hxxps://github[.]com/ScriptHUBofficial/multidiscordtool

Analysis

max time kernel
298s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ScriptHUBofficial/multidiscordtool

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3964	node.exe

Loads dropped DLL 9 IoCs

pid	Process
5184	MsiExec.exe
5236	MsiExec.exe
5184	MsiExec.exe
5236	MsiExec.exe
3588	MsiExec.exe
3588	MsiExec.exe
3588	MsiExec.exe
5788	MsiExec.exe
1004	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\diff\line.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-ping.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\shrinkwrap.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\prune.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\console-control-strings\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-install-ci-test.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\defaults\test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\validate-npm-package-license\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\sbom-cyclonedx.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\has-magic.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi-cjs\node_modules\ansi-styles\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\developers.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\patch\parse.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\getProp.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\receivebuffer.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\subclass.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\esm\has-magic.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wide-align\align.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\types.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\registry.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\errors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\duplex.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\utility.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\string-width\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\open-url-prompt.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\index.js.map	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\docs\examples\javascript\connectExample.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpack\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\process\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-packlist\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi-cjs\node_modules\ansi-styles\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-rebuild.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@isaacs\cliui\node_modules\emoji-regex\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cidr-regex\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\patch\merge.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\pipeline.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ssri\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-fund.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\help-search.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\error-message.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmaccess\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\lib\run-script.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\fastest-levenshtein\test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\read-cmd-shim\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\unique-slug\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npm	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-logout.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\are-we-there-yet\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\delegates\History.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\add-abort-signal.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\normalize-unicode.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\wcwidth\combining.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\stream\promises.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\corepack\shims\nodewin\npm.ps1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\lib\colors.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\util\is-package-bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\selectors\node.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\process\index.js	msiexec.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI2C7A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{DA5C7599-681B-43F8-B8A6-20D986C704F9}	msiexec.exe
File opened for modification	C:\Windows\Installer\{DA5C7599-681B-43F8-B8A6-20D986C704F9}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA4EB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5829e9.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2DF2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI59C5.tmp	msiexec.exe
File created	C:\Windows\Installer\{DA5C7599-681B-43F8-B8A6-20D986C704F9}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9C01.tmp	msiexec.exe
File created	C:\Windows\Installer\e5829eb.msi	msiexec.exe
File created	C:\Windows\Installer\e5829e9.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI64E2.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000eb7a6b2c8ffa81410000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000eb7a6b2c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900eb7a6b2c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1deb7a6b2c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000eb7a6b2c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

