d34533200001000800000aa00389b716d34733200001000800000aa00389b714d50345300001000800000aa00389b716d70347300001000800000aa00389b71464d503400001000800000aa00389b713349565800001000800000aa00389b713369767800001000800000aa00389b713349563100001000800000aa00389b713369763100001000800000aa00389b713349563200001000800000aa00389b713369763200001000800000aa00389b71424c5a3000001000800000aa00389b7147454f5600001000800000aa00389b714d50473400001000800000aa00389b716d70673400001000800000aa00389b714d50343100001000800000aa00389b716d70343100001000800000aa00389b714449563100001000800000aa00389b716469763100001000800000aa00389b714d50343200001000800000aa00389b716d70343200001000800000aa00389b714449563200001000800000aa00389b716469763200001000800000aa00389b714d50343300001000800000aa00389b716d70343300001000800000aa00389b714449563300001000800000aa00389b716469763300001000800000aa00389b714d50473300001000800000aa00389b716d70673300001000800000aa00389b714449563400001000800000aa00389b716469763400001000800000aa00389b714449563500001000800000aa00389b716469763500001000800000aa00389b714449563600001000800000aa00389b716469763600001000800000aa00389b714456583300001000800000aa00389b716476783300001000800000aa00389b713349564400001000800000aa00389b71464c563100001000800000aa00389b71666c763100001000800000aa00389b715650363000001000800000aa00389b717670363000001000800000aa00389b715650363100001000800000aa00389b717670363100001000800000aa00389b715650363200001000800000aa00389b717670363200001000800000aa00389b715650364100001000800000aa00389b717670366100001000800000aa00389b715650364600001000800000aa00389b717670366600001000800000aa00389b71464c563400001000800000aa00389b71666c763400001000800000aa00389b714653563100001000800000aa00389b715256313000001000800000aa00389b715256323000001000800000aa00389b715256333000001000800000aa00389b715256343000001000800000aa00389b716476736400001000800000aa00389b714456534400001000800000aa00389b714344564800001000800000aa00389b714344564300001000800000aa00389b714344563500001000800000aa00389b716476323500001000800000aa00389b714456323500001000800000aa00389b716476353000001000800000aa00389b714456353000001000800000aa00389b716476637000001000800000aa00389b716476357000001000800000aa00389b716476356e00001000800000aa00389b716476707000001000800000aa00389b716476632000001000800000aa00389b716476683100001000800000aa00389b716476683200001000800000aa00389b716476683300001000800000aa00389b716476683400001000800000aa00389b716476683500001000800000aa00389b716476683600001000800000aa00389b716476687100001000800000aa00389b716476687000001000800000aa00389b714156647600001000800000aa00389b714156643100001000800000aa00389b716d6a703200001000800000aa00389b714d4a324300001000800000aa00389b714c4a324300001000800000aa00389b714c4a324b00001000800000aa00389b7149504a3200001000800000aa00389b715356513100001000800000aa00389b715356513300001000800000aa00389b714832363100001000800000aa00389b716832363100001000800000aa00389b714832363300001000800000aa00389b716832363300001000800000aa00389b717332363300001000800000aa00389b714932363300001000800000aa00389b716932363300001000800000aa00389b715448454f00001000800000aa00389b717468656f00001000800000aa00389b717473636300001000800000aa00389b717473633200001000800000aa00389b714956353000001000800000aa00389b714956343100001000800000aa00389b714956333100001000800000aa00389b714956333200001000800000aa00389b714650533100001000800000aa00389b714846595500001000800000aa00389b714c41475300001000800000aa00389b716376696400001000800000aa00389b71726c652000001000800000aa00389b715650333000001000800000aa00389b715650333100001000800000aa00389b714353434400001000800000aa00389b715150454700001000800000aa00389b7151312e3000001000800000aa00389b7151312e3100001000800000aa00389b714d535a4800001000800000aa00389b715a4c494200001000800000aa00389b7172707a6100001000800000aa00389b710100000000001000800000aa00389b716170636800001000800000aa00389b716170636e00001000800000aa00389b716170637300001000800000aa00389b716170636f00001000800000aa00389b716170346800001000800000aa00389b71554c524100001000800000aa00389b71554c524700001000800000aa00389b71554c593000001000800000aa00389b71554c593200001000800000aa00389b71554c593400001000800000aa00389b715551593200001000800000aa00389b715551524700001000800000aa00389b715551524100001000800000aa00389b71554c483000001000800000aa00389b71554c483200001000800000aa00389b71554c483400001000800000aa00389b71554d593200001000800000aa00389b71554d483200001000800000aa00389b71554d593400001000800000aa00389b71554d483400001000800000aa00389b71554d524700001000800000aa00389b71554d524100001000800000aa00389b71414d565600001000800000aa00389b71414d564600001000800000aa00389b717663726400001000800000aa00389b716472616300001000800000aa00389b714156646e00001000800000aa00389b714156646800001000800000aa00389b714352414d00001000800000aa00389b714d53564300001000800000aa00389b715748414d00001000800000aa00389b713842505300001000800000aa00389b714c4f434f00001000800000aa00389b715a4d425600001000800000aa00389b715643523100001000800000aa00389b714141534300001000800000aa00389b71534e4f5700001000800000aa00389b714646563100001000800000aa00389b714646564800001000800000aa00389b71564d6e6300001000800000aa00389b7141464c4300001000800000aa00389b7147324d3400001000800000aa00389b7169636f6400001000800000aa00389b714455434b00001000800000aa00389b71544d323000001000800000aa00389b714346484400001000800000aa00389b714d41475900001000800000aa00389b7142494b6900001000800000aa00389b7142494b6200001000800000aa00389b71534d4b3200001000800000aa00389b71534d4b3400001000800000aa00389b715448505600001000800000aa00389b71526f515600001000800000aa00389b71706e672000001000800000aa00389b715449464600001000800000aa00389b71424d502000001000800000aa00389b714749462000001000800000aa00389b715447412000001000800000aa00389b717632313000001000800000aa00389b717634313000001000800000aa00389b713ca00fd8c135a14f8c8e375c8667166e5956313200001000800000aa00389b714e56313200001000800000aa00389b715955593200001000800000aa00389b715559565900001000800000aa00389b717eeb36e44f52ce119f530020af0ba7707deb36e44f52ce119f530020af0ba770 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVVideo.ax" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\ = "LAV Splitter Source" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\FriendlyName = "LAV Audio