4384080acf3ca56e86f046ed1848610b0fb496ce0e8e98560954497fc946ea6a

Analysis

max time kernel
860s
max time network
1021s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19/04/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pexels-ahmed-adly-1270184.jpg
Size

775KB
MD5

ea4d214b6d466d9a08ae20ba2c74d0be
SHA1

c385d1ba44f56f072e9e676131de78e929b732bf
SHA256

4384080acf3ca56e86f046ed1848610b0fb496ce0e8e98560954497fc946ea6a
SHA512

c42bbfec09ceac884a221e53ec72e9059f52b8bcf1dc73f67c9aceb103a7c6b360bd90ad8908047c67d132228ae9cea64a82346ca6f7ed91347dddbc84e206d0
SSDEEP

12288:qiH5ywcxn/0h643fvsy+uPZ+MiozEe9MaQtn4s+bbh3+QYtkI:qS5aOv9+uEMio99Mh6VhpYiI

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 12 IoCs

description	ioc	Process
File created	C:\Windows\system32\DRIVERS\SETDA68.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SETDBE0.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxUSBMon.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SETE5B5.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SETE9CD.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SETE9CD.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxNetLwf.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SETDA68.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxSup.sys	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\SETDBE0.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SETE5B5.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys	MsiExec.exe

Executes dropped EXE 10 IoCs

pid	Process
872	VirtualBox-7.0.16-162802-Win.exe
1256	VirtualBox.exe
6024	VBoxSVC.exe
5116	VBoxSDS.exe
5292	VirtualBox.exe
5180	VBoxSVC.exe
3624	VirtualBox.exe
5680	VirtualBox.exe
1804	VBoxSVC.exe
4776	sys3.exe

Loads dropped DLL 64 IoCs

pid	Process
1668	MsiExec.exe
1668	MsiExec.exe
1668	MsiExec.exe
1668	MsiExec.exe
1668	MsiExec.exe
1668	MsiExec.exe
4232	MsiExec.exe
4232	MsiExec.exe
4232	MsiExec.exe
4232	MsiExec.exe
3812	MsiExec.exe
4232	MsiExec.exe
4232	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
1736	MsiExec.exe
4232	MsiExec.exe
4232	MsiExec.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
1256	VirtualBox.exe
6024	VBoxSVC.exe
6024	VBoxSVC.exe
5116	VBoxSDS.exe
5116	VBoxSDS.exe
6024	VBoxSVC.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5292	VirtualBox.exe
5180	VBoxSVC.exe
5180	VBoxSVC.exe
5180	VBoxSVC.exe
5292	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe

Registers COM server for autorun 1 TTPs 19 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSVC.exe\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}\LocalServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxProxyStub.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxSDS.exe\""	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32\ = "C:\\Program Files\\Oracle\\VirtualBox\\VBoxC.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32\ThreadingModel = "Free"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\InprocServer32	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\X:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\Y:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\R:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\K:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\P:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\H:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\J:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\W:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\Z:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\N:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\O:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\L:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\M:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\U:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\Q:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	VirtualBox-7.0.16-162802-Win.exe
File opened (read-only)	\??\T:	VirtualBox-7.0.16-162802-Win.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
284	camo.githubusercontent.com
310	raw.githubusercontent.com
312	raw.githubusercontent.com
313	raw.githubusercontent.com
314	raw.githubusercontent.com
266	camo.githubusercontent.com
275	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	[email protected]
File opened for modification	\??\PHYSICALDRIVE0	sys3.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\SETE4DA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_50e0206614e8393f\VBoxNetAdp6.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF	MsiExec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_72f156a5ee3f59e8\netrass.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxUSBMon_9C89CB0C12E03C10C5E519920A9889B3DF24FD0E\VBoxUSBMon.sys	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxUSBMon_9C89CB0C12E03C10C5E519920A9889B3DF24FD0E\VBoxUSBMon.cat	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\VBoxUSB.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_10acfa4b924dd181\netnb.PNF	MsiExec.exe
File opened for modification	C:\Windows\system32\DRVSTORE\VBoxSup_9234ADAB429A567BD7BDDF3E990472199AEE9F61\VBoxSup.inf	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\VBoxNetLwf.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_07c66270d65d7517\VBoxNetLwf.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\SETDCAA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_50e0206614e8393f\VBoxNetAdp6.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\VBoxUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_05ebf62074d05277\VBoxUSB.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\SETE4D9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_50e0206614e8393f\VBoxNetAdp6.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\SETE8F1.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_bc519c177a90877a\c_netservice.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\SETDCBB.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\VBoxNetAdp6.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\SETDCAA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_05ebf62074d05277\VBoxUSB.PNF	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\SETE4DA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\SETE8EF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\SETE8F0.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\SETE8F1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\VBoxUSB.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\SETE4D8.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\SETE8F0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_07c66270d65d7517\VBoxNetLwf.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\SETDCBB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}	DrvInst.exe
File created	C:\Windows\system32\DRVSTORE\VBoxSup_9234ADAB429A567BD7BDDF3E990472199AEE9F61\VBoxSup.sys	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\VBoxNetAdp6.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}	DrvInst.exe
File opened for modification	C:\Windows\system32\DRVSTORE	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\VBoxNetAdp6.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxUSBMon_9C89CB0C12E03C10C5E519920A9889B3DF24FD0E\VBoxUSBMon.inf	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\SETDCBC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\VBoxNetLwf.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\VBoxNetLwf.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_56c163d21e8c2b62\netserv.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxSup_9234ADAB429A567BD7BDDF3E990472199AEE9F61\VBoxSup.inf	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_05ebf62074d05277\VBoxUSB.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\SETE4D9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{fdc5525e-ce82-1d4a-b011-be070a0e090d}\SETDCBC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\SETE4D8.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_8074ac14f1ab2957\netpacer.PNF	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\VBoxSup_9234ADAB429A567BD7BDDF3E990472199AEE9F61\VBoxSup.cat	MsiExec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_0525128a3d54207e\netnwifi.PNF	MsiExec.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\VirtualBox\VBoxSDS.log	VBoxSDS.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\SETE8EF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_07c66270d65d7517\VBoxNetLwf.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_882899f2b1006416\netvwififlt.PNF	MsiExec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_it.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_fr.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ubuntu_preseed.cfg	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxBalloonCtrl.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDTrace.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.cat	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_en.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_en.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_cid_install.cmd	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5SqlVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_pl.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_CN.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_ja.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UICommon.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.sys	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_el.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\win_postinstall.cmd	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDD.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.cat	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VirtualBox_70px.png	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ru.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ol9_ks.cfg	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UserManual.qhc	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxAuthSimple.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxWebSrv.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat_postinstall.sh	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel4_ks.cfg	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\x86\VBoxClient-x86.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxRes.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxGuestAdditions.iso	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_id.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_cs.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_pt_BR.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\Qt5WinExtrasVBox.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxAutostartSvc.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fr.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_da.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\sqldrivers\qsqlite.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapisetup.py	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxDbg.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxExtPackHelperApp.exe	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\lgw_postinstall.sh	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_th.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_de.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_nl.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\License_en_US.rtf	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\VBoxCAPI.dll	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.sys	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_it.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\nls\qt_zh_CN.qm	msiexec.exe
File created	C:\Program Files\Oracle\VirtualBox\sdk\install\vboxapi\__init__.py	msiexec.exe