Modifies registry class 32 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\9957C5ADB1868F348B6A029D687C409F	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\corepack	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\DocumentationShortcuts	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3316742141-2240921845-2885234760-1000\{D77FCA2E-C612-4B07-8414-DAFDF1293836}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\EnvironmentPathNode = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList\PackageName = "node-v20.11.1-x64.msi"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\npm	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\ProductIcon = "C:\\Windows\\Installer\\{DA5C7599-681B-43F8-B8A6-20D986C704F9}\\NodeIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\Version = "336265217"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\ProductName = "Node.js"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\NodeRuntime	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9957C5ADB1868F348B6A029D687C409F\EnvironmentPath	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\PackageCode = "048BAA490FC47FE48B7B9F53EE26ADCC"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9957C5ADB1868F348B6A029D687C409F\SourceList\Media\1 = ";"	msiexec.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 142227.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4912	msedge.exe
4912	msedge.exe
4568	msedge.exe
4568	msedge.exe
2324	identity_helper.exe
2324	identity_helper.exe
1620	msedge.exe
1620	msedge.exe
6104	msedge.exe
6104	msedge.exe
2864	msiexec.exe
2864	msiexec.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4304	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4304	msiexec.exe
Token: SeShutdownPrivilege	3976	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3976	msiexec.exe
Token: SeSecurityPrivilege	2864	msiexec.exe
Token: SeCreateTokenPrivilege	4304	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4304	msiexec.exe
Token: SeLockMemoryPrivilege	4304	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4304	msiexec.exe
Token: SeMachineAccountPrivilege	4304	msiexec.exe
Token: SeTcbPrivilege	4304	msiexec.exe
Token: SeSecurityPrivilege	4304	msiexec.exe
Token: SeTakeOwnershipPrivilege	4304	msiexec.exe
Token: SeLoadDriverPrivilege	4304	msiexec.exe
Token: SeSystemProfilePrivilege	4304	msiexec.exe
Token: SeSystemtimePrivilege	4304	msiexec.exe
Token: SeProfSingleProcessPrivilege	4304	msiexec.exe
Token: SeIncBasePriorityPrivilege	4304	msiexec.exe
Token: SeCreatePagefilePrivilege	4304	msiexec.exe
Token: SeCreatePermanentPrivilege	4304	msiexec.exe
Token: SeBackupPrivilege	4304	msiexec.exe
Token: SeRestorePrivilege	4304	msiexec.exe
Token: SeShutdownPrivilege	4304	msiexec.exe
Token: SeDebugPrivilege	4304	msiexec.exe
Token: SeAuditPrivilege	4304	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4304	msiexec.exe
Token: SeChangeNotifyPrivilege	4304	msiexec.exe
Token: SeRemoteShutdownPrivilege	4304	msiexec.exe
Token: SeUndockPrivilege	4304	msiexec.exe
Token: SeSyncAgentPrivilege	4304	msiexec.exe
Token: SeEnableDelegationPrivilege	4304	msiexec.exe
Token: SeManageVolumePrivilege	4304	msiexec.exe
Token: SeImpersonatePrivilege	4304	msiexec.exe
Token: SeCreateGlobalPrivilege	4304	msiexec.exe
Token: SeCreateTokenPrivilege	3976	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3976	msiexec.exe
Token: SeLockMemoryPrivilege	3976	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3976	msiexec.exe
Token: SeMachineAccountPrivilege	3976	msiexec.exe
Token: SeTcbPrivilege	3976	msiexec.exe
Token: SeSecurityPrivilege	3976	msiexec.exe
Token: SeTakeOwnershipPrivilege	3976	msiexec.exe
Token: SeLoadDriverPrivilege	3976	msiexec.exe
Token: SeSystemProfilePrivilege	3976	msiexec.exe
Token: SeSystemtimePrivilege	3976	msiexec.exe
Token: SeProfSingleProcessPrivilege	3976	msiexec.exe
Token: SeIncBasePriorityPrivilege	3976	msiexec.exe
Token: SeCreatePagefilePrivilege	3976	msiexec.exe
Token: SeCreatePermanentPrivilege	3976	msiexec.exe
Token: SeBackupPrivilege	3976	msiexec.exe
Token: SeRestorePrivilege	3976	msiexec.exe
Token: SeShutdownPrivilege	3976	msiexec.exe
Token: SeDebugPrivilege	3976	msiexec.exe
Token: SeAuditPrivilege	3976	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3976	msiexec.exe
Token: SeChangeNotifyPrivilege	3976	msiexec.exe
Token: SeRemoteShutdownPrivilege	3976	msiexec.exe
Token: SeUndockPrivilege	3976	msiexec.exe
Token: SeSyncAgentPrivilege	3976	msiexec.exe
Token: SeEnableDelegationPrivilege	3976	msiexec.exe
Token: SeManageVolumePrivilege	3976	msiexec.exe
Token: SeImpersonatePrivilege	3976	msiexec.exe
Token: SeCreateGlobalPrivilege	3976	msiexec.exe
Token: SeCreateTokenPrivilege	4304	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4304	msiexec.exe
3976	msiexec.exe
4304	msiexec.exe
3976	msiexec.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4304	msiexec.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe
1624	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1624	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2428	4912	msedge.exe	37
PID 4912 wrote to memory of 2428	4912	msedge.exe	37
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 1036	4912	msedge.exe	88
PID 4912 wrote to memory of 4640	4912	msedge.exe	89
PID 4912 wrote to memory of 4640	4912	msedge.exe	89
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90
PID 4912 wrote to memory of 1688	4912	msedge.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/ScriptHUBofficial/multidiscordtool
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb43d46f8,0x7ffbb43d4708,0x7ffbb43d4718
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\node-v20.11.1-x64.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4304
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\node-v20.11.1-x64.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,160088455560419626,16584316905987377126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2864
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 6F75DFBB5E959DDE3BD855D13FDFFB51 C
  2⤵
  - Loads dropped DLL
  PID:5184
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding BC895FC36EB830926100A492E9C8E600 C
  2⤵
  - Loads dropped DLL
  PID:5236
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5516
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding A551B17C947653FB66C60ED6B9F5BC7C
  2⤵
  - Loads dropped DLL
  PID:3588
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding D29FDA998A2F277FB35F5AE6CECFC3B0 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:5788
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2C7B7B8025265006D90FBB308799F3C9
  2⤵
  - Loads dropped DLL
  PID:1004