Decoder" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\CLSID = "{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}" regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\FilterData = 020000000300800002000000000000003070693300000000000000005700000000000000000000003074793300000000d0050000e00500003174793300000000f0050000e0050000327479330000000000060000e00500003374793300000000d0050000100600003474793300000000f005000010060000357479330000000000060000100600003674793300000000d0050000200600003774793300000000f005000020060000387479330000000000060000200600003974793300000000d0050000300600003a74793300000000f0050000300600003b7479330000000000060000300600003c7479330000000040060000500600003d7479330000000040060000600600003e7479330000000040060000700600003f74793300000000400600008006000040747933000000004006000090060000417479330000000040060000a0060000427479330000000040060000b0060000437479330000000040060000c0060000447479330000000040060000d0060000457479330000000040060000e006000046747933000000004006000010060000477479330000000040060000f006000048747933000000004006000000070000497479330000000040060000100700004a7479330000000040060000200700004b7479330000000040060000200600004c7479330000000040060000300700004d7479330000000040060000400700004e7479330000000040060000500700004f74793300000000400600006007000050747933000000004006000070070000517479330000000040060000e00500005274793300000000400600008007000053747933000000004006000090070000547479330000000040060000a0070000557479330000000040060000b0070000567479330000000040060000c0070000577479330000000040060000d0070000587479330000000040060000e0070000597479330000000040060000f00700005a7479330000000040060000000800005b7479330000000040060000100800005c7479330000000040060000300600005d7479330000000040060000200800005e7479330000000040060000300800005f7479330000000040060000400800006074793300000000400600005008000061747933000000004006000060080000627479330000000040060000700800006374793300000000400600008008000064747933000000004006000090080000657479330000000040060000a0080000667479330000000040060000b0080000677479330000000040060000c0080000687479330000000040060000d0080000697479330000000040060000e00800006a7479330000000040060000f00800006b7479330000000040060000000900006c7479330000000040060000100900006d7479330000000040060000200900006e7479330000000040060000300900006f7479330000000040060000400900007074793300000000400600005009000071747933000000004006000060090000727479330000000040060000700900007374793300000000400600008009000074747933000000004006000090090000757479330000000040060000a0090000767479330000000040060000b0090000777479330000000040060000c0090000787479330000000040060000d0090000797479330000000040060000e00900007a7479330000000040060000f00900007b7479330000000040060000000a00007c7479330000000040060000100a00007d7479330000000040060000200a00007e7479330000000040060000300a00007f7479330000000040060000400a0000807479330000000040060000500a0000817479330000000040060000600a0000827479330000000040060000700a0000837479330000000040060000800a0000847479330000000040060000900a0000857479330000000040060000a00a0000867479330000000040060000b00a0000317069330800000000000000020000000000000000000000307479330000000040060000c00a0000317479330000000040060000d00a00006a910bed4d04d111aa7800c04fc31d602b806de046dbcf11b4d100805f6cbbea133b5236e58ed1118ca30060b057664a20806de046dbcf11b4d100805f6cbbea2c806de046dbcf11b4d100805f6cbbea33806de046dbcf11b4d100805f6cbbea32806de046dbcf11b4d100805f6cbbea6175647300001000800000aa00389b71ff00000000001000800000aa00389b71ff01000000001000800000aa00389b710216000000001000800000aa00389b714d50344100001000800000aa00389b716d70346100001000800000aa00389b714144545300001000800000aa00389b710016000000001000800000aa00389b710116000000001000800000aa00389b711016000000001000800000aa00389b71414c532000001000800000aa00389b71af87fba7022dfb42a4d405cd93843bdd27a7cf71e4374a40aec034842532eff7c4ce27eb3e16a34c8b748e25f91b517e0020000000001000800000aa00389b710120000000001000800000aa00389b71b78ee5a2a90fbb48a40cfa0e156d064580eb36e44f52ce119f530020af0ba77081eb36e44f52ce119f530020af0ba7705000000000001000800000aa00389b715500000000001000800000aa00389b71acf1000000001000800000aa00389b71c0c54115dfcd7d47bc0a86f8ae7f83540bd12f8d41586b4a8905588fec1aded9a177000000001000800000aa00389b715657000000001000800000aa00389b714d4c502000001000800000aa00389b71616c616300001000800000aa00389b71e99621b83f1b9647a63646239087b38e4145533300001000800000aa00389b71fcb73ea20b516f469fbf5f878f69347cfd979f94f6562745b4aeddeb375ab80f4e4f4e4500001000800000aa00389b717261772000001000800000aa00389b7174776f7300001000800000aa00389b71736f777400001000800000aa00389b71696e323400001000800000aa00389b71696e333200001000800000aa00389b71666c333200001000800000aa00389b71666c363400001000800000aa00389b7134326e6900001000800000aa00389b7132336e6900001000800000aa00389b7132336c6600001000800000aa00389b7134366c6600001000800000aa00389b716001000000001000800000aa00389b716101000000001000800000aa00389b716201000000001000800000aa00389b716301000000001000800000aa00389b71434f4f4b00001000800000aa00389b715241414300001000800000aa00389b715241435000001000800000aa00389b715349505200001000800000aa00389b713001000000001000800000aa00389b71444e455400001000800000aa00389b7132385f3800001000800000aa00389b7131345f3400001000800000aa00389b7152414c4600001000800000aa00389b7109a1000000001000800000aa00389b714f50555300001000800000aa00389b7173616d7200001000800000aa00389b714e454c4c00001000800000aa00389b710600000000001000800000aa00389b710700000000001000800000aa00389b713100000000001000800000aa00389b710200000000001000800000aa00389b712200000000001000800000aa00389b7151444d3200001000800000aa00389b717500000000001000800000aa00389b717002000000001000800000aa00389b714154524300001000800000aa00389b71bfaa23e958cb7144a119fffa01e4ce624323bcafcb3d47409655e1e62a61b1c50100000000001000800000aa00389b710300000000001000800000aa00389b71 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\CLSID = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}" regsvr32.