Drops file in Windows directory 48 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIC992.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MsiExec.exe
File created	C:\Windows\Installer\e59c5c9.msi	msiexec.exe
File created	C:\Windows\INF\oem1.PNF	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSIEBEF.tmp	msiexec.exe
File created	C:\Windows\Installer\e59c5c7.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC9B3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICA02.tmp	msiexec.exe
File created	C:\Windows\INF\oem2.PNF	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSIEAC4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEBCF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e59c5c7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC9A2.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID188.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\{ED04AD5D-C4A4-4112-A6FC-7DA557F358D1}\IconVirtualBox	msiexec.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{ED04AD5D-C4A4-4112-A6FC-7DA557F358D1}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICCA4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID129.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIE8BF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC932.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0B472934D1639533.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDB5E.tmp	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIE4B6.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIE8AF.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7A22456201DBEF82.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1B88E8F846ECF982.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICC45.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDA05.tmp	msiexec.exe
File created	C:\Windows\Installer\{ED04AD5D-C4A4-4112-A6FC-7DA557F358D1}\IconVirtualBox	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem3.PNF	MsiExec.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIDC1A.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\INF\oem0.PNF	MsiExec.exe
File created	C:\Windows\INF\oem5.PNF	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSIC981.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\SystemTemp\~DFE670366275D9A06E.TMP	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	MsiExec.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	MsiExec.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "244"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MsiExec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28935887-782B-4C94-8410-CE557B9CFE44}\NumMethods	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50CE4B51-0FF7-46B7-A138-3C6E5AC946B4}\ = "IGuestDnDTarget"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D947ADF5-4022-DC80-5535-6FB116815604}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{21637B0E-34B8-42D3-ACFB-7E96DAF77C22}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{327E3C00-EE61-462F-AED3-0DFF6CBF9904}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1474bb3a-f096-4cd7-a857-8d8e3cea7331}	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE37AFB5-7002-4786-A5C4-A9C29E1CCE75}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{01ADB2D6-AEDF-461C-BE2C-99E91BDAD8A1}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{6AC83D89-6EE7-4E33-8AE6-B257B2E81BE8}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4B1B5F4-8CDF-4923-9EF6-B92476A84109}\NumMethods	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D88F2A5A-47C7-4A3F-AAE1-1B516817DB41}\NumMethods\ = "11"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{c365fb7b-4430-499f-92c8-8bed814a567a}	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2405F0E5-6588-40A3-9B0A-68C05BA52C4B}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{45587218-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AD47AD09-787B-44AB-B343-A082A3F2DFB1}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5ABC823-04D0-4DB6-8D66-DC2F033120E1}\NumMethods\ = "13"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\progId_VirtualBox.Shell.vhd\ = "Virtual Hard Disk"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5155BFD3-7BA7-45A8-B26D-C91AE3754E37}\ProxyStubClsid32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{f05d7e60-1bcf-4218-9807-04e036cc70f1}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{334DF94A-7556-4CBC-8C04-043096B02D82}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{327E3C00-EE61-462F-AED3-0DFF6CBF9904}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DC83C2C-81A9-4005-9D52-FC45A78BF3F5}\TypeLib\Version = "1.3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9128800F-762E-4120-871C-A2014234A607}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E8C25D4D-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}\NumMethods	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\ = "VirtualBox Class"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{4680B2DE-8690-11E9-B83D-5719E53CF1DE}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DA2DEC7-71B2-4817-9A64-4ED12C17388E}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4fdebbf0-be30-49c0-b315-e9749e1bded1}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39b4e759-1ec0-4c0f-857f-fbe2a737a256}	VirtualBox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00F4A8DC-0002-4B81-0077-1DCB004571BA}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{AAC6C7CB-A371-4C58-AB51-0616896B2F2C}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{AD47AD09-787B-44AB-B343-A082A3F2DFB1}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\VirtualBox.VirtualBox\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CA9E537-5A1D-43F1-6F27-6A0DB298A9A8}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DC83C2C-81A9-4005-9D52-FC45A78BF3F5}\NumMethods\ = "26"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}\NumMethods	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{431685DA-3618-4EBC-B038-833BA829B4B2}\TypeLib	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{c39ef4d6-7532-45e8-96da-eb5986ae76e4}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{232E9151-AE84-4B8E-B0F3-5C20C35CAAC9}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABEF51AE-1493-49F4-AA03-EFAF106BF086}\ = "IUpdateAgentSettingsChangedEvent"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{714A3EEF-799A-4489-86CD-FE8E45B2FF8E}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\progId_VirtualBox.Shell.vhd\DefaultIcon	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{9128800F-762E-4120-871C-A2014234A607}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{CAC21692-7997-4595-A731-3A509DB604E5}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\progId_VirtualBox.Shell.vmdk\DefaultIcon\ = "\"C:\\Program Files\\Oracle\\VirtualBox\\VBoxRes.dll\",-304"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{714A3EEF-799A-4489-86CD-FE8E45B2FF8E}\NumMethods	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{334DF94A-7556-4CBC-8C04-043096B02D82}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83795A4C-FCE1-11EA-8A17-636028AE0BE2}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA05E40C-CB31-423B-B3B7-A5B19300F40C}\NumMethods\ = "26"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{EE206A6E-7FF8-4A84-BD34-0C651E118BB5}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{d7b98d2b-30e8-447e-99cb-e31becae6ae4}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F529A14-ACE3-407C-9C49-066E8E8027F0}\ProxyStubClsid32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{91F33D6F-E621-4F70-A77E-15F0E3C714D5}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A06FD66A-3188-4C8C-8756-1395E8CB691C}\NumMethods	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08E25756-08A2-41AF-A05F-D7C661ABAEBE}\NumMethods\ = "30"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{DAAF9016-1F04-4191-AA2F-1FAC9646AE4C}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FA43579A-2272-47C4-A443-9713F19A902F}\TypeLib\Version = "1.3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7c5e945f-2354-4267-883f-2f417d216519}	VirtualBox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88394258-7006-40D4-B339-472EE3801844}\ProxyStubClsid32	VirtualBox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{3890B2C8-604D-11E9-92D3-53CB473DB9FB}	msiexec.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\sys3.exe\:Zone.Identifier:$DATA	[email protected]
File created	C:\Users\Admin\Downloads\VirtualBox-7.0.16-162802-Win.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\PowerPoint.zip:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
1256	VirtualBox.exe
5292	VirtualBox.exe
3624	VirtualBox.exe
5680	VirtualBox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4440	msiexec.exe
4440	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3624	VirtualBox.exe
5292	VirtualBox.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeDebugPrivilege	1700	firefox.exe
Token: SeShutdownPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeIncreaseQuotaPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSecurityPrivilege	4440	msiexec.exe