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5608

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\multidiscordtool-main\start.bat" "
1⤵
PID:5820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\multidiscordtool-main\start.bat" "
1⤵
PID:3512
- C:\Program Files\nodejs\node.exe
  node index.js
  2⤵
  - Executes dropped EXE
  PID:3964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.0.1046919818\278090534" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1876 -prefsLen 20750 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b55d35ad-15ab-489b-b853-543ea9fc55cb} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 1960 27dac1d9258 gpu
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.1.244692041\232822309" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20786 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9990a1bd-21ed-4615-b535-3d3d42e68bbe} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 2360 27dac103558 socket
    3⤵
    PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.2.521156003\221244982" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3144 -prefsLen 20869 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f2c4c98-a649-451c-a025-878f2b2d76f0} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 2948 27db02a2458 tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.3.794987805\1763389835" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 2688 -prefsLen 26112 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d42b89dc-6e5a-45f7-887c-59d60738b292} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 3648 27d9852d558 tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.4.1215124033\1047304297" -childID 3 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 26171 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05524172-2c81-49f1-9751-c710aaef2057} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 4092 27db184eb58 tab
    3⤵
    PID:5960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.5.711284108\1554430830" -childID 4 -isForBrowser -prefsHandle 2876 -prefMapHandle 5264 -prefsLen 26250 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5217b63-181f-47b9-866d-76730f1c9138} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 4956 27d9855c158 tab
    3⤵
    PID:3688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.7.953024847\1744014767" -childID 6 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 26250 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0b189b6-3ddb-4b9f-a7b3-36e821eca7d6} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 5492 27db2939858 tab
    3⤵
    PID:692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.6.380213124\442433849" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26250 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac6faa13-a8ac-4db9-8be7-3899ba650024} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 5108 27db2939558 tab
    3⤵
    PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1624.8.932417339\278870221" -childID 7 -isForBrowser -prefsHandle 5928 -prefMapHandle 5540 -prefsLen 26331 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b93ffc09-0114-4793-b16c-78dcfb1704f8} 1624 "\\.\pipe\gecko-crash-server-pipe.1624" 5948 27db0225a58 tab
    3⤵
    PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5829ea.rbs

Filesize
844KB

MD5
afa63c7b0ab43799f0be753a9faf8c8a

SHA1
d59505134cba0bb76406b73309687c0fae54c101

SHA256
2f2607e5a6bdc4d27f613635a410643a37fede0af15f330e18d74fc747a4f0a9

SHA512
f1dbec308686f0fc50b6b19addb40c85a8bd6e86d1975e8fc0df6761957c08e609792db9fa04e80863119091fa16b43e8cecc625c0d604b1aa30e95bc94cbc7a

Download Submit
C:\Program Files\nodejs\node.exe

Filesize
5.5MB

MD5
801f13bdeb80b9b32844a7021c4cdce0

SHA1
fbc432eece04b0cb456719e1d4140dbc767e0627

SHA256
367bfe87519297a1d3e6d928a943652ef0a2dde7ddd094ce1a519f2d562a8dad

SHA512
0666ec358bd49a708def903420691d54b47db2a83d062ee74028d61e0fb82bc14713f3dad71b261f96b4770935e0e54b87c2ac26bb600d41edd50f85afbcf2dd

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@tufjs\models\dist\utils\types.js

Filesize
79B

MD5
24563705cc4bb54fccd88e52bc96c711

SHA1
871fa42907b821246de04785a532297500372fc7

SHA256
ef1f170ad28f2d870a474d2f96ae353d770fff5f20e642cd8f9b6f1d7742df13

SHA512
2ce8d2cf580623358fef5f4f8925d0c9943a657c2503c80048ca789bf16eacdb980bfc8aaaa50101a738e939926fcf2545500484dcad782c700ee206d8c6f9b9

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\cli-columns\node_modules\strip-ansi\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\exponential-backoff\LICENSE

Filesize
11KB

MD5
0ba5044c64ef53cb0189c9546081e228

SHA1
c8bc7df08db9dd3b39c2c2259a163a36cf2f6808

SHA256
49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e

SHA512
a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\ignore-walk\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\ip-regex\license

Filesize
1KB

MD5
b862aeb7e1d01452e0f07403591e5a55

SHA1
b8765be74fea9525d978661759be8c11bab5e60e

SHA256
fcf1a18be2e25ba82acf2c59821b030d8ee764e4e201db6ef3c51900d385515f

SHA512
885369fe9b8cb0af1107ee92b52c6a353da7cf75bc86abb622e2b637c81e9c5ffe36b0ac74e11cfb66a7a126b606fe7a27e91f3f4338954c847ed2280af76a5f

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-sized\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\signal-exit\dist\cjs\package.json

Filesize
28B

MD5
56368b3e2b84dac2c9ed38b5c4329ec2

SHA1
f67c4acef5973c256c47998b20b5165ab7629ed4

SHA256
58b55392b5778941e1e96892a70edc12e2d7bb8541289b237fbddc9926ed51bd

SHA512
d662bff3885118e607079fcbeedb27368589bc0ee89f90b9281723fa08bda65e5a08d9640da188773193c0076ec0a5c92624673a6a961490be163e2553d6f482