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\FilterData = 02000000040080000100000000000000307069330c00000000000000000000000000000000000000 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\ = "LAV Audio Format Settings" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{20884BC2-629F-45EA-B1C5-FA4FFA438250}\1 = "0,4,,4D4F424A" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B98D13E7-55DB-4385-A33D-09FD1BA26338} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ = "C:\\Program Files (x86)\\iMyFone MagicMic\\LAVAudio.ax" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\ = "LAV Video Format Settings" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\ = "LAV Audio Properties" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{20884BC2-629F-45EA-B1C5-FA4FFA438250}\Source Filter = "{B98D13E7-55DB-4385-A33D-09FD1BA26338}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\CLSID = "{EE30215D-164F-4A92-A4EB-9D4C13390F9F}" regsvr32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4184 AutoDriver.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4920 magicmic_setup-com_filme.exe 4920 magicmic_setup-com_filme.exe 3908 imyfone-download.tmp 3908 imyfone-download.tmp 4920 magicmic_setup-com_filme.exe 4920 magicmic_setup-com_filme.exe 4640 msedge.exe 4640 msedge.exe 924 msedge.exe 924 msedge.exe 4968 identity_helper.exe 4968 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe 924 msedge.exe -
Suspicious use of AdjustPrivilegeToken 13 IoCs
description pid Process Token: SeDebugPrivilege 2424 tasklist.exe Token: SeAuditPrivilege 2344 svchost.exe Token: SeSecurityPrivilege 2344 svchost.exe Token: SeLoadDriverPrivilege 4780 devcon.exe Token: SeRestorePrivilege 1188 DrvInst.exe Token: SeBackupPrivilege 1188 DrvInst.exe Token: SeRestorePrivilege 1188 DrvInst.exe Token: SeBackupPrivilege 1188 DrvInst.exe Token: SeRestorePrivilege 1188 DrvInst.exe Token: SeBackupPrivilege 1188 DrvInst.exe Token: SeLoadDriverPrivilege 1188 DrvInst.exe Token: SeLoadDriverPrivilege 1188 DrvInst.exe Token: SeLoadDriverPrivilege 1188 DrvInst.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 4920 magicmic_setup-com_filme.exe 3908 imyfone-download.tmp 924 msedge.exe 924 msedge.exe 924 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4184 AutoDriver.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4920 wrote to memory of 2548 4920 magicmic_setup-com_filme.exe 90 PID 4920 wrote to memory of 2548 4920 magicmic_setup-com_filme.exe 90 PID 4920 wrote to memory of 2548 4920 magicmic_setup-com_filme.exe 90 PID 2548 wrote to memory of 3908 2548 imyfone-download.exe 92 PID 2548 wrote to memory of 3908 2548 imyfone-download.exe 92 PID 2548 wrote to memory of 3908 2548 imyfone-download.exe 92 PID 3908 wrote to memory of 1848 3908 imyfone-download.tmp 94 PID 3908 wrote to memory of 1848 3908 imyfone-download.tmp 94 PID 1848 wrote to memory of 2424 1848 cmd.exe 96 PID 1848 wrote to memory of 2424 1848 cmd.exe 96 PID 1848 wrote to memory of 3504 1848 cmd.exe 97 PID 1848 wrote to memory of 3504 1848 cmd.exe 97 PID 3908 wrote to memory of 5004 3908 imyfone-download.tmp 98 PID 3908 wrote to memory of 5004 3908 imyfone-download.tmp 98 PID 3908 wrote to memory of 4184 3908 imyfone-download.tmp 102 PID 3908 wrote to memory of 4184 3908 imyfone-download.tmp 102 PID 4184 wrote to memory of 4124 4184 AutoDriver.exe 103 PID 4184 wrote to memory of 4124 4184 AutoDriver.exe 103 PID 4184 wrote to memory of 4780 4184 AutoDriver.exe 105 PID 4184 wrote to memory of 4780 4184 AutoDriver.exe 105 PID 2344 wrote to memory of 2080 2344 svchost.exe 108 PID 2344 wrote to memory of 2080 2344 svchost.exe 108 PID 2344 wrote to memory of 1188 2344 svchost.exe 109 PID 2344 wrote to memory of 1188 2344 svchost.exe 109 PID 3908 wrote to memory of 4152 3908 imyfone-download.tmp 111 PID 3908 wrote to memory of 4152 3908 imyfone-download.tmp 111 PID 3908 wrote to memory of 3660 3908 imyfone-download.tmp 112 PID 3908 wrote to memory of 3660 3908 imyfone-download.tmp 112 PID 3908 wrote to memory of 1900 3908 imyfone-download.tmp 113 PID 3908 wrote to memory of 1900 3908 imyfone-download.tmp 113 PID 3908 wrote to memory of 1612 3908 imyfone-download.tmp 114 PID 3908 wrote to memory of 1612 3908 imyfone-download.tmp 114 PID 3908 wrote to memory of 3912 3908 imyfone-download.tmp 115 PID 3908 wrote to memory of 3912 3908 imyfone-download.tmp 115 PID 3908 wrote to memory of 2404 3908 imyfone-download.tmp 116 PID 3908 wrote to memory of 2404 3908 imyfone-download.tmp 116 PID 4920 wrote to memory of 924 4920 magicmic_setup-com_filme.exe 118 PID 4920 wrote to memory of 924 4920 magicmic_setup-com_filme.exe 118 PID 924 wrote to memory of 4488 924 msedge.exe 119 PID 924 wrote to memory of 4488 924 msedge.exe 119 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120 PID 924 wrote to memory of 1892 924 msedge.exe 120
Processes
-
C:\Users\Admin\AppData\Local\Temp\magicmic_setup-com_filme.exe"C:\Users\Admin\AppData\Local\Temp\magicmic_setup-com_filme.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files (x86)\imyfone_down\magicmic_setup-com_filme\imyfone-download.exe/verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Users\Admin\AppData\Local\Temp\is-NMAUI.tmp\imyfone-download.tmp"C:\Users\Admin\AppData\Local\Temp\is-NMAUI.tmp\imyfone-download.tmp" /SL5="$601C2,74882862,173056,C:\Program Files (x86)\imyfone_down\magicmic_setup-com_filme\imyfone-download.exe" /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c tasklist | find /i "MagicMic.exe" > "C:\rd43774972_55310560_tmp.tmp"4⤵
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Windows\system32\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2424
-
-
C:\Windows\system32\find.exefind /i "MagicMic.exe"5⤵PID:3504
-
-
-
C:\Users\Admin\AppData\Local\Temp\is-4ME51.tmp\_isetup\_setup64.tmphelper 105 0x4AC4⤵
- Executes dropped EXE
PID:5004
-
-
C:\Program Files (x86)\iMyFone MagicMic\AutoDriver.exe"C:\Program Files (x86)\iMyFone MagicMic\AutoDriver.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4184 -
C:\Program Files (x86)\iMyFone MagicMic\devcon.exe"C:\Program Files (x86)\iMyFone MagicMic\devcon.exe" find *SodaDriver5⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4124
-
-
C:\Program Files (x86)\iMyFone MagicMic\devcon.exe"C:\Program Files (x86)\iMyFone MagicMic\devcon.exe" install MFDriver.inf *SodaDriver5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4780
-
-
-
C:\Windows\system32\regsvr32.exe"regsvr32" /s /u LAVAudio.ax4⤵