Token: SeCreateTokenPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeAssignPrimaryTokenPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeLockMemoryPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeIncreaseQuotaPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeMachineAccountPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeTcbPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSecurityPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeTakeOwnershipPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeLoadDriverPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSystemProfilePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSystemtimePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeProfSingleProcessPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeIncBasePriorityPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeCreatePagefilePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeCreatePermanentPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeBackupPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeRestorePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeShutdownPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeDebugPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeAuditPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSystemEnvironmentPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeChangeNotifyPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeRemoteShutdownPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeUndockPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSyncAgentPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeEnableDelegationPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeManageVolumePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeImpersonatePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeCreateGlobalPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeCreateTokenPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeAssignPrimaryTokenPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeLockMemoryPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeIncreaseQuotaPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeMachineAccountPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeTcbPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSecurityPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeTakeOwnershipPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeLoadDriverPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSystemProfilePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSystemtimePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeProfSingleProcessPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeIncBasePriorityPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeCreatePagefilePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeCreatePermanentPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeBackupPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeRestorePrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeShutdownPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeDebugPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeAuditPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSystemEnvironmentPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeChangeNotifyPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeRemoteShutdownPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeUndockPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeSyncAgentPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeEnableDelegationPrivilege	872	VirtualBox-7.0.16-162802-Win.exe
Token: SeManageVolumePrivilege	872	VirtualBox-7.0.16-162802-Win.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
872	VirtualBox-7.0.16-162802-Win.exe
872	VirtualBox-7.0.16-162802-Win.exe
1700	firefox.exe
1700	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe
5440	firefox.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
1256	VirtualBox.exe
5292	VirtualBox.exe
3624	VirtualBox.exe
5680	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
3624	VirtualBox.exe
5324	MiniSearchHost.exe
1700	firefox.exe
1700	firefox.exe
1700	firefox.exe
3916	LogonUI.exe
3916	LogonUI.exe
5440	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4228 wrote to memory of 1700	4228	firefox.exe	85
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 4776 wrote to memory of 2920	4776	firefox.exe	87
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88
PID 1700 wrote to memory of 1576	1700	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\pexels-ahmed-adly-1270184.jpg
1⤵
PID:2132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.0.528574621\1638467589" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1736 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {876a8ad6-e30a-4b10-bfc1-2c34490a43df} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 1832 266fd423158 gpu
    3⤵
    PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.1.898557859\1593948517" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098a90a1-2637-4dca-88f3-0470a868ce22} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 2356 266e9086258 socket
    3⤵
    PID:804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.2.1082948092\91300839" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2744 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd02565-94b9-45c5-a4d3-0dba29df2f9f} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3176 26682836e58 tab
    3⤵
    PID:1844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.3.551457840\1102948966" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e0ee23-3b38-44b5-b0bd-d95498fc9485} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3628 26685cb8258 tab
    3⤵
    PID:3292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.4.1206708206\699460670" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5184 -prefsLen 27693 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53fd7ec6-5d6f-4e49-b399-62e4c8454103} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 2948 26687763258 tab
    3⤵
    PID:1148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.5.1240455358\690151147" -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27693 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1350280-ae56-4df8-9cfb-0e0c31bb0631} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5384 266891e7e58 tab
    3⤵
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.6.1857861020\1099713511" -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27693 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e932694-fc47-45b0-ab53-861e1819fca3} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5668 266891e8158 tab
    3⤵
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.7.362339378\238246482" -childID 6 -isForBrowser -prefsHandle 5804 -prefMapHandle 5948 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1e117ab-9b30-4f66-9947-0a2d6dc681c3} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5972 2668a053a58 tab
    3⤵
    PID:2296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.8.510358609\1298070773" -childID 7 -isForBrowser -prefsHandle 6124 -prefMapHandle 2724 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e38932b-8e54-41dc-8bd2-232cdb673b67} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5852 26689ec6258 tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.9.987773084\1265663256" -childID 8 -isForBrowser -prefsHandle 5844 -prefMapHandle 5580 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d8cbb69-cecc-4c1a-adf6-d53f678fe0cc} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5596 26687dccd58 tab
    3⤵
    PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.10.750667752\675948312" -childID 9 -isForBrowser -prefsHandle 5700 -prefMapHandle 5752 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dccd74b-1f8f-4291-a0d3-9e439e7110ab} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 5572 26685983758 tab
    3⤵
    PID:2784
- - C:\Users\Admin\Downloads\VirtualBox-7.0.16-162802-Win.exe
    "C:\Users\Admin\Downloads\VirtualBox-7.0.16-162802-Win.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:872
  - - C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
      "C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      Suspicious behavior: AddClipboardFormatListener
      Suspicious use of SetWindowsHookEx
      PID:1256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.11.1438081640\361341026" -childID 10 -isForBrowser -prefsHandle 3996 -prefMapHandle 5804 -prefsLen 31413 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9da43fa-b5b1-4dac-8e01-1a3ddbd647cf} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 7256 26687449b58 tab
    3⤵
    PID:568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.12.1183669230\89970155" -parentBuildID 20230214051806 -prefsHandle 7140 -prefMapHandle 7408 -prefsLen 31413 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4bcb1f9-4595-4ada-89e1-3db6d3e6f087} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 3496 2668afd1658 rdd
    3⤵
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.13.414492406\1177344319" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5000 -prefMapHandle 4136 -prefsLen 31413 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24c848c1-7330-4a35-a905-4e215a03d5ba} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 10928 2668afcfe58 utility
    3⤵
    PID:6096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.14.1488537318\987300013" -childID 11 -isForBrowser -prefsHandle 10820 -prefMapHandle 11380 -prefsLen 31413 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b292154-996e-4c13-9595-1cc0c176e385} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 7248 2668ba9bc58 tab
    3⤵
    PID:5940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.15.1038621986\954265406" -childID 12 -isForBrowser -prefsHandle 10736 -prefMapHandle 10620 -prefsLen 31413 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ac9a193-4292-4f03-8934-82fbf00f6fe1} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 10616 266874cc658 tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.16.17167407\280312373" -childID 13 -isForBrowser -prefsHandle 2520 -prefMapHandle 5288 -prefsLen 31422 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c9928ad-57d2-4c46-819b-7ca99c5c6e5f} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 7332 2668d172c58 tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.17.1111664594\1818356691" -childID 14 -isForBrowser -prefsHandle 5752 -prefMapHandle 4576 -prefsLen 31422 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b2a3eb-2d56-4427-8a55-e22c531be405} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 11304 26687199858 tab
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.18.493601078\1825223334" -childID 15 -isForBrowser -prefsHandle 7112 -prefMapHandle 5404 -prefsLen 31422 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dcd5f83-dcdf-4182-b37a-d10f87f69051} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 4276 2668b1e9658 tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1700.19.1432463573\1595466239" -childID 16 -isForBrowser -prefsHandle 10736 -prefMapHandle 10508 -prefsLen 31422 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a929529-3b99-40d5-b990-383b0bae984d} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 10488 2668bb63058 tab
    3⤵
    PID:4436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:2920