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\signal-exit\dist\mjs\package.json

Filesize
26B

MD5
2324363c71f28a5b7e946a38dc2d9293

SHA1
7eda542849fb3a4a7b4ba8a7745887adcade1673

SHA256
1bf0e53fc74b05f1aade7451fbac72f1944b067d4229d96bae7a225519a250e4

SHA512
7437cf8f337d2562a4046246fbfcc5e9949f475a1435e94efbc4b6a55880050077d72692cbc3413e0ccd8f36adf9956a6cc633a2adc85fbff6c4aa2b8edac677

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\node_modules\ansi-regex\index.js

Filesize
360B

MD5
a20c210b6e40f32c74581046a72637fa

SHA1
ff290036409fd67472b634e36afca346db5c2ffc

SHA256
4c603af42ee01f6fa43775a6162f6dbbcca897bc2912d19db2974992190363cf

SHA512
0cd4fbdf682b6e3e735ee390c463ffa9aa5dd22d38ab312a0731676e95bac37dab9f0d638d8f9c1ab6cdafd15f04ea2864c8702e82f18ca70f86dbb03549ce4d

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\node_modules\ansi-regex\package.json

Filesize
896B

MD5
f7fb47cf242d265b2497e3a6ac213617

SHA1
1a09448abf0524c9342c5723b60ba3810af10326

SHA256
a1b5721b315f84a5e2e28f3209eb92831537eb778e9e978502696e6235d71644

SHA512
6118a9b8efa277e46c065a097a4c9f18623ebee5cd6c170015bc40a222e2ffd2e6e72ce2c3c259a79698901a5f04b4b6b1980541e136ac1ecfb08f23513cd2a7

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\node_modules\strip-ansi\index.js

Filesize
158B

MD5
3f03b6fe5c918ae1b49ed36f4581762f

SHA1
1dc3afa3b08728017bdff8105d7424fc8951902f

SHA256
ee7638c432f16042a7c64c40b4bf326e44b7d6d9b7add19806637240c246a6a6

SHA512
b271511f7fd29719d06dbd162ac5259355c682675316aa4c8c513f30f8c390974948a4c02f383a43757c66c2247047f80dc88c2ebf261d9b3dfe0138f1a3c7d7

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\node_modules\strip-ansi\package.json

Filesize
852B

MD5
d59bf9acae68d3368565b2c4302d1c82

SHA1
dc8dd3a6928631b912f6dbb9471b43e9a15117ae

SHA256
dec16b172e99984a3c913a9ec30d854da58467ae1fbde1b43a1d8f9562b80ed8

SHA512
b74620e60f75f889654c57c5a8c3a1a69d003523f78a539085ab521c599e905c0038e958533d6a38643d6ecee3dfed97190e595f1309d775fd41e29487162a5f

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\index.js

Filesize
17KB

MD5
cf8f16c1aa805000c832f879529c070c

SHA1
54cc4d6c9b462ad2de246e28cd80ed030504353d

SHA256
77f404d608e2a98f2a038a8aa91b83f0a6e3b4937e5de35a8dae0c23aa9ee573

SHA512
a786e51af862470ae46ad085d33281e45795c24897e64b2c4b265302fa9cbfa47b262ec188adbc80d51cfc6ba395b500c0d7f5d343ca4fc2b828eaedba4bd29a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\index.js

Filesize
15KB

MD5
9841536310d4e186a474dfa2acf558cd

SHA1
33fabbcc5e1adbe0528243eafd36e5d876aaecaa

SHA256
5b3c0ac6483d83e6c079f9ffd1c7a18e883a9aaeaedb2d65dd9d5f78153476b9

SHA512
b67680a81bb4b62f959ba66476723eb681614925f556689e4d7240af8216a49f0d994c31381bf6a9489151d14ed8e0d0d4d28b66f02f31188059c9b24aaa3783

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
8ffc28655646cd69abee60c0ff8f7626

SHA1
b9b32e3fa1d5d42c60bf4a4035c1bd5fca9cb75c

SHA256
490ca1df20d922f35de50f301279b0b55f3096cf54cbc58c4954297db056aae8

SHA512
295f8b9c2dea878e260ba98402aee8dffe180213b3edf06de12297571843c959b1f582e38769b8b066ef1a1fc1cf4af3a70bced1dac20c755fd5a5509a6bc5c0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

Filesize
727B

MD5
37321859f3d847607cdcd6d7f5de9f9e

SHA1
cddfb60f3397fb0d5b029ab1642412a8e806c9f5

SHA256
cd6df62654a99c05b005ee4dc944d8728703fc0173910e042d7b571074f308a2

SHA512
dc1e91600ed24ee9c9af98a713e6e2e952205189b31508b44113020732428991ffded8d17258e6e432e32946d23d8a3cabb36f7f30cf7bfb7047fcfe700ee242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