- Loads dropped DLL
PID:4152
-
-
C:\Windows\system32\regsvr32.exe"regsvr32" /s /u LAVVideo.ax4⤵
- Loads dropped DLL
PID:3660
-
-
C:\Windows\system32\regsvr32.exe"regsvr32" /s /u LAVSplitter.ax4⤵
- Loads dropped DLL
PID:1900
-
-
C:\Windows\system32\regsvr32.exe"regsvr32" /s LAVAudio.ax4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1612
-
-
C:\Windows\system32\regsvr32.exe"regsvr32" /s LAVVideo.ax4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3912
-
-
C:\Windows\system32\regsvr32.exe"regsvr32" /s LAVSplitter.ax4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2404
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apipdm.imyfone.club/producturl?key=installed&lang=English&pid=96&custom=com_filme2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffff22846f8,0x7ffff2284708,0x7ffff22847183⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:83⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:13⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:13⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:13⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:13⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:13⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:13⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:13⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:13⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:83⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵PID:2180
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff788175460,0x7ff788175470,0x7ff7881754804⤵PID:4044
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:13⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4284860515314625777,13993922207756411025,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:13⤵PID:1324
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f4d9a10e-ae8a-b44d-a79b-c7a0dc36c6b6}\mfdriver.inf" "9" "40daa02cf" "0000000000000134" "WinSta0\Default" "0000000000000160" "208" "c:\program files (x86)\imyfone magicmic"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2080
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca1176bd31d1:MFDriver_Driver:1.0.0.1:*sodadriver," "40daa02cf" "0000000000000134"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3404
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD501582344398a89c91b0b41b703ecc4e8
SHA17684f91a8006421eaa5acbf83b2de6527d5e122e
SHA256767f794cd4b1b304ea49a851d3811d90d0117db541db96f250f7f4a3eaa6cadc
SHA512a31624127738743ae56db8975f90954cdd1e334d596b0f6a05d17ee4f5dc0cd244e07068ba8223ed73880c4b95f4120f451db82d10aa4c42288de5138a87c8cb
-
Filesize
1.1MB
MD501582344398a89c91b0b41b703ecc4e8
SHA17684f91a8006421eaa5acbf83b2de6527d5e122e
SHA256767f794cd4b1b304ea49a851d3811d90d0117db541db96f250f7f4a3eaa6cadc
SHA512a31624127738743ae56db8975f90954cdd1e334d596b0f6a05d17ee4f5dc0cd244e07068ba8223ed73880c4b95f4120f451db82d10aa4c42288de5138a87c8cb
-
Filesize
109B
MD592748ddd943219584734e6abe41b4c05
SHA1cb60a1751342d0f0110689d1f123205f384bced5
SHA256ca4203aaba52b974f48d2d26d9296b1de3d9e30c8eff1497e2fc7cb16ca1efd5
SHA5126aa1fe4a154a802bb170d73088b52d84d22213f703044ca1ac112b648c9167467eb232799b061c97caac5c356927055061d3a4934161c11dfc3b317f3a59e96e
-
Filesize
270B
MD549f8763e56e8e743be0e3577afee71e4
SHA1a9b4861cbd280144d441114baec9e6d5191218b6
SHA2562f7e0362a2c05ddb349f2cca46fab0bde09834983b6fd8cf8662155d9c3ac5d2
SHA51213d11d8dd198c14ef62437b3c32ddfdea85e10860fa160d0294da7aad8e47dc606015d0f9d71951375e027483781836e1b3963eee7c319c858f50be7bfb6deae
-
Filesize
303KB
MD5ba8906131ddad480ea9d383bfca24bfb
SHA14c5d0a11faffd8b6f342618be61888705076695a
SHA256ff5bd7e85218882056be6401a911632f0a0e11def389c24899c934df0d396eb7
SHA51295e99451cea6cd2f52b032230071daf3926c391304d8d70bc6f155b1ba252e376385e2ea0829a9c29112cfb3ba116f443563e7d07fee259d911beb4c117c8166
-
Filesize
303KB
MD5ba8906131ddad480ea9d383bfca24bfb
SHA14c5d0a11faffd8b6f342618be61888705076695a
SHA256ff5bd7e85218882056be6401a911632f0a0e11def389c24899c934df0d396eb7
SHA51295e99451cea6cd2f52b032230071daf3926c391304d8d70bc6f155b1ba252e376385e2ea0829a9c29112cfb3ba116f443563e7d07fee259d911beb4c117c8166
-
Filesize
303KB
MD5ba8906131ddad480ea9d383bfca24bfb
SHA14c5d0a11faffd8b6f342618be61888705076695a
SHA256ff5bd7e85218882056be6401a911632f0a0e11def389c24899c934df0d396eb7
SHA51295e99451cea6cd2f52b032230071daf3926c391304d8d70bc6f155b1ba252e376385e2ea0829a9c29112cfb3ba116f443563e7d07fee259d911beb4c117c8166
-
Filesize
655KB
MD534b41442db89aeb42c84e27d078d1d1b
SHA14e4cd12680d68f6a8ac2d9869bf8ea99465cfd9f
SHA2564a1ba548733f139e0d976d3a89c98e31b382f6ef34fddc85bbd9e545fbc9d51f
SHA512126c533ce4f1fc54691bfb6e0fb9e0d289bf208cf9ef43e6f78be8ee471dc7aeb0443a858b768149b946589df33e6f213fe04fb1e2225796a6a69f72e2725a81
-
Filesize
655KB
MD534b41442db89aeb42c84e27d078d1d1b
SHA14e4cd12680d68f6a8ac2d9869bf8ea99465cfd9f
SHA2564a1ba548733f139e0d976d3a89c98e31b382f6ef34fddc85bbd9e545fbc9d51f
SHA512126c533ce4f1fc54691bfb6e0fb9e0d289bf208cf9ef43e6f78be8ee471dc7aeb0443a858b768149b946589df33e6f213fe04fb1e2225796a6a69f72e2725a81
-
Filesize
1.2MB
MD5059068f49ca4315f5925cfed0f143ae2
SHA159889ef151d571faa2d03bd30b6aecc4608c5b6a
SHA256835be332cd3c4d617ddf33a573814792f8cac240717782653686e3c8a98a5993
SHA512e979ed4c7e0c8f796839f3bbb30ea6305f1694566a7d97861cacab6b714dead9838239c3bbf0e886614f077351b7af10c726a33afc0783bbb274cb842d6c624b
-
Filesize
1.2MB
MD5059068f49ca4315f5925cfed0f143ae2
SHA159889ef151d571faa2d03bd30b6aecc4608c5b6a
SHA256835be332cd3c4d617ddf33a573814792f8cac240717782653686e3c8a98a5993
SHA512e979ed4c7e0c8f796839f3bbb30ea6305f1694566a7d97861cacab6b714dead9838239c3bbf0e886614f077351b7af10c726a33afc0783bbb274cb842d6c624b
-
Filesize
4KB
MD51542d93be42615382bd29da2dc241bf9
SHA1b391fd5ccc4eb8411d240020f1e3bac6109a9c35
SHA25663de9d9babb23a85c751fba32f9c0501e00f6d60f71e6aac024aaf3bb8136b5e
SHA51291cb382f7fc07102e974bd5fc834cc0cd929bba70338f08fcf481d6bf4982608d210ecc869b06d95699f97adc0f0d951f03efbdc38cda275a6e1a6e43f245a67
-
Filesize
637KB
MD5de6a2d8f9f80b08887e992a65cf93ba4
SHA151d1962269cc80bfdcb04fd4e1f1966d4b4edb48
SHA256c3cee22c7e8907559428c6a886469829d7acd001d48b239f2170167280943b4f