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4440
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 07AFC0A60A7BE65864594487F6F5ABE6 C
  2⤵
  - Loads dropped DLL
  PID:1668
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:764
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 7699FBAB13904731E6EBC673EA62845D
  2⤵
  - Loads dropped DLL
  PID:4232
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 11F3C2BE1C985F0FD202EDA2E831A254
  2⤵
  - Loads dropped DLL
  PID:3812
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding EDF3B676B80752E9BAD58C93264400AB E Global\MSI0000
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1736
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5191912981E0396C165FD72DD40490E8 M Global\MSI0000
  2⤵
  PID:3960

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:252
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000154" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2676
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000164" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1804
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000168" "WinSta0\Default" "000000000000016C" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:6136

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6024

C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:5116

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5292

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5180

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3624

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5680

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
PID:1804

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5440

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- NTFS ADS
PID:3428
- C:\Users\Admin\AppData\Local\Temp\sys3.exe
  C:\Users\Admin\AppData\Local\Temp\\sys3.exe
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:4776

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39de855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.0.2026526018\583242109" -parentBuildID 20230214051806 -prefsHandle 1648 -prefMapHandle 1636 -prefsLen 25196 -prefMapSize 235664 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb93b889-a531-4e3e-9740-9207d4c6eba4} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 1764 1a5ec82c858 gpu
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.1.1649420606\1246615106" -parentBuildID 20230214051806 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 25196 -prefMapSize 235664 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6013e66-89ac-43c7-811c-b30468684400} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 2220 1a5e0688d58 socket
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.2.203175580\460891182" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3016 -prefsLen 25765 -prefMapSize 235664 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33aad9f8-fa0e-4169-98a2-896f0bc217a5} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 3032 1a5f067e158 tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.3.95639893\1281198826" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 31166 -prefMapSize 235664 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daa63c0f-4a88-4065-8f72-8fa9f5295994} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 3568 1a5f2ac3558 tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.4.888986723\1703602674" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4988 -prefsLen 31166 -prefMapSize 235664 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2bd9874-8f41-4b34-9a78-b7cad00d2a31} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 5016 1a5f5abd058 tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.5.1472474046\2114085671" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 31166 -prefMapSize 235664 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ede2d6f2-e163-4ce6-95ca-a4ec4cc87104} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 5152 1a5f5abd958 tab
    3⤵
    PID:5752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5440.6.1771965272\1804641425" -childID 5 -isForBrowser -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 31166 -prefMapSize 235664 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e730d27f-f8a5-4334-a0a2-3b5d8fe36d16} 5440 "\\.\pipe\gecko-crash-server-pipe.5440" 5448 1a5f5abee58 tab
    3⤵
    PID:5480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e59c5c8.rbs

Filesize
2.6MB

MD5
8b529e87865072f430e1766059111575

SHA1
1ce62da6bf78cc500c1467d40f95db4a1a382347

SHA256
1d408b8d8bb1282e9115ebc10f1eeda2e96a5caf567d521178c7c48a87b620a0

SHA512
9e068be60d287bf504b32d937801cb3febcab2e73b4385b59e1ce566416c4d6af7f6b5f337232691f1df06b96e14e688bd09f07c24a87c23260f30165aa02919

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.cat

Filesize
11KB

MD5
a248543a64474dc1b1e2b0dbb5bb240d

SHA1
f42e407e2bc109e03651443542a6f11aabd99ccc

SHA256
595dee8737f6bc3045e950b263c0ba6326e02cc039351b9e1f76f61565c0d907

SHA512
b3e539c6403fefaf530a4aa00ca85e033213ea962b7a3c2cbaad097448c3c10222411cdf8fb41b8deffbc8843ade17dc67ef192f2f9818447d77262577c371f1

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\USB\device\VBoxUSB.sys

Filesize
184KB

MD5
f6348f8c0f8c9540c599593b2d30a89e

SHA1
0cdb705890ef3fd5d242df4b13dabf425eb1b0ff

SHA256
52d3b5294c16a7bfbde38b0fed8335b4fb7cb7853fb59c2c8cee3efb5933c521

SHA512
c6e386c9db148111ae07c14688ac0b8bd2efd0c1cfeb5cca297e5f1ea29cc723dcc4b1481154085400d5e78b3d91e360e0e53d88c8f1b4adacd34da4e5ca2c63

Download Submit
C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys

Filesize
248KB

MD5
a80d1f16ac8c34a64b3bd77bc4e4f872

SHA1
186cff26b3204d7f86c50528e74b8d23e1be5a43

SHA256
6845118d468d6137a2f41f3d6cf4b4122656a583659eb7e5917365079f640adc

SHA512
cd4af7be76cf78e060c5ca3e9fa5926aea1e5e02f03cdd64a0b783330fbb20aea02e9509b130d7d9139f0c5fb8e1480bbc5fe82e422db42db68ed78a2e1c2d20

Download Submit
C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll

Filesize
887KB

MD5
983416bbd5e0546c0ed52eb86f18e1fb

SHA1
16b1c5139260ba846932943a4174c66059c3b3ca

SHA256
79b1e256915f89f0c3c103ae96097c3476091cd61ea912868572f995b587c951

SHA512
e69e82e66860dc022877e351af3b72c65f528f692a48d7f8f31a4f3d8a59fee5736ba01191dc46df958acdab44f6b8d7fee0ba77a07b38603918fd61deedc598

Download Submit
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

Filesize
2.6MB

MD5
bf9d27544c8da7c6aa64bf06a117117b

SHA1
376a46ee1473dfb5aa528bfb1f48295d2961033b

SHA256
059f0273578c56fc5b51bbf645396b51ce4b6067489e18c7c9f7a983caa240eb

SHA512
3167a2ae3e460dbf829a3d53b8551d8a1e14aadbeded401447105c4745142cf9e7bc3c41b71f2c6a367c6bac36cc5ad2da3fcda29ede1d09a2cb7df11e5c5426

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf

Filesize
2KB

MD5
a526fcb464e27b0c2291bb79a98e7853

SHA1
2efcdf4ae5fd16ec4cf286456449244576c35231

SHA256
0690bbee48fe92cc7dd00e55791212175432e12662c20a644147a3ca8f52c046

SHA512
bc78d8966936db843fd0e7fcaa6130711b6412eff47654154de3ab34e3346d29ae76d2e405c155364d953fcd229f04e32ded28b7e0ac72548ac14a62db5ee35f

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat

Filesize
11KB

MD5
c892340a557957489afa992ea31e4ba7

SHA1
9c89cb0c12e03c10c5e519920a9889b3df24fd0e

SHA256
18be9a5acd600d64e925fbe77ff38a4ace42014d965e9b09cf69b3c5371fca07

SHA512
7dfe49e973795154a2e725d5d008ed86c99a6b12b5fd8c15381ec92714b61832f70a67bf7058c08be5700e532898fe994cd34c50454b0518139bd2bdba35c69f

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf

Filesize
3KB

MD5
a0f1c7815280e4640aa0257f42eb438e

SHA1
a3f3f509c0de218f2f3e569bed1beeaad971300e

SHA256
08dd010f2ccb05d7f0766bfd404b775e7379214f4f74b829b85f4fd0b9d0d245

SHA512
073e3ac7edd414470b8f1d1d5b639e847e6c270604dedb0317d846e17aa2448ebf44835c338e7c3e47f0b145b2826b6e7cff03e17fca92d815e5f68a966e3065

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys

Filesize
199KB

MD5
99e5ef6c3e898218149e1030f70bcada

SHA1
b6af7fb81dd44e262da8fe2216e6f50b76cb457b

SHA256
b6e4bf1b1d8702630cee588c8e6be5f4aa618af147e3c48442acdb66f44bba4c

SHA512
dd8f142d73914e6e27991770cc54e2953464e22035cb98e9b7b0999114e45aab9befd3af1b396b6d7c6bcba0bd9fdb71a1e47864b4d2cba9580d1f00dce9ee87

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf

Filesize
3KB

MD5
9a3bf9a037804314e14a7e3723a68b9b

SHA1
725f20a3f9c372f6703e1659bfc58b6e094ed5d1

SHA256
77b41c3a8e09a9a24a13e76bf1dd172b07950b086542ef3450333e3ff0a03b1f

SHA512
814c3cdc26dd1a744ee635c28c1ac9e06e212a0d939ac84ffde59892f6abab6cf2a1276b7b63f8bcb1bf50ecab7d651526c0b580cd7814230057dfd4165f195d