Filesize
404B

MD5
f41ce9e44c6bf38e583b63fee71a9adc

SHA1
ad5601e9046ca87a63f0d3e31d1113be7cbef543

SHA256
fd29e0916e7f4da51df620ac0fdc186df23dc9e09ce1d475889743d0822f09e3

SHA512
877d9b85f67f2217cc334c5cf7adb0205fabf4544fd91110406ef9de4ca9acb24d65c683c143f5af651b14589002957bc2a34524f5dcb95faa40b6e85e33cc15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
beafb5ed84d48772d8a1e349b6bbe5ad

SHA1
02ea9541ba688e005470dd2ce368f44ed1cd48fa

SHA256
70d7cdb65ce68079524a8ea723fa48b2ceb6dfc4c41b9eb74f7100b9c719ff27

SHA512
590fd679944737df4edb907f61188929359fad795ffb76a17583cee50a951142ea4d71c798b80958f340a4f2fde0e9c7717471b323328dc9f4c0b399da5b1457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
71bbd2806a09cee4d50c5f2924abb084

SHA1
51bb34b6fc42352ff2e2541e2e9258fcc401ba22

SHA256
7c7fce2d323b42aa13a6e4a13f35ac2f4428134b2a7d60777562a23a59937188

SHA512
47eb85f6cc8010748fde76413074e631010dbed1c8b714e103e8c6abdda20b3dd4af2d544876330e13417d66cf1f0fb6118f12c12ad1e789e405a31b55c4a38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
315fc53e20340cc0da3e38946c55597d

SHA1
1730a78373a7b19ce3b570897829253fe34e16f1

SHA256
524e68feb295ea753eab60a43b86767a092f34e151bfb7a8fb613deb70e8a549

SHA512
68ef950826cc892320ea977a1d65909082be0ba13d687005fb3f0cdfe3ed3e09b7b2c9e314bb7f79d7d7bd98c587a59a0d98e8132038714a665ca545b8fe33de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9414876eb96150ae712ce4711fac7762

SHA1
04f4f1c903c7c567025e034f8b72fdc4e0e82bc4

SHA256
7d5348cd86483ed20bfdad8b2c329cebf77f11beb0e0ced352bdf80db8ef6b71

SHA512
62c94f003e0f706f70b5f747e859690cdd2514e0e0b22a1f9f5eb03c25a6cc215bad6ef7d6d6045cbcf5d787bcf6a2cbfe352b190a75b5059e470bb340781186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d9316d87b2467628d9f395086c39552d

SHA1
09bf39d733adbe44896149c55562598e19a83cea

SHA256
75b59377695b8cb4ace29d772d07cd719e43e954519dc26031abd9922b070cc2

SHA512
d056b434d77a736b3ceb8b43f90f29e7e5e3bd7250db20f78dcd651d54bacb8d2f5be3da2295a1b91e1dc1f9d826c6a239bd748abd1957bcd02c277b8751fdca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a57929bd360b32d05fc0f7e035732c9

SHA1
5ceb879ff838e43b75c1f8a474770cd92afa4809

SHA256
b53659f22421ab94daad53a1454e9c09aeb010f189c35db4bf1e709b538aff88

SHA512
55bba9868a6c8e5aa549f74c822a48542cf459f71eacd8a3a70d255197f2e21415152b260b04157fb3291dc9be4d57458689152a1f5d1ae48cde18bfc9b75a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a6bbba3a516f0931cff6b9b49b04164

SHA1
70161ec39e4b6261600ea30c6b2bee3522c61f01

SHA256
6d88b310346d7df4a3f5fa9f9fb30a2bc7554b395c2499e9ff9d47c389172990

SHA512
1abcfb36fc88d303b476b4188ad3af081e59423e684554ad060ee3e6571f3cbd0fd61a94f5a58da9373193bc40ec04366c1d4fcdc2c918a24c1d90f628dfd2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e3728893edc1c2e503defb0aedf7024

SHA1
f0937465d675237d211e70ad9bba9fc53560a45b

SHA256
23ee553fb0a6f0ee81b77049cbfbe7f67f8aab5e66e5ef7ad62072c2b5c49c14

SHA512
f2d9adee9b0d6f9716db1f3bf7311e960885332b6b72def6e5fba3121369034339180a67b395d47b81c217affbdb7e9828ae87d585b1e5e62e8ee9d424a5bf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f05b93a25b43fc006148564188b2ba66