SHA5122a2981b9152a8fa5cc5c0e0b0e651972deeab05c2ff164c183ca4d76390ddaa2a84dd76e8cc1c6af257222f6571e7c1013646ed2b3dd8e22bdf2a6b071a7e69a
-
Filesize
933KB
MD5efd940fb82b30181f789e92ea3b17f82
SHA1ec5831b8a138e513876d8ea9c5d93642cdefbb13
SHA256f8553e9eace3ddfdfc587c17d38aa1154fd4be53f46c2f0f78fd16cb56399008
SHA5128b2269665fe74c7ad622d7c4db733e1bfcdf31b03e00fc83a38c91ad423af4a2d3dce9cd7bfb77dad791c44d9b85183d94bff9404f05c30ebaa5e6673e9322a2
-
Filesize
15.5MB
MD57d9d7538b286651cdb7be19ab5013768
SHA133037b435bc9d602ef98c4b7d2f30399decd5923
SHA256eaad94e3b918c84906ebec36c7ce5a05e883ead71a82b46eff45d0a22d4d9e8f
SHA5127f46795e1b22e4bd7301aff492e43da37b6bdf8d76af854d1d83c3401228a2323a06464ebe4a950627ce6f520b9d202b95b38e0137dc816966ebb8db289bd2da
-
Filesize
5.3MB
MD58d58ca6cdcaab10228da9ad4f74f2274
SHA1fdea99bb6d814715fbd3a39bcdce928874d8a712
SHA256279107c0dccb733e68cf39f59236e01709d395887626715bc27b69d864dba4a7
SHA5122fb035245945b601f5851dc152a5b240c98044d85790cff1766eba3bc9b64b8895bac3504a1b2b5f86beca8f5e209b22b95632a14b138c16331695135b364242
-
Filesize
5.3MB
MD58d58ca6cdcaab10228da9ad4f74f2274
SHA1fdea99bb6d814715fbd3a39bcdce928874d8a712
SHA256279107c0dccb733e68cf39f59236e01709d395887626715bc27b69d864dba4a7
SHA5122fb035245945b601f5851dc152a5b240c98044d85790cff1766eba3bc9b64b8895bac3504a1b2b5f86beca8f5e209b22b95632a14b138c16331695135b364242
-
Filesize
5.7MB
MD502021252028e70098b27a4853c28466a
SHA1a07554baa14e00e6fecec2b1dbb4cbeed4ed51bb
SHA2567b91c826c001e9969100c5cdcf9292c2d71b774d11e5e951c896361d4f759f8a
SHA512ea581735b7cb76cfca164c6be2927b82d003a2cac4779c195440d7bd1199f64fc624c29d261198c7abe9e9028e0277cf0f2ae1bac999600c1bd11a96ded722a3
-
Filesize
5.7MB
MD502021252028e70098b27a4853c28466a
SHA1a07554baa14e00e6fecec2b1dbb4cbeed4ed51bb
SHA2567b91c826c001e9969100c5cdcf9292c2d71b774d11e5e951c896361d4f759f8a
SHA512ea581735b7cb76cfca164c6be2927b82d003a2cac4779c195440d7bd1199f64fc624c29d261198c7abe9e9028e0277cf0f2ae1bac999600c1bd11a96ded722a3
-
Filesize
5.3MB
MD5bfc1a3e3c77ec5f83af110aab34ff49f
SHA16b84a0f2707a4dcb9d4fd9d3480eba214f6d8feb
SHA256764901ce8027ad647b25a8b34d1aa4475ca4dac7911e294c3be7d0ba598f38b1
SHA51236f2959ec968047eb7488e42dbb0207411239ece6a8cf93036dfdb64a360c3714a53fdb968187f8993d3c1532c2a74b996dd46a3c6c4a5e05edfaf2cc0a28143
-
Filesize
5.3MB
MD5bfc1a3e3c77ec5f83af110aab34ff49f
SHA16b84a0f2707a4dcb9d4fd9d3480eba214f6d8feb
SHA256764901ce8027ad647b25a8b34d1aa4475ca4dac7911e294c3be7d0ba598f38b1
SHA51236f2959ec968047eb7488e42dbb0207411239ece6a8cf93036dfdb64a360c3714a53fdb968187f8993d3c1532c2a74b996dd46a3c6c4a5e05edfaf2cc0a28143
-
Filesize
76B
MD58f06f3f847ff26d6cbd6cba0c358c48f
SHA1bf77699748a04e1ed277d18c95b4a9fcc20cd661
SHA2560ee8aef3d5ef13b98c50eff348cd80addb1ba28bf158a987150204ec720a7e6d
SHA512b2f27ba783a9d5e09de42c62a6639541b1fa9c0b8889da8ae1ae0a639ee3c0f4d1940c1a0cad79d9bc0f3035ff46ca3137158da3e05a39c9f4d13e71317f6087
-
Filesize
134KB
MD56df3772f94b2215e48fa988e5b7f8fce
SHA17fe1f57ac9963f84afc556593aeff548b995f60e
SHA25607391791836cd3ecb20724f6e4818527696d847387fc78811b47614629f34548
SHA51223ff9c679fb3d39d751dd43e179b742673d3da983cd78992589aacc916f6a8ce8f54d32a57e95d440a5fc245a144a21b14a6ffa8980bf4fe3dcdf282b944cb6d
-
Filesize
12.5MB
MD56ce00409f919d8c44d4f379b18c7343b
SHA12312131f6a7c3cefb94f61bb23104ffce29e26f4
SHA2565c409a3d6301ee42c3f5e02eef67f21b5017f2a1abdf8c1d5f58c5ff202c4fe6
SHA512dfa34f6a31c7013484be8af446dbd5892e689db09c0e012c96de45679d862a75710f4b0f5ccc5f29f7b5e330689c2db6503d42b71434088611ecac24152af2b6
-
Filesize
12.5MB
MD56ce00409f919d8c44d4f379b18c7343b
SHA12312131f6a7c3cefb94f61bb23104ffce29e26f4
SHA2565c409a3d6301ee42c3f5e02eef67f21b5017f2a1abdf8c1d5f58c5ff202c4fe6
SHA512dfa34f6a31c7013484be8af446dbd5892e689db09c0e012c96de45679d862a75710f4b0f5ccc5f29f7b5e330689c2db6503d42b71434088611ecac24152af2b6
-
Filesize
12.5MB
MD56ce00409f919d8c44d4f379b18c7343b
SHA12312131f6a7c3cefb94f61bb23104ffce29e26f4
SHA2565c409a3d6301ee42c3f5e02eef67f21b5017f2a1abdf8c1d5f58c5ff202c4fe6
SHA512dfa34f6a31c7013484be8af446dbd5892e689db09c0e012c96de45679d862a75710f4b0f5ccc5f29f7b5e330689c2db6503d42b71434088611ecac24152af2b6
-
Filesize
12.5MB
MD56ce00409f919d8c44d4f379b18c7343b
SHA12312131f6a7c3cefb94f61bb23104ffce29e26f4
SHA2565c409a3d6301ee42c3f5e02eef67f21b5017f2a1abdf8c1d5f58c5ff202c4fe6
SHA512dfa34f6a31c7013484be8af446dbd5892e689db09c0e012c96de45679d862a75710f4b0f5ccc5f29f7b5e330689c2db6503d42b71434088611ecac24152af2b6
-
Filesize
197KB
MD5a5455d61ea37f17cebb04344cc20eacf
SHA130ce26106bd5d7c07a50351be8bb9456cdbd0613
SHA256dc371d0637f0584369ead17d70d744a4d6efae1e32b3f89e88561d549220f148
SHA5128ebb5b5491500ab6b4aa8715746ce0a8fb0626b5885a5e41010f3c469cedfccc68422c815cfb9e830f37863b1f479f9249f8a879cc828de349ee20894b408596
-
Filesize
197KB
MD5a5455d61ea37f17cebb04344cc20eacf
SHA130ce26106bd5d7c07a50351be8bb9456cdbd0613
SHA256dc371d0637f0584369ead17d70d744a4d6efae1e32b3f89e88561d549220f148
SHA5128ebb5b5491500ab6b4aa8715746ce0a8fb0626b5885a5e41010f3c469cedfccc68422c815cfb9e830f37863b1f479f9249f8a879cc828de349ee20894b408596
-
Filesize
3.4MB
MD53b02518c32afa8cad17c3507979a18fd
SHA1dc5016fb5f572715cc50f539f275bffc4ffc9a38
SHA2560af82d650a82dd99378c50c6ae8728c6492b3bd58ecfa8f5ce2e9f413026a781
SHA512755d2b8daa7bb1095c1f2c2c4378efc4d3606ee452c2a25068bc54e837e3388ffb8d34f83109dbccd443b447a273bdb69ed864451cd102c014febd794f059121
-
Filesize
3.4MB
MD53b02518c32afa8cad17c3507979a18fd
SHA1dc5016fb5f572715cc50f539f275bffc4ffc9a38
SHA2560af82d650a82dd99378c50c6ae8728c6492b3bd58ecfa8f5ce2e9f413026a781
SHA512755d2b8daa7bb1095c1f2c2c4378efc4d3606ee452c2a25068bc54e837e3388ffb8d34f83109dbccd443b447a273bdb69ed864451cd102c014febd794f059121
-
Filesize
3.4MB
MD53b02518c32afa8cad17c3507979a18fd
SHA1dc5016fb5f572715cc50f539f275bffc4ffc9a38
SHA2560af82d650a82dd99378c50c6ae8728c6492b3bd58ecfa8f5ce2e9f413026a781
SHA512755d2b8daa7bb1095c1f2c2c4378efc4d3606ee452c2a25068bc54e837e3388ffb8d34f83109dbccd443b447a273bdb69ed864451cd102c014febd794f059121
-
Filesize
3.4MB
MD53b02518c32afa8cad17c3507979a18fd
SHA1dc5016fb5f572715cc50f539f275bffc4ffc9a38
SHA2560af82d650a82dd99378c50c6ae8728c6492b3bd58ecfa8f5ce2e9f413026a781
SHA512755d2b8daa7bb1095c1f2c2c4378efc4d3606ee452c2a25068bc54e837e3388ffb8d34f83109dbccd443b447a273bdb69ed864451cd102c014febd794f059121
-
Filesize