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.cat

Filesize
11KB

MD5
a419d475105429fa2397a8d13056221b

SHA1
9234adab429a567bd7bddf3e990472199aee9f61

SHA256
8916663dfc49ce70bf477c5f0313bd9c78e7a3ead5e0373b3f6488f35e048191

SHA512
819468d130fffe2e44451399c76646072a5483307ea330e9755415f184ddd8e94267cf6f3abb57cc967deb58f07da331e6ba9ced3c2adfca701b80e6e03dfe04

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf

Filesize
3KB

MD5
15013374fbfd1bed15e3c9d43bfd373e

SHA1
ca3fe426dfd1153ce7fd39cebf4cb888e69c0654

SHA256
8f89a77d192f72eaed366563ea24aa44fd1cee1837dbc3f70578b27813262642

SHA512
73fdf34760a09cebfec3ef03f9735f2d2fbce54f8f01435030f0cc7afbcd80d8a87a5c5c5952100792fc342b0f4d21a79240b48a940687d5cea227b818ea90e7

Download Submit
C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.sys

Filesize
1.0MB

MD5
fe44426a75420dccc159da547133456b

SHA1
99cdc1f9195115e3b6d4b3657790b086b568da1c

SHA256
c1ddd573e00c379da2c5c8e955d9a7853d3f4ac3e4584f5abefebe1f7ca2a853

SHA512
aa85deeab743e4d8eaba58db98fae2a7440c8ad99b2e4d4c4260b42a0925945537977c98bc52c2e8bcf5c366a8ebd02420c049b0f0980383ff58aaba249a5aab

Download Submit
C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll

Filesize
666KB

MD5
25a2471239513d8694374ebbf43b823b

SHA1
54e1ebf4762b3322d84631ff01aa48b06e69e357

SHA256
433862bef2d31d946f4f195a8aced29e1096e45e56de863b4bd92419836a8781

SHA512
525c7fa20bb225ecf5c8518c5ca6610786e5dd3e76f0905910132279518b496ff3be526a407953f36ace9af61c9d862698a5f35678df7d6a1db19d8f2e686281

Download Submit
C:\Users\Admin\.VirtualBox\VirtualBox.xml

Filesize
1KB

MD5
d9d28bd2ef7192fb0efb99607d7a0807

SHA1
7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a

SHA256
dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5

SHA512
e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13

Download Submit
C:\Users\Admin\.VirtualBox\VirtualBox.xml

Filesize
1KB

MD5
c4726d0b56e5a9ab607c557313e3ee26

SHA1
46d06c02707dd15a043a3b54ae942aaab55dc122

SHA256
e75c5f37c3ab58389b07305759a721981fcdc6cf33f978325a43536a191a1153

SHA512
0c09ac88747cc63dd0896c4b6e699f086f41c3ae2a08c74cc2b31a7e5b034bf73eed836f8027a2f59a5165d157a2aad5829b39f7a3bbd1f2a96097be5878e9af

Download Submit
C:\Users\Admin\.VirtualBox\VirtualBox.xml

Filesize
1KB

MD5
5a952747a59b4f81d4a850d01894f25c

SHA1
c186b318f03d52b5530f588ecda01e50f6a022e3

SHA256
2c4ef13b32574b2fe2ad581283b165be99665579b9a686b0c86de0e453480196

SHA512
0455bcd4f898d026cb5b50a664461eee0eb5a347c5d40c9b4065127616c48e0660494714323880f68c2ea100ee162369c8ab429e9e210fead410059e344e6bc1

Download Submit
C:\Users\Admin\.VirtualBox\VirtualBox.xml

Filesize
1KB

MD5
f49765ce9db54f84034476fbde592f04

SHA1
c4f475657f1ebaa961d2a61062105910c0af9548

SHA256
90a42824376c73cba04c10986ef5e97ea8fde9e866893ec94c71f6970a5b49c8

SHA512
3ad48d6defe012e9838e279c56ef631cfe52410eb07915418b99e759ecb76f79784e46ac31ee728ac9b4e0a842d466a155ccca8f41ab9fe8ee3d46c956c0a631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
471B

MD5
63de599f0a1aeaf193dc832159b1616a

SHA1
9637277f2cbbfcf19412b555af6e1cb3207fe5e4

SHA256
fa991eff1166ed088b710d6e2ba5cfc77dfbc5eb4add767c8b37bfa6ee6605bd

SHA512
1b62221337d4ddf3dd6dfaed591000b14026e919678c803d986976deac2b82cf88d6e377486af51be7922b98f8123d5adc30872b7a05ba4898bbc33897dec7b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

Filesize
471B

MD5
47245c85530f7fffcd57a15cef42abc7

SHA1
3e5425659a3b48ae04e7f8bfd4aa41a85df83c09

SHA256
cbf9a58dd6c2b29a38bbd4fc7edb30f4d1a5ab994599197cd9da1212a82fb644

SHA512
583121d4c7971abb53579fa945d46b960e8939b16378c56ac1c192b6fa2ac512a37dea3c7e95b3dfb41d5a33f5cf4bed0a38e4a9ba6af565e05955dec4b8989b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
404B

MD5
ad7cc3d299ad279f5a60d20754e880c4

SHA1
f265b9089b3aa85e052255e1056488e118a472ce

SHA256
b188c7afdbb7f3abc1d0b7245af3a8c290133cb4418ea8717bbd506867e33074

SHA512
7634b3622fc3c83e133f7f73c8d9d857f0dd1084665baca9a134d64c096f7e3a7cea49757af766c0dddfe933b05039cbbb98dbe808201365f1b47ef003114383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

Filesize
404B

MD5
e3b0308710c8598f251fb56f6483fd7c

SHA1
6ed4c74ebc8358cd19cbc67f13d4367f22822b69

SHA256
85045ba9aa5493c4f8d2f4ff0fc327819d53b0905782fb8d171545f55aa4a9a7

SHA512
120c87adf43103a65f75185073a3d4393146877013d904cb43ffb2888514a61ad2a87667b2c03447131d0ad3f4d6a2b301670be0973a4ad2ec0fb55d6d4423cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
86761a2ae04d038f32920d34ea51a8c1

SHA1
1f5e80ee4dd6dd3f4b24c84d4980456d481eb836

SHA256
e31bfef558004297b354a396925c5df9d3fb45877e0dcbefa2eff3280877142d

SHA512
fad123fbdf424bb8e061e9d9aef18b9c199bf14643e6f9c3f7e662e2f63047d2eb55ac00864447e632696902b9ef8f728a4c7771a621c747ebe9f4fa2b0fd08b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\doomed\20868

Filesize
10KB

MD5
3cf35aca99cb0e22caa1da75126338d7

SHA1
5abeb8b9f9ae9f4c50287a2c0e4b5c57c813795b

SHA256
e49d1abccac8a0d063a3bb78f6bc7fc7ecced438d488410c3cd7beb79d7efb1b

SHA512
076d9ad003e9ac1f5b02e3e61d942b8b9c1f064b53240ac8d71dd317564e304f9a3fd4b0a862e71fe5b0ec6dc4c0f19dc6174c311fafb18ec35a39c69e6fdc61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\6451555620459D1722D46F17627DA618735C3EC1