SHA1
d2d403087af3227c9f924b174289e0644d1baeb6

SHA256
51f764edee61fd91cdfd6b7131695b6411e52bb62052f62cb4f8c6f573362d79

SHA512
23ec13a5fc32e8280f2db9c2ab5506e6c8adea583fcad4e19b4546f6088dc08973106e77d2f5041b699c33111c903da3052ca9e2ce5df6468261c1e600f49225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f50a0648365023ed70b76c85f135d804

SHA1
cba03562a41fa6863de1776a8aa22defc97a0008

SHA256
b0d8b7216577f149512cdbf51cab9abc8efdfbcae7893f856ed7f6789703fff8

SHA512
7aa133df0c29994361b5309d171d5032f994e384f917f0102e08860f43c3dc6a16b146f2c74ffce57d3b961971434a06cbc1dc30c67bb2b8a2ffd59c58452ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57adc4.TMP

Filesize
1KB

MD5
ffbd270d2ff5e0fe3f9d1227852c236a

SHA1
7e0852733fdf17235179018c234eb56a002cf16e

SHA256
8683747c342918972439b166efc810eacc476499592c84ab2067068bd3f1d1b9

SHA512
ef9f5d83bf8c88361b7fbd93859cbc06429eab288b620bd2532e15c13deaa98848eaa760ace484fe02938c75bcdda92e549ad630dc5b52749e9e6ce24b50acad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f43abbb9570e4014440f5b0050592323

SHA1
ff67b0d4eeb3713fdce020dc38f29fe42844d7ac

SHA256
0a008836617987134cf8453cc68d93183b2b843fbe9cf99491822ab0061acf37

SHA512
992fdcbd4a8de7342f7dbe96cd1e8cc8836cfe4f717c7cdcad97972bfacbab171895ac2cbf2c66072041d0fd393d515fe1048de3d15d6cb9b1b25056bd18a2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb25d30086ff776216c17011d6f5df7c

SHA1
40b504ebdf4de261a1e0b4000b2b3f30f7d4f2d8

SHA256
5ec87123c7a18558935efa5ff2b9f6aed46fe0748674cd97a173073d0827e48b

SHA512
a0090061aa37f231348747c6c7a7627e6f8fc5448ff8abe8803e8f07d94977e906f9f89c0675e8fb0ac9a0df1c3c46bf051d3d5183ccd6575eba771ab5472ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
90bc882e28e63b04b83ae0b971cf9d7c

SHA1
6191d62122a8d8be9ad3e12669fa184bf89e47fc

SHA256
09899482c15eded85c0e93014e1cf7cd0577c43809fd7b6dc8e4a51a8ff6c0ae

SHA512
c4fd63b4019e390521537e00bf048f12e06a6814dcd953ecc4afeb5cb79ade06197c1b74415df650f3475fa28772170c0c7c338d4b5b35e36cf5b49a8ddde3f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC553.tmp

Filesize
125KB

MD5
688822a69ee8f8e24181504edb51aa47

SHA1
ceb32e307a5b7e73ab739f659ecf193ac035a6d1

SHA256
de921f3c5c5e50a362cf6df681bfe72d166968a212d4d73a20e346161d5151d8

SHA512
d936a4323b5738b3d40a402c0e2718e3f65e538f164bd7440bef6bca1666de48d41b6ef954e68396e8cacb79c54f2acf318b5edcaea92a7f8a9a110fc6813a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC777.tmp

Filesize
390KB

MD5
80bebea11fbe87108b08762a1bbff2cd

SHA1
a7ec111a792fd9a870841be430d130a545613782

SHA256
facf518f88cd67afd959c99c3ba233f78a4fbfe7fd3565489da74a585b55e9d1

SHA512
a760debb2084d801b6381a0e1dcef66080df03a768cc577b20b8472be87ad8477d59c331159555de10182d87340aa68fe1f3f5d0212048fd7692d85f4da656f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.4MB

MD5
cba5c231684a0b2ec42d86a637438e51

SHA1
e9574fd53e9056b08ecdb83117137a56cf1caf91

SHA256
4fefc3ffab7a482ea444cffd57dfde2385354e3e48485a013e3e49da7f1e6546

SHA512
97851524d508604d63d6f493d3e70c5edc0fc5dbed1e95397806a08ccc1b05c1508b88185fcb7b18c4338efc7976ec3e4657d707a3c99bf97babf7a90be5c077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2d9646b5032cbfb5c89a1b33a5328dbb

SHA1
82c945b96affbc9affbd5bac8158baec3560c983

SHA256
e0e26bbb3da4c6cddad05342f98f6c38981953d4411f6814c9bbdd88c6213a8d

SHA512
8fd32e5fd2b62aff42c533d5ffa7a6dff921ae774c9259c9c6815de1fcd7df0ab5453fefdd391769ad7b3a60fc4bda86fd334cca577e2a075817d2637171edb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\datareporting\glean\pending_pings\02d6587c-1c97-424d-a079-cd990fd0d081