162KB
MD5ce0779c06b209de9bb3ec03d3f95fda7
SHA1defe29adcb0f80e3f3ffc02a77fa18803cb79467
SHA256907da7e1a7dbd07e2d0a2716c95729a5c9fd8ceaee02859b2418621e4916e505
SHA512bbcb07c7b726c29ab9d8fd812bdb1ac20089bb808cc02988c9bc5738c41ba2f35536d7937f4be1f3efbe8d72e928fd36653b04c86aa662881105be7e1181c66e
-
Filesize
162KB
MD5ce0779c06b209de9bb3ec03d3f95fda7
SHA1defe29adcb0f80e3f3ffc02a77fa18803cb79467
SHA256907da7e1a7dbd07e2d0a2716c95729a5c9fd8ceaee02859b2418621e4916e505
SHA512bbcb07c7b726c29ab9d8fd812bdb1ac20089bb808cc02988c9bc5738c41ba2f35536d7937f4be1f3efbe8d72e928fd36653b04c86aa662881105be7e1181c66e
-
Filesize
162KB
MD5ce0779c06b209de9bb3ec03d3f95fda7
SHA1defe29adcb0f80e3f3ffc02a77fa18803cb79467
SHA256907da7e1a7dbd07e2d0a2716c95729a5c9fd8ceaee02859b2418621e4916e505
SHA512bbcb07c7b726c29ab9d8fd812bdb1ac20089bb808cc02988c9bc5738c41ba2f35536d7937f4be1f3efbe8d72e928fd36653b04c86aa662881105be7e1181c66e
-
Filesize
162KB
MD5ce0779c06b209de9bb3ec03d3f95fda7
SHA1defe29adcb0f80e3f3ffc02a77fa18803cb79467
SHA256907da7e1a7dbd07e2d0a2716c95729a5c9fd8ceaee02859b2418621e4916e505
SHA512bbcb07c7b726c29ab9d8fd812bdb1ac20089bb808cc02988c9bc5738c41ba2f35536d7937f4be1f3efbe8d72e928fd36653b04c86aa662881105be7e1181c66e
-
Filesize
507KB
MD51637ae5c830a34519a693759a9708084
SHA1097e5b9e5e9015ad6b3743adc54ed75745b6db8d
SHA256e34125a10a02d47637a5cda8a19949c6cff0f38bdf1692542ad71bfff711b744
SHA512db04bf203ef9fc5d7dc04f7a71fba967127974cc3c82474e7110c79d3cdc24c00e637aceb0bdac30a4fe0e5b7de2d2fe4c6da2fb27de7fa218696a92939da02f
-
Filesize
507KB
MD51637ae5c830a34519a693759a9708084
SHA1097e5b9e5e9015ad6b3743adc54ed75745b6db8d
SHA256e34125a10a02d47637a5cda8a19949c6cff0f38bdf1692542ad71bfff711b744
SHA512db04bf203ef9fc5d7dc04f7a71fba967127974cc3c82474e7110c79d3cdc24c00e637aceb0bdac30a4fe0e5b7de2d2fe4c6da2fb27de7fa218696a92939da02f
-
Filesize
507KB
MD51637ae5c830a34519a693759a9708084
SHA1097e5b9e5e9015ad6b3743adc54ed75745b6db8d
SHA256e34125a10a02d47637a5cda8a19949c6cff0f38bdf1692542ad71bfff711b744
SHA512db04bf203ef9fc5d7dc04f7a71fba967127974cc3c82474e7110c79d3cdc24c00e637aceb0bdac30a4fe0e5b7de2d2fe4c6da2fb27de7fa218696a92939da02f
-
Filesize
507KB
MD51637ae5c830a34519a693759a9708084
SHA1097e5b9e5e9015ad6b3743adc54ed75745b6db8d
SHA256e34125a10a02d47637a5cda8a19949c6cff0f38bdf1692542ad71bfff711b744
SHA512db04bf203ef9fc5d7dc04f7a71fba967127974cc3c82474e7110c79d3cdc24c00e637aceb0bdac30a4fe0e5b7de2d2fe4c6da2fb27de7fa218696a92939da02f
-
Filesize
507KB
MD51637ae5c830a34519a693759a9708084
SHA1097e5b9e5e9015ad6b3743adc54ed75745b6db8d
SHA256e34125a10a02d47637a5cda8a19949c6cff0f38bdf1692542ad71bfff711b744
SHA512db04bf203ef9fc5d7dc04f7a71fba967127974cc3c82474e7110c79d3cdc24c00e637aceb0bdac30a4fe0e5b7de2d2fe4c6da2fb27de7fa218696a92939da02f
-
Filesize
20KB
MD5343b8b6b68a46e17c91c73d0b6e7b694
SHA1616d5f3bc2aabd78878b8241e341717c7d31e462
SHA256d2fa3c3c395848bb59036dcf2232a804e46a5ccd4e55a340a0f28615c6e7b949
SHA512290856c9f4feb3aa60372f60e59285644cbcc4120ac5a11e57ee8fd4fdb361f8070c7d21c797fe75c944b8299854aa57bfe7b975482cbe17b5a66a0e95318074
-
Filesize
80KB
MD53904d0698962e09da946046020cbcb17
SHA1edae098e7e8452ca6c125cf6362dda3f4d78f0ae
SHA256a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289
SHA512c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea
-
Filesize
80KB
MD53904d0698962e09da946046020cbcb17
SHA1edae098e7e8452ca6c125cf6362dda3f4d78f0ae
SHA256a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289
SHA512c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea
-
Filesize
80KB
MD53904d0698962e09da946046020cbcb17
SHA1edae098e7e8452ca6c125cf6362dda3f4d78f0ae
SHA256a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289
SHA512c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea
-
Filesize
9B
MD59d6d76179f1a63fb861a800e2bcbe37e
SHA1280070b623923879703ba87328cda22f0ce122a0
SHA2567ba9c483d856cc2e851f9122492bbb68b0ccd926acf8755419b4abd6ffc4ed56
SHA5121ebf9f966a4d4ae9a152ef5d7a69c16311154a278d703e96be5b1f8f7f9c268d7c5c818dcceff278c2af14ef04266d892a960b1989f2dc9d31ce9573eabca232
-
Filesize
334KB
MD5eee514d376b35d25a0884f9e0403e00d
SHA10f63de66d2ea98ca2538186ccaa994644e282a68
SHA25648555f1e4a34e826167a326b079997a14b2b30359101653a103d75d91da3227f
SHA512651dbc7b99b8f73084b38a1484b449eb5fb655b882394363491dc37423e0af3e605890f60034dc3d04ed644a213711589d13764b987076ca552858399adc79a9
-
Filesize
334KB
MD5eee514d376b35d25a0884f9e0403e00d
SHA10f63de66d2ea98ca2538186ccaa994644e282a68
SHA25648555f1e4a34e826167a326b079997a14b2b30359101653a103d75d91da3227f
SHA512651dbc7b99b8f73084b38a1484b449eb5fb655b882394363491dc37423e0af3e605890f60034dc3d04ed644a213711589d13764b987076ca552858399adc79a9
-
Filesize
637KB
MD5de6a2d8f9f80b08887e992a65cf93ba4
SHA151d1962269cc80bfdcb04fd4e1f1966d4b4edb48
SHA256c3cee22c7e8907559428c6a886469829d7acd001d48b239f2170167280943b4f
SHA5122a2981b9152a8fa5cc5c0e0b0e651972deeab05c2ff164c183ca4d76390ddaa2a84dd76e8cc1c6af257222f6571e7c1013646ed2b3dd8e22bdf2a6b071a7e69a
-
Filesize
933KB
MD5efd940fb82b30181f789e92ea3b17f82
SHA1ec5831b8a138e513876d8ea9c5d93642cdefbb13
SHA256f8553e9eace3ddfdfc587c17d38aa1154fd4be53f46c2f0f78fd16cb56399008
SHA5128b2269665fe74c7ad622d7c4db733e1bfcdf31b03e00fc83a38c91ad423af4a2d3dce9cd7bfb77dad791c44d9b85183d94bff9404f05c30ebaa5e6673e9322a2
-
Filesize
32KB
MD5563a865d7191f4b77c7152f161dcb328
SHA1b9d5dc25e5e68ad7f28eac130e5d25d73f2a1083
SHA2562036fbde7643f06831d796cfd630fee6103f632e7e0664f26dab10e30f0af9ad
SHA512c2a0c9480a4676fac25924880d0c50c6d34a81592aec52b190e3594167a421f1c2dc884947a7d3f155acf216a5968a4e26c2795131ebba423aa6fad98510c5c5
-
Filesize
632KB
MD59faf7aff3206e7430427405d14bbe2f6
SHA145e519e4b219d4ee8fb94ba6ea7c72147f7b363c
SHA256abc069c8b7d93ac02b477288e18a4a3ae74503bcd40022e04e1d62dd7bc66739
SHA512207f987b26eaeef103a5ac2f111d9d1d7866d3409cfc8a7e615fa768aa4e701af4ea5f893672eac91fb52d41edc4f4e78187de62187bb02b087548fdd9afce42
-
Filesize
1.2MB
MD5f5a5baf57bd27498d12c65737f07bfc7
SHA19b4b01d6cb9959bfd82bb6a7e4ca46929b06898e
SHA25661f46233a985ee3b94f3a6fd2402eadf7c9bdea28c0b9b022119299389c1f2e8
SHA512bccdffb9a6203eb6ab5fb6d3035310b9b5fc0ce2ab12b33124f618b7141f714f7097ce624021a68e65f7b7ee890aaba5f8ff83838099a58693d4f7977cd8f3e0
-
Filesize
1.2MB
MD5f5a5baf57bd27498d12c65737f07bfc7