Filesize
4.7MB

MD5
74ba157da93d3590660b8da69f671502

SHA1
9a569a5ee7236a7783ea1d92cb05b76253c6aedc

SHA256
b130a8770f26858959f98609925c7f90224467d5d30cf39474d2e7b9b20cf506

SHA512
0e7c195917d25ac8ca6da9478dd002cbdbabfb1019425d8924556effec047fdefa75b87512a12c68aa814b8291941e9024aaa095c2c06cb18b59fd7fea8b1fd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\BD0F19A1CE1B0EF872A9FBAF619A5671CBC80974

Filesize
45KB

MD5
e0528e771a89d525a11a11c819a7f329

SHA1
3c2d4b1ac2e078d538a6f843e9c1c560f9483f33

SHA256
21ede809c3c0591e482409c81b378dd17515e16803bdaf1796a098cfd6430c78

SHA512
ce3405525d8112dd0c9a6ef18d64faeca51e9f4418b8958c78af231a57b249e9af8b0e69958c84951ec05f68dac4f75c08ca062126e60d1a03b5bee47e41f372

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\C2995AC72A1C82CA460CD55984A64498CDFD69A6

Filesize
960KB

MD5
d4df5ad0b2b3a39cedc0c3fd8937e208

SHA1
c8718488b2ae92953d5a48fd1a5d36efd1723da8

SHA256
22b16c94a2e669f1215bfddcea133c93bd3ffb32ab986e6004876eca83dec4f8

SHA512
be81ec07de4929145bf708b048dd39e7a3f352d73986c1e5e52140e374f9fef2a1b9f788bcee644110340326429e0bbb5545401aea08936643943851ede8d2e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\C4B0735C6E6962FD63C8953A480A9496362FD1B5

Filesize
153KB

MD5
3514d14eae33f7b667107c6bb33295d7

SHA1
54936a0b7d4fbe061d6fc859f1405a364db7d33a

SHA256
b4ed4628ae34f6839aac51ec2bace68960586f85867d5a076c33b9b84d0b0cbb

SHA512
3a6c7bdb87e2350d3424b6f77cefd89319ceb412f9213d0a30f7c57ecb8759420c39882728b19a5cb7e2ba08dc952c513bfc8503443f7ead362e1f7036c59fe8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
a9515fce3c0038fc237e88d013635dfb

SHA1
3e0ed7e12168c03613da48ab1e43f0ad91ff6ede

SHA256
7930a60a0ee4a663a38028ef443e433eee2463760e9164ebae77bebecaca2b4d

SHA512
bd39dd72c38233f0146c2e0247ae2ebaa22bf034700bbfe967c0a616eafd4d1f0c6e557d4359e79d65c96e0271dff7ca7c5c7293b832bc8cd8866810431c25b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\F83306352212E41B08FAA04AC2CF06A2B81FA95D

Filesize
61KB

MD5
b9c417e21b0cf578d9cb85732b9f336f

SHA1
fb65210f3514863a918f51c09c40c2f8b28a4631

SHA256
85f5703926dc650d089d81d734375cee0b390985877753fd56021d5ca286964c

SHA512
9528107d0d3e915ad82d96fb60bc147c94f2af0adafb15516eedef44842b72b905a3b4dda1d969bca453d675866e3ca2e5bcf8e99bc42353916231d9b27bfa6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

Filesize
30KB

MD5
96b5f75c93fc986f36f56a6d82e6421f

SHA1
1fcecacb742b294152ec2440afcc8efc90790f1a

SHA256
902da10df7ff62e448eb6d4e4ffa00f35c5f87799f758ad13adbc9260e80bc49

SHA512
e8c2f309642aac1bf00960525c998402b5be3273ba8c66141f169d3f6213c6d02ea9ff70188372773ad8e7c4002bb106d8941a1c564b4d548d12b99e72793ae7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\jumpListCache\VKBm9v9QjB+K8SH9UXxvrw==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta9v328x.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
1b6a62e88cf6e51687a2587bcf4fb042

SHA1
8e26b943cb135afdb61f37b41ce76f2b51b1ed02

SHA256
a2bb3468698ac154aefe7159a0ab6ece464fdbfaa66e004a15d4d6abf2a191f0

SHA512
ef2c18dd5af95c3eb51becad66c1a711df475d41c8eb1c90282ce9adf83ee6cbf28d3cd52905743cf99aeb6947ef6d892e44e9f4deedcda20038fce2d5324a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8C58.tmp

Filesize
334KB

MD5
af3265e9034acb6495c2ef2c3a815969

SHA1
7cd1730e9b7a6f16999ac46287c7254279acdb50

SHA256
3b26c0951c46edf00257d10a6f86d82e35189db24ca774e06b8a6b4c58a753c2

SHA512
e7584cd50badc102fd8ac2120a98e6da2818366c69b94a1a62d13a9d89bba107f37d89656cfcadd37f4c18780e9279bcbeb112b348f230046518718a287c3465

Download Submit
C:\Users\Admin\AppData\Local\Temp\kg6dul20p80f8oyriftmhuw4\k0w0o53mconhulchlnpgdxbk.msi

Filesize
105.5MB

MD5
c1dc7a40ed171beacfa07daa8b832ede

SHA1
77ac388f822a2b119e25aeca41c7ae81e25f5e66

SHA256
4799e281a8c8fb5ffdcac791d9bd1bacee280a7111620861044cb5bf12e4e0d5

SHA512
37485a847539c556b173fe96a8e9f1485edc846be26cd0649059a5c296c9df2a7374a39dc0befc2e4793c2fad745f5713aac2c81886230858c71f264b8a6f4e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
f9a1a163cc8f92cada2a61c5941f9a73

SHA1
1f9c51218eed2c3dafc2d7c8814fb816b0b05cb2

SHA256
7ff0146360ac4b926e16a80afe5d9b86d4843af74a93268bd483ec5a5250ccc3

SHA512
2c0c4a5acb82dbdfbe5f213402fd3268139a61712a18f56836009d69e887b65f97799a8f1f7f0d6c0e4979c0cf062a1106ff44983d8e50b063ebe228f72705f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
872189f17781f6dfd81ccfec720fde21

SHA1
4ac3abd18cdea8bc95fd79bbebaca06df0cd04c6

SHA256
90d7274cda0b58d0971f10bd4cdfacf23f6512c6f05e0b5cd69ac439ef0064b1

SHA512
472a3feb5fab840f245cb5e3c8193ef3d7e54ef8f45ae59f10ead5a344f48a8fa2a07539f341e12d7f137cca36ca4ac273e65eb8fd0d81191285df4d06b8a37a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
912ce025cfce1d91b5f1f1d8b7637b48

SHA1
2da727141464da52d9515649cd285d8e6f422213

SHA256
363bed40179c710b84c68c942ccd0db034ce6c665e1e084a5fd6b4ecfb2808db

SHA512
1f2851fa9e44c9d0acf2312408d3233d542445d43164b7e8706f9a21fdc4ee8639e88c1928766fa1337ed05f00193b5ecfc65147162cd4f8d7108c732cc31721

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
9bbee5d0fe9acae2d08aa5e6226f6403

SHA1
2dd6c3426aa8869c488da732f0404f5c3a89ebe5

SHA256
24bde3ba9373a2354216e7ae6d237b9ae6df2bce7f30fe6c111d8ff9977a9689

SHA512
b04051338adf82b5154f35be3f72ed21dd299f89493ed1673c9226925d56f16f4c3afa0bfdcfcb8d4af4c9c7ab853637a698678cc44eabe1ff7891499ebeb709