Filesize
746B

MD5
c53d9c3d1e46a0f22b814b1fe44dda6a

SHA1
ed73642484db6ed7d1f374fe13b7923b7726f529

SHA256
e9e2ec0e51d5685c075ab1b4a62400ec95edf77f5558d63ecd05cde5d4d261f3

SHA512
a19a5c8e25f2b868c610c4e7a4831ca06b0794e4db9011e7643addbf08fb0320d414c81e66c33a24663c769a61d7d8ad35f0e7d0523ac1cbf29cd26c72a862a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\datareporting\glean\pending_pings\c1d31834-d040-4cb5-848d-01d868a9b2df

Filesize
11KB

MD5
b19f205dbc49b999ead0e7ef4c63e1ac

SHA1
949c51cf427223abe35b1331c2e35b986f329ef0

SHA256
7820aa9a21d13f8f8a600478729275a04599fb17b7f2af5237f0af8ed95b6445

SHA512
31da21fa8267a8b098b9afaf7b554647ad445f8f2986a73ba3a3f3bd26cb6aea43ea06a463075170aca8c2171eb406ef0e2552d9e96b5954e9303c4be1fccc9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
5.0MB

MD5
27546584a0c561bb17fb7e55f98aac2b

SHA1
4f63a96fb1bb208ad8e490efd495cbe8d4e38420

SHA256
a4570d4d5f243407c528c62fdd852b8e3dea8824fe8e3b064e1a0dd700d5dfed

SHA512
998a961b8cb3483556a7fefac4e4cd3b7894f281d0f9885e35d5108d0b8d42024ea4964a3e70909089db33ea7709c4b9a8424edcdf89c98a1818d6eeabe1805b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\prefs-1.js

Filesize
6KB

MD5
269569c71dbc77a063fbfc0895cf1107

SHA1
fd28bfb9d1ca13662c64b54e91e47a5d2a784268

SHA256
731c7d0e5ed61160f6ebd24c49191c2cc1710979d1408f351f2ddccdf05019fd

SHA512
145ab2822ecd6e5068c18d60412ca0e38c6dd50a5b2ef7f48f22bba6b5d8642e0b6511205007f4a65dfc02a30b6fb29e175094fa6da8729b44d712838790db9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\prefs-1.js

Filesize
6KB

MD5
b68b88e16e454a3c4677e9fdec6eb10a

SHA1
5d17715fe309cb1db96f683f87940dcf17bc3114

SHA256
07d6cdb14e6064c9f033371da7e923eea36fc8a412a43ca7da8f6f0954200ec3

SHA512
68ed2fc57b611ea36a9d7bd0ba8cad8df05404d3848cb42d86ed3412fe4e2c6dfc00f5f4a8b792eb48b946c4a8c5852aba283e5e84b6254d104a7331297b68c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\prefs-1.js

Filesize
6KB

MD5
fe229d2f040103bed11f1f9ae41ff269

SHA1
e96c1a68b78025b6454535d8786055deee9c9f1b

SHA256
9eaf2eeb00cf91350bc4161e561f23039c49afce7a980bbbcec7715a4c83cc9f

SHA512
a78a35697aadfa7584dc0dd3f290f9823210952e578a4512fe019f913f028d2d540d0425bb581cf21ec1b9bf11ccea2d9d58adff80046b1f92c2259e3d343a3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\prefs-1.js

Filesize
6KB

MD5
8ab5aa30d40c5794b39d5ceb8e25c42a

SHA1
b6133e255a8b6d8f508dcd380c9b179f47f48106

SHA256
95697e5de340ca8f1906fa581919076ec916018f3bbfc72ef6fac5626ca69084

SHA512
6ce54d6d4ae0906daa98e97411b5096e8cf94dc03af0a7a9b7a01d51654919008e5786715d195943f0e35fbc2cae06e8a1098da668916ce1768bba09cea83fcc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\prefs.js

Filesize
6KB

MD5
5d55d33d1c7e4be5e186f0101ff0d6b2

SHA1
410e5ead168ec1f622df3fa539721898417ad02a

SHA256
f30e9c2c778f10c08c33796b4e15571c681833e2e307d83fed17965ba3ce063a

SHA512
513fe67f6e999f5b776750523b640ae8ffb7d33b14b12954e1773627210918a3095800d69c3096a9162d4b7af6102b79189942774b2de3dea46011b551affca0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
21fa0812f21bdd46aa4f39024f972b07