SHA19b4b01d6cb9959bfd82bb6a7e4ca46929b06898e
SHA25661f46233a985ee3b94f3a6fd2402eadf7c9bdea28c0b9b022119299389c1f2e8
SHA512bccdffb9a6203eb6ab5fb6d3035310b9b5fc0ce2ab12b33124f618b7141f714f7097ce624021a68e65f7b7ee890aaba5f8ff83838099a58693d4f7977cd8f3e0
-
Filesize
515B
MD553652fbac2fdefeafa80578953d7e59d
SHA1b814c92fbe579e19795eed67177e80b9efcd65ae
SHA256921482e9539d5aa4f0b9dac9cca393e68172ceece387a84fe0d8a57d5f6ed7c4
SHA5125bb75dc03b4ddc9db09b75a0b7f03b4b3a1da1a266a303c6174e0f8d738153031ee5a376ae6c71028dceea92fea0313335c659e5b51ffd0b86cb8da0a189df37
-
Filesize
918B
MD5b3589fecb19d694e77ca288204ed2a2a
SHA1af0232084fe781dbc3799ee8c2b6eec6356b5a87
SHA256301b6a7c67bbf31db3aa02c6ae484ab032cf9625efeaf8e3c59b18070f062e37
SHA512625e4276dbbc17d1f75aaf7e73bd2673259066c8eea19190591797d5f4334caee79adf235b56bc9b352630ad16e2689d6efb8168033eb4093735b78d3b74293f
-
Filesize
534KB
MD55d7b9e16dfe9a6a7c91e20714e4bf15c
SHA1604249be4b3343fe7297d5fd973751c833f40dcf
SHA25640c20c2c96ac849ceaadd1bd76718b50ecc309ded8f32d4b54e25df088c359df
SHA512e505e25d1b19fc6341963f619c44b4716c18ec6ff4fe1098ed1cabf1f7251aedb0f7bc2a839e5e5aa3fac7a431f1610aa7a46d41b74b3465d4a4093ae6fd1ae0
-
Filesize
534KB
MD55d7b9e16dfe9a6a7c91e20714e4bf15c
SHA1604249be4b3343fe7297d5fd973751c833f40dcf
SHA25640c20c2c96ac849ceaadd1bd76718b50ecc309ded8f32d4b54e25df088c359df
SHA512e505e25d1b19fc6341963f619c44b4716c18ec6ff4fe1098ed1cabf1f7251aedb0f7bc2a839e5e5aa3fac7a431f1610aa7a46d41b74b3465d4a4093ae6fd1ae0
-
Filesize
72.0MB
MD5cbfad1fea052374db865b71ec9d3076b
SHA1232f1a311f95227302bce36054ace536eec7a1b1
SHA2565615e7edbceb23cc41566c77634e5881105e50aef5065725f8cbf837753a370b
SHA512bc392c1d514a35fd8664fd718ece134a3aff3551fb83464d4a7f4ccc5a0bf1406a7c49e6aa42a86911481e6a761adabf6a148ce6a41e1976299d2eeba4a650b7
-
Filesize
72.0MB
MD5cbfad1fea052374db865b71ec9d3076b
SHA1232f1a311f95227302bce36054ace536eec7a1b1
SHA2565615e7edbceb23cc41566c77634e5881105e50aef5065725f8cbf837753a370b
SHA512bc392c1d514a35fd8664fd718ece134a3aff3551fb83464d4a7f4ccc5a0bf1406a7c49e6aa42a86911481e6a761adabf6a148ce6a41e1976299d2eeba4a650b7
-
Filesize
110KB
MD5a636635610303bf4b8b2cdaae7b6d82f
SHA1dbf4265ec30f97c7f9bd62ead609e73db4e2a592
SHA2566b57c19cd10de01840989f8fae7169af3021e9e948c06426c008db0495f4ab50
SHA51237132ebab1f6c9591c9fe35f9692f730b28f286d73f2c451ac9913770d4da580a49ac513a33b792be78c72052119161381c247bb1c453887f746dc540536d29f
-
Filesize
85KB
MD58df6762b0cdd311d1fc0950d13c7b01c
SHA16a686ab8f59d08edcbbbb0aaf74647f3977f0368
SHA2560f33a393ed3f5de7441e23cb203abe38d7f589fa1777cdd3c46116dd5628110e
SHA512fe2e3aed1efc965a1009d5cab64760d1d58e21081882e8447b082ad8a8395a25cbed269db86279e49bc30631deb2047b1c5f35b1749eaf521580e416ec350e7a
-
Filesize
141KB
MD537398ff4b0c275ee6cb9226d53783f0d
SHA1cdcf622a155947bebc58f5baf6a1a152cf9fdbb0
SHA256d430c5e31f1cfecd63639bcfbf496cc977472894b2bb9314a5113ab24ec11d0c
SHA512cfc037d97ceb462aaba8f47778df14b9485f2463e3c1e99d454904b3d6b87c1860d3af140669af703621fcc4aac78fadd6246774c9fa6130940745853f53d1f7
-
Filesize
152B
MD578c7656527762ed2977adf983a6f4766
SHA121a66d2eefcb059371f4972694057e4b1f827ce6
SHA256e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296
SHA5120a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5128029e-7d01-4016-a454-82380c3d1f4c.tmp
Filesize4KB
MD58f3e4429ea2e669b0c7f3341e50d2079
SHA1c1324c6c2afc95372b7e73bb5550062bf261f0a7
SHA256cbbe6a55ea0a2844440ab4f48146b5cb21a3f0de550e9457c5adf3f70aeadbf1
SHA512917ee57e08da5216ae18d14d3a2bd111984d6bf0e972928a47cd2fa7d25cfdcb28ce325fc3cf2ea418086e521c1559c63c8ce80c6489972aed6ce88d8f18ac9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize864B
MD5d653ece38be6c12531797a76d312cc2f
SHA104784ce4ce0f468f0c28e42c9f286c8ea9fb40eb
SHA256e86ed0dd540eea18292e6c37b9162682c5f1a320721ae58c27fd61cebf48cd9b
SHA512d748d02766a70a0e5744f17668205c5ea1545a9a52d3cdee18ee7c30f465b85660246080e5a87b78dfb4e29c07dd005ad59c3d55d5c5a8387c35eebb15d45223
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58217d.TMP
Filesize48B
MD5de9fce93c5c645e8fcc8c45262b59631
SHA14acfe5c730c9d4c0975382bef3888564672a3764
SHA256219842c50f3a70cb574d01cc6b8b9f53d9e60a77fc09e693f6a8e316308a1a60
SHA51294ffb0d240dc062846afae775b643a606ac81f7fbd5424c3df72b50cf0677ed24adaec381ef4f89828056c5b29f728679fb2c3742943763a0f4529056ccef5f5
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD50ab41e55b95f7de61f7a071e8feaa1d2
SHA172862e11c21419d9e5fe6beaef7e556fda949488
SHA25667d4882745525af9e2cd86614095867463df6eeb19f2333e897999c9577daaa9
SHA5128c33be12bdcba364747069b109f44641836ca08c214d6dce14e1274cacc3bd0f72f781ad0bd8e75aa6da14931f85be7b62c3bb970956d1665bcd4a783d6be185
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD541316eb2a93aaedfc8b03000dfe4c36c
SHA1e42dfb8bdb81ba215ff9642ff8b325899b763402
SHA256305cd523a123f1a7f28cd7dd48479d542c8409bb4c7cfd76642cc531f45cdab7
SHA5129171c397b749ff58afb3424d1a982d7fce11721f0456b44c1f04fcd9f2fcfa0a2b2273acf5e46c9c4427b36009194911f987161eb887b7a35010e44cf5ce9f0e
-
Filesize
7KB
MD5062694087d29992a553603e91b264d46
SHA112d242febeda572d60854acf293f71b1a69c12e8
SHA256867ee395bb0ae69cb89230146041b4311126d6d750162303e5456c94ff7cea3d
SHA51269e5c8a79d54623f82220c9c55d39244f43689ae07bf86d8ad8dde7b6cf572b609b0b1189ab5f93e359b633304535811b72d32afee437035a446cbf4c99a86ad
-
Filesize
7KB
MD5fd5c09a56cec2b8411d57ba2d5b0a35a
SHA1dd9c41c637d7458000243e522a5d1074d12feaa9
SHA256a4a9c9f57edffc6943cd5cc6a85f694e60b083747c01cc0b091a254944c765fc
SHA512722a33311e652c48f7949735358c276f544cbb149d3a663af457f672b45baeee3984ff7b76df89a5e44cf966d95cf46b954d0701a0dc475398a94f922b784779
-
Filesize
24KB
MD502ee7addc9e8a2d07af55556ebf0ff5c
SHA1020161bb64ecb7c6e6886ccc055908984dc651d8
SHA256552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc
SHA512567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f7ad436d24c466071c8acfc79e56e4c10d534c7f\index.txt
Filesize85B
MD5f27a15b23afb862765012b9734d25c70
SHA1291f595b77887356896b8dd803b04ddd604a87dc
SHA2561416229612e39c71293c549276341fff92a222f544fdb2c632eeb295999331fe
SHA512dd32fc7696988e2b61c2a40b1deead6c5d2cc2c6cae15c89b21030e81e441025cf3bdc856b16a57551b21d915834e7eb0656ff02c086ebd47ed75811547db4bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f7ad436d24c466071c8acfc79e56e4c10d534c7f\index.txt~RFe580f8b.TMP