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
a265a6bae1b0164bc9dddec8872bc27b

SHA1
d75a487fcd8586ae8c6318b952ec96cc0e470d51

SHA256
14fbb546998c220e5e4a71b8f015102a30c99038a5c0b34f0330e5d911bb2518

SHA512
51cda33f7eca84a7f127cfeecd71011891a825b8ada5ec6f31e68e0796a68d456d0b717d74710f7c4f28248f1d78f0f8c975ddff86b348368d731edacff33bfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
826338e8f7f0f285d75e7dc60aa381e5

SHA1
aa5a01069915ed3a81b2bfff1a8dc6f49e4fb9f6

SHA256
6c4d43756440e9c8004578c0ae83dff5a57894553fa1276c497321edca917300

SHA512
94ae98ae9fd4c0dbb687273118c0a3f0768609506a179637d4720a6d155891ff83015d9b2edb0d5b1b50cfb38efd93ddff27c5fdbb5b541b4e63d342803aae87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\bookmarkbackups\bookmarks-2024-04-19_11_eh-WubmxLJBFG7m9leljLQ==.jsonlz4

Filesize
1010B

MD5
4949e5a1ce18c3b75c388742dd757251

SHA1
8d30382e94d7feb6191ee923907eb1aeaa2b0c3e

SHA256
dbcc8f5bfbc826c381ddd788a26a1d7353646a0785a186bc082c6b669a482872

SHA512
f59c1835e18443e100a843ea5428a7b6e4bb6d48b809944d6865dc8ee960a0be6c134342b3684b0c6b336a805588345ca2a6e82d6f6d5c7089aecfdc2457a2e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\broadcast-listeners.json.tmp

Filesize
216B

MD5
9241c2bb685da65a15037c4daac9f20c

SHA1
c9a145be2f6700d8d652a35fbc7a92e6929de76d

SHA256
65c830d4575e36524c4567cf6a6746ce73cba191ad6f349a5457ea508ceb3a1a

SHA512
599957103a54ee0d714d640d1afe027284cddbe72372d113845f041978bb502aee5b05a6d4b019e38a2161432752a6f61963e236a469ce69465dbc4305d0aef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\extensions.json

Filesize
40KB

MD5
639d425bdd131ed280297443e3d61e13

SHA1
e921f048929400c9cd529ead49ebc70299837e71

SHA256
59fa38913bb6c33b23759850ce24a9c71b30990ff64537ee049d52356ad49855

SHA512
ecd2c02a421accbca765a2cc62c04fe8461a50e8110fae95fc3297806cd8cb216b4a5d5eeeb34bd302cad5b86e80519e55395e356bb0eb5dabcf6b38fe3781dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
8KB

MD5
43cd2c11e45247a680818d5996ba5d30

SHA1
b08737a551c0529d30027b1b09cc0ca50e8a12ce

SHA256
cc6e957c6af63e13ad79b17ea2d80ebad8ac385d59839ff1817ff231f2e9781f

SHA512
7dad9f4f09a426a3698442284a6434231d281486c6c5d614519fdacb377f073218eea408d92764dc190881a437771bc9b5c4e56156ebf3633065d2ef6fb804b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
10KB

MD5
22f18ce3c7ece72ba114dacb18dcc0df

SHA1
c74441e5d1187de4edde321dcab9f6f45d5c1989

SHA256
55b34c6e6ef3f0dba16f88d15cddd0602956bb2dbc52eecc18d9f12581d95135

SHA512
051097c258fff8eccc90cb368fd477bfac7b8423abca6b273f7e1cb1675b36786aab1cb0bbaa563d3f37de20726e25a62da86c7e61cffa12a02b96691b478c78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
6KB

MD5
c846d7a670782f99f43329e7c3b12eff

SHA1
5a39a04f0b1700b6c3bc90e06c7e42265c18689b

SHA256
d3c43acf24f5b84e3d39377056667f0fb9a335e568067a6e7bf44147b23221f2

SHA512
e6cd4c1ef8f55b29b8e71eebb4f9e40ff91de4805437aa7dcfed50545038ba54c73840cb778d47209f7cde9c6e75f67275def36736d1d5212ef3f67073fba336

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
10KB

MD5
c27bce8da0449e058f373c7ef5448ebd

SHA1
af14382430fbd0669cdc94a584bfb790c061bf33

SHA256
9aadacbdbe8b149c184a1d0311e74ebffb0954b4532c36ea23bfe6204510e5c5

SHA512
3c6f34c0edeac7d4f67c3cd957210ed9960932df70e5d7ebcc2945cc12ed5d116dbd463dfdad8f386ccd9cd254695823446e3fb7eb5c4c3c57f3a6ed27f0f2c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
11KB

MD5
45630ce0178d49f69b0fc7a6d9b8582e

SHA1
746a33439f14b75e94252ef561c2e0564cefba7c

SHA256
63590d8cbe8432e39daccae94f29a5c532dc073d11e6929d27546b675b865748

SHA512
620c2d5d6c1ceb1a5332d0d5fd9332de84d0b4f646ec24113d2e086ab7e3d559e6156100cb5ee8771a6b31ec7949638890d65bf2f5f2b80bab8cb6f1b978892d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
11KB

MD5
761113a47851809bded675138cfd4849

SHA1
cd2405f087a49b472c78152a124cfc69c346ca2d

SHA256
527675c44e0b5d4d719beb03b1a3d1049a382196dbae1794a272f7e639b66996

SHA512
b06ef857b125bcf64e024795269b3ebcdace108dadff2eb6a36d3f49df39bd4e84138b4347d50428c4983fbe95c709b483ef6db087f157937f036a0ebfdbf522

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs-1.js

Filesize
10KB

MD5
0bf776268d41829d95bc1f70f215005b

SHA1
50694c230ba14fc394b7f982ba583c67a6cd1dda

SHA256
6695a6878c69ab8807d51ba8e217c4fdb954a9b04701c01ab873cd879c157385

SHA512
2072c9490ff48000104d336ea8b382f87ac948c8c4f7bb99ba2ca8fbefefb7741fc1b6358e920aa7aba5ed7e694d02c3e151ba8f9243498086bc9f6d4b761ab8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs.js

Filesize
6KB

MD5
c9d37d8bed9a710fe7a91aa9aed7feb7

SHA1
c9fd3b44be872a0a63c2a9eb776997290dc0de02

SHA256
250b5eacc653294190fd90cbf67de0a9b6ba3d2d02d483d0be1a004527cd43b4

SHA512
6dc8d886f8ad1179335c3d9216088bbfcee1107f3383856db5238ae777ccef8e70a158671a8f61cebb6f095975186439b5fb3363227e47e92b63d67379f5ac12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs.js

Filesize
10KB

MD5
b78ac5cb117de27efc27eca23a9b8c5e

SHA1
62c9adea676147a647482389552044a4240ab41a

SHA256
059bf4dc26a5a9dcd1bb499eb35305c8126feeb23fe2abc83b9796b20f673ba4

SHA512
b0c545093131f4ac61c1115361997bfc1c18ab364a66c01ded7011036309041054c1ba151ed1aa338bf9a82eb40fcf76897770c859965c5f2bbb7cfb9002a362