SHA1
76b3234b02a7d2995f66704a1555f454a330db1e

SHA256
befbf218293e16980990579855b980a6b7e5c7c6edf1da75776fda1cbd47cc1c

SHA512
4f0e892bf3d54a9ff3be0a8a22d992023320085a163102e0228ab3e4b43dabafa6e5416edb0f3c031103fb21264bb074856a453878db3cceee2cb45b4abe336a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5eeecac0d76de4008b8942e3bcb49c9e

SHA1
6bb308495ba0004d991a1de42481a3b678e45262

SHA256
386b3af90a6cdf04f8b08f76cb2bcdb4798a4dbbc26a5614511b9d7caa335f03

SHA512
2f6085b3e6e37e0147d4c2facca67e50741019cb585e3dcab8021793e74a101e3a300600f883c87272ec72947adf31a8e693a4fdb0f8f75a6cdaa6c34dfb8cbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\viagl6cs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
84dfb9e40cbdfb172a8f8eb473476b84

SHA1
e4df0ac84f5bdd542076590f6f48ef0f81b90e64

SHA256
26f3ea873ead08c5a9d4c878e5f07c20e968e9b39c726c1a4b089c364989a6a1

SHA512
19d86a59683b85539bdd217d7bdc8464297f17e1678fd9ce7e3264dacd236f54af92354f055b9a9cca34b4a7e24daa183f26b93abde99b6e9b597752546a2fcc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 142227.crdownload

Filesize
8.5MB

MD5
10b7923f77c7cadbdd4377bd1fd995ca

SHA1
8003aa7426494a4a1118c13ec8943262708383d1

SHA256
b0ad421539aed12f3a163897b93deee1c18863f9740c7e57032c1e7645642429

SHA512
00d7818992fb68c79599ae6384fd727845a0abf82643de8ed62c7e56797b5be5259a5f1b17ee3920ead4d3b53a140fab9f25cf128d426da34a0b4240bfb36f68

Download Submit
C:\Users\Admin\Downloads\multidiscordtool-main.zip

Filesize
15KB

MD5
99023f7409a5f2200ee50b035d9aeb77

SHA1
a1e1b3875ca50142d07bf1ed9a173c92404995a2

SHA256
5cc51aa7ca3da5f04c5d1f63aa99e94a0606775bbec3a23fdc1b398be33da769

SHA512
96af942644c0b67ce4a311a19e537049db1edb9a79f377e06830b331f732366cce5d0056d8a76ede737416f575005fc1a543254218b3ed70ddeef47c3f198eb5

Download Submit
C:\Users\Admin\Downloads\node-v20.11.1-x64.msi

Filesize
10.9MB

MD5
2cfc89e88bf8078cab0c8bbd7b00712c

SHA1
246ec6289832e33db9cb2960b1df862b6c6818c1

SHA256
40afcb909e513774aa86a5f4266f3741bf50092b97cc858381296ede39fb475d

SHA512
75c59ea1fbcc21e02cd76645346ad53624fdd9faf56b46d5ccb58d7ff991d241de3bd2328b27df20aa7487aef34cd1f3c653640bf70b2c8aad1bf31a1d89b0eb

Download Submit
C:\Windows\Installer\MSIA4EB.tmp

Filesize
341KB

MD5
74528af81c94087506cebcf38eeab4bc

SHA1
20c0ddfa620f9778e9053bd721d8f51c330b5202

SHA256
2650b77afbbc1faacc91e20a08a89fc2756b9db702a8689d3cc92aa163919b34

SHA512
9ce76594f64ea5969fff3becf3ca239b41fc6295bb3abf8e95f04f4209bb5ccddd09c76f69e1d3986a9fe16b4f0628e4a5c51e2d2edf3c60205758c40da04dae

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
eabfc154f23c309c6a4b9665cc093e77

SHA1
99cbd5f17fbcf79282906ecd01c623035d1f8c51

SHA256
331d5a07e83de011980b62604216f4923d8003494cefd80abb285c99bcd581cf

SHA512
b1f42f70fc51d7cfb6dd1b331405cd201b2e73f5d116871510e802f08c0f7b3aa07b7ba0b376c89225a67a3a99a9c41b62fb5fd17445df9521dcf9154802e71c

Download Submit
\??\Volume{2c6b7aeb-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{49a0e801-d18e-412b-901b-1add4cf98267}_OnDiskSnapshotProp

Filesize
6KB

MD5
4bf02312a03c131e27ba41ff59d79548

SHA1
c1d0e0e9eb65e404eec5d6ec99d126b6d5133f04

SHA256
c6cb0e081e8856a156161b23f0e9c8d2fd2e13614a6d1e3c8665fdff02118aee

SHA512
595a601d77506237c86c1cd138336320057c739e586c06947ec389b53b14ff2e33f58fd936230de6215fa5afe43dae2daad463a243bf33c193eff2b0d5c511bc

Download Submit