Filesize92B
MD5aa03a83cb6554c1c4ed12c0125848bc4
SHA197f252424e98155fd9c7f9a321b2a008218b373c
SHA2568c282dfe7bd975b08086f9f46deef7027d824977f52555fe3cb02a6b350cacfe
SHA51295b9b54bfd230f1be567ea07b0ffeb732e8f6bf973846fd45ae4dfd0ab1561c42df9f321fd4a498a987076410897d0753eca58660fbb10bfa138413f6b6df85a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5ad84e0af5b1106a5f0dd744c4dc11512
SHA1078c4e7a4ee54ecdf072c7af0e98e4df92c9d40b
SHA25647e1c28717e5c03edcc93f27b613c08e4626a6b3223ad9de05621eeeafb4233f
SHA512f09b2cb69f582c0601472af1269cedde23a0ce8b529d561f5302cd9e3327f25731e2106733332818a3692c1d6be3dd4dcfdd65a9163def0169a09b22295cc333
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580c8e.TMP
Filesize48B
MD5130497e129e0728abc9068818f66ac0c
SHA1a433d0373aa97b3bbf9e4fa38a0b6d2d44b5dab7
SHA25658ba7c00c61a2f9cc8f6e8978ed34cbbd77981efa5cdf06dab7a0f124918f12a
SHA512e8e59e5617a265878274745750d40198ee75dc43e6c1a6dcbb8737e59bae1add44d92a85615d5e73a266934ab7b7f1bbf9288bbae701907ccaa89c0ab6560be7
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
12KB
MD5d0e0bd87a1fb090cec60f84e1d75a981
SHA1ef6a9a74a759e48b83c45e14fcdfc353fd77ea05
SHA256371b04714b8a782023ba712f229a80308fdd8870dafce95ebad4352f3467c411
SHA512da190175ea81122b654134215afc0c19b0221c3638561df18ebd856d91480526916fd3f7c0e02f4122f67e8efe3898d36b2184989035fd79adec94724a1021f6
-
Filesize
9KB
MD51a5a93f9f0c7fc3c53d986a2d29d6e41
SHA1cef9ea3826f8fce84af7aeadb627941f366070cb
SHA2564e9e16aa3409aaa626a9111d046f576a4cb39cd24fa926bf7af49a1b60e9660b
SHA5129d70970b4dd5eb72acd339a9e077f43fc81a11d2c71686e36a0abbd1a9b4f87911b4981b4f575c7af7cfa06ca8487b38b7c8f70caf16c9bbd2dc3f0d2a256fd9
-
Filesize
6KB
MD5e4211d6d009757c078a9fac7ff4f03d4
SHA1019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA51217257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e
-
Filesize
1.2MB
MD5dec02867f1463d4458bb2483c76d1cd8
SHA1663d02a666fafd946b60ce54b0fd8c2212b44cd4
SHA2568343b0628d8aae5af279349b80ce9afb8c241b8b2dcade63dd6e4a5b6b66551b
SHA5124b1b39025567f9de09bfb121ea00367d95af07ba74bfad740545cf2faabb790050ae20e7168eda47bb9490d3fd982f2aeaf0e9076d0aadd89d4848ec8eb982af
-
Filesize
1.2MB
MD5dec02867f1463d4458bb2483c76d1cd8
SHA1663d02a666fafd946b60ce54b0fd8c2212b44cd4
SHA2568343b0628d8aae5af279349b80ce9afb8c241b8b2dcade63dd6e4a5b6b66551b
SHA5124b1b39025567f9de09bfb121ea00367d95af07ba74bfad740545cf2faabb790050ae20e7168eda47bb9490d3fd982f2aeaf0e9076d0aadd89d4848ec8eb982af
-
Filesize
31KB
MD5886d29da29b15a50d806d03b6e0a9943
SHA18f518d36b1157d3b1fb114f04af012df2e540ba0
SHA25675906265407dfb6cbee83857ad5a33de3d2f85426e1fe58d115cb06df4453e64
SHA51207427171449d165a3a58f933d3dcb196690f9b7654901426247ee7a2b9063d8ec0ab34db51923647d2a08202e5de8d80c45ece2f98a99c9de49f301adbd70188
-
Filesize
9KB
MD58a44de3c5d5119b9a48177db0a62cd0f
SHA1639525218ca83c1a9e64c2741862d085589fc07f
SHA256fcc7df59eaafc3aff7b9392bcc7e7ca3092d3a620c0074d8a689124849ca06c8
SHA5127b62bac42149a85b2290ed3342493a05c00df47067362c1632c4c0b43481fb33a847b1eea1012b454c2d4a238de1bc9e63b8bbeb52cda7c323350d58fe69cb56
-
Filesize
31KB
MD5886d29da29b15a50d806d03b6e0a9943
SHA18f518d36b1157d3b1fb114f04af012df2e540ba0
SHA25675906265407dfb6cbee83857ad5a33de3d2f85426e1fe58d115cb06df4453e64
SHA51207427171449d165a3a58f933d3dcb196690f9b7654901426247ee7a2b9063d8ec0ab34db51923647d2a08202e5de8d80c45ece2f98a99c9de49f301adbd70188
-
Filesize
9KB
MD58a44de3c5d5119b9a48177db0a62cd0f
SHA1639525218ca83c1a9e64c2741862d085589fc07f
SHA256fcc7df59eaafc3aff7b9392bcc7e7ca3092d3a620c0074d8a689124849ca06c8
SHA5127b62bac42149a85b2290ed3342493a05c00df47067362c1632c4c0b43481fb33a847b1eea1012b454c2d4a238de1bc9e63b8bbeb52cda7c323350d58fe69cb56
-
Filesize
4KB
MD51542d93be42615382bd29da2dc241bf9
SHA1b391fd5ccc4eb8411d240020f1e3bac6109a9c35
SHA25663de9d9babb23a85c751fba32f9c0501e00f6d60f71e6aac024aaf3bb8136b5e
SHA51291cb382f7fc07102e974bd5fc834cc0cd929bba70338f08fcf481d6bf4982608d210ecc869b06d95699f97adc0f0d951f03efbdc38cda275a6e1a6e43f245a67
-
Filesize
4KB
MD51542d93be42615382bd29da2dc241bf9
SHA1b391fd5ccc4eb8411d240020f1e3bac6109a9c35
SHA25663de9d9babb23a85c751fba32f9c0501e00f6d60f71e6aac024aaf3bb8136b5e
SHA51291cb382f7fc07102e974bd5fc834cc0cd929bba70338f08fcf481d6bf4982608d210ecc869b06d95699f97adc0f0d951f03efbdc38cda275a6e1a6e43f245a67
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD50a0f4b7d9304d314b2cc7a1a5c2103d8
SHA126d1ead51e4cf56b6d054b632890ffa48d7c5dc7
SHA2560c3b24cee4fd6af35a3896f0c75c9d0a0784bdb77c6ebe506220375bf599ac8c
SHA512c6ebe84b8118392d7602c3bfe3b6eafd90ab18baf8db3b85c80694f12ca8861f82802396f29d9aba12bd948a3817b96e8ba5bc1176affa06b48797529ece5d8d
-
Filesize
4KB
MD51542d93be42615382bd29da2dc241bf9
SHA1b391fd5ccc4eb8411d240020f1e3bac6109a9c35
SHA25663de9d9babb23a85c751fba32f9c0501e00f6d60f71e6aac024aaf3bb8136b5e
SHA51291cb382f7fc07102e974bd5fc834cc0cd929bba70338f08fcf481d6bf4982608d210ecc869b06d95699f97adc0f0d951f03efbdc38cda275a6e1a6e43f245a67
-
Filesize
31KB
MD5886d29da29b15a50d806d03b6e0a9943
SHA18f518d36b1157d3b1fb114f04af012df2e540ba0
SHA25675906265407dfb6cbee83857ad5a33de3d2f85426e1fe58d115cb06df4453e64
SHA51207427171449d165a3a58f933d3dcb196690f9b7654901426247ee7a2b9063d8ec0ab34db51923647d2a08202e5de8d80c45ece2f98a99c9de49f301adbd70188
-
Filesize
4KB
MD51542d93be42615382bd29da2dc241bf9
SHA1b391fd5ccc4eb8411d240020f1e3bac6109a9c35
SHA25663de9d9babb23a85c751fba32f9c0501e00f6d60f71e6aac024aaf3bb8136b5e
SHA51291cb382f7fc07102e974bd5fc834cc0cd929bba70338f08fcf481d6bf4982608d210ecc869b06d95699f97adc0f0d951f03efbdc38cda275a6e1a6e43f245a67
-
Filesize
31KB
MD5886d29da29b15a50d806d03b6e0a9943
SHA18f518d36b1157d3b1fb114f04af012df2e540ba0
SHA25675906265407dfb6cbee83857ad5a33de3d2f85426e1fe58d115cb06df4453e64
SHA51207427171449d165a3a58f933d3dcb196690f9b7654901426247ee7a2b9063d8ec0ab34db51923647d2a08202e5de8d80c45ece2f98a99c9de49f301adbd70188
-
Filesize
9KB
MD58a44de3c5d5119b9a48177db0a62cd0f
SHA1639525218ca83c1a9e64c2741862d085589fc07f
SHA256fcc7df59eaafc3aff7b9392bcc7e7ca3092d3a620c0074d8a689124849ca06c8
SHA5127b62bac42149a85b2290ed3342493a05c00df47067362c1632c4c0b43481fb33a847b1eea1012b454c2d4a238de1bc9e63b8bbeb52cda7c323350d58fe69cb56