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs.js

Filesize
6KB

MD5
0f1e1ef6f870c02d905635db77f3577f

SHA1
a17260658f9b275f2b3def3c08624d232e4cbef1

SHA256
485a2e16647a2d0fd9e205af67738bd307a9fbadf0dc0513cf014107a9692cf2

SHA512
5845d63eae6d7cb041eeb89effd2eea68784cb6c23cf5514e871cfe79c2ddf1971126ea670e7a13d73b5743756cb4755f5f4a7905d1cfa5a66ccd399bffec17c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\prefs.js

Filesize
7KB

MD5
3079fba9d71f900dd09296cafca7e7e5

SHA1
6b7e5dbd1f87cae6b6e7a9c2fc3bbda0aa5020a6

SHA256
3f48324c9c070212fc5f0b890f2757f051a654894cd93a12da46b7bb86f77e50

SHA512
aff8e9c41f46c0ad92390804b812879e340b612439051f84861092f26bfbe0afa6b58f63ed0cb6133307d6c4c6db5b4c294ad80b3dcf3bf714bdb8cc8e94e914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\search.json.mozlz4

Filesize
408B

MD5
3fcb5fc3972f2a789bc4822eb7801e73

SHA1
80ea5e85bddfd033cf5cea7e710f570304fd3e6d

SHA256
4d8ab14a7523ac97d13d9eaa9b7fbc6939cd0eb91b547149b0177d88e31f5eab

SHA512
5eda0ebb108ba94d175bb7ae3726cd3062e892c09dd8714e7aec59ec530de40b76da7c1163e4cfa5a94fa26bb4f4a5380085405a7f68cc85cb239672cc092b82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
d64350181fed6ef6a2375692f4f4c3cf

SHA1
89391bd8e1f4f96df0e406be9802518f02747498

SHA256
d88008aa5e8defebe026c1b5c903a81761533dc055e4282ca675d4ac6c42c45b

SHA512
a0453f864b6a5517bd45eebaf8ab121c66b4b323680fe14f81829378f993af95bd95e1a47782e47222af1712bf4d548a7c316d15ff7a1554425d4b1691cf2fc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
43c20ffb8943ffa0f78cc585a11afa85

SHA1
129ee694d1487b14faabf7b58abd3df77d663cbc

SHA256
810b8d6fa7feafc266e2ccc45b36ad76b9904f8842f44dca3b4b69f0ba48621b

SHA512
e82c2a85a0f8d121875706fe36960a2455468c9f65372e7dd3e96e9474b48d8dc50ade435f1f83d47042bd36b98a84128bdc627a879a6bfbc5e396efead87b23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
f6b3c83d28b45d55305baa4f15ef1622

SHA1
561b16ee13bcd5644be23f021670ad32dba46190

SHA256
f2945e8a60d9463c634835f794ba6ea9eebb15f64b82890e2aba83b498c7a19c

SHA512
685a41fa5e463d7c595209b848a74e338cde347bc84e3a787a00366ac90bffc83ab937b70715506e1ac9fe6810f1f1b7a822f699810230b4f7a272ebb4d66b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
66381261103e6b041c2aa9c49381685d

SHA1
8ea06c14e6559ed179e79a51cbe312f21094b604

SHA256
5b2e1ea08683409e8343045ffde792eeb9ae1458bd52e63df01a3b46b9c27c54

SHA512
5ffa5706502425d95be4fcb335f3d6d4d44720d8a13abf4b659547a2d34780959cc441cd976990e1dc2d2f2543d4ffdbe576fa481013ef94e64aa020dc6db8d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
0eccc0df1ff3d1c9ddeb17656161078d

SHA1
9d37bf2fc08f21fa2dc48defccb9b4e5a08d7f91

SHA256
e99131df16bce9580d02c1c7b5105fda5233b4b2ed46d68a01db2e617f50e794

SHA512
6c1269f175868d16885c36dc4717d1ba0f7018666ded7b556e43f64d2f0f764a273846b81a182a5268fe252c782d54da9773a3251b4d77a0ed1bd336b0fb9fe5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
4731abd36bce729e470244cc405620e7

SHA1
17e1e9f0b68d11e591910b18159ddf2dfe739514

SHA256
bd9e343f492017e7340be58efb944d6926338e96bea70fbe9195dd7d202a1905

SHA512
6dac83cb0bd91d57fc7e42a11020cb96abd545e09fb39c0ae423d0a500167d85102d4b6496d1e6bcc0c408adea3dabe81f0b838e36dd5c212b96295550b1c8fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a996acd867fabf1cc13bf324b9dc9300

SHA1
a919cbe8fbd0f388864cfcb31af60559a125c153

SHA256
57ba99148aeb41f2d5bb6b6e9989599d0bbfac928e685ad88eebec01cebe89ba

SHA512
a2ff8190182c9aa7fd2367acef20af9407dbca3030fa91f39128a6c96708ab9ab1a9c5dfa19b879a325b84a08fb1aff3d25dfc9ba0db52378ffdaca41dc3caf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
48b648f1cc19be226c20af65899f70b0

SHA1
80ad2cec8a50cf04c9913be8812ae664bbc39c73

SHA256
5abb7985c645f1c6ad1e6571a07f138fa921b8256ed01677059396b3e0e5e84c

SHA512
bf1560d1ace9e7aae952b94cfe14223265aa4242093a8953817a2c413717b42e46b93220b7e9f8a35704dcbc4fae6a9f77f951fbe67c22bf6433374478e28132

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
57b740252647588a3f4ac57191151e37

SHA1
042eb5f3f0f065a8191b2801b99f94cf53976f0f

SHA256
dc7372d9e846d42212266e1c56c64284895789aa43c12b84d9508b097a843651

SHA512
5d321a410ec6ec492bd37b13c7d61d937c22928a6a3646279bba8504952aa9c7c5a4d58530b8b56b75f30db66bdae25f87d61a0b94ac53669c5ea1cbb73b1e26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a06b9ecff35d4d74f159c2a2627a5765

SHA1
0f5926c89fbb350c84315387f96bfcd961f8cbd6

SHA256
0b63323aad9f3496deeac992da7bc15cd322740bde1fc00c1360d5bcb3bf6c0a

SHA512
0ea00b5ddfa5db4a84d50c83c86792e03aa38f32e160d512fc38ce126128170dedf6b94d50db980587c9fde0d732363d362a3b07348add5e548fdb3b242c0032

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
4e375a23d8a7d61e0dcbf5d77f916cfe

SHA1
117b5212a793a612876d2bad3c93991b2c4a21d3

SHA256
ef72f8d5fc4f48d60b2f501b1b5d768346576ed165e0c51b9a8f2955a9b74591

SHA512
39c0c912527406d77cbdcbcde63a49ad56d72977c4e079deb16ea12329db9edd9ccac31a943b77fffc4f2010038d811a6d91426407b9a12c33e8be25dd89294f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
be108804703fab4d484909fdd80ae4b1

SHA1
deb8a7d77232932fbf4b4727425958ce257b5638

SHA256
464b6acbdf2bf774574da783be7ebaf7ac9f39694505c4704d65f4cba10556f7

SHA512
f6f67f4841447bf8acab1d9e584aa3de0b9dbfeb9673d0a3c537357d0284dbc5dc1ed4451572477c4995da4df9f9d0dbe4791787718babe62fc684ca950eeb04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
1eea77b4640179f507ee2c8365964322

SHA1
c44546905d34c4e2685551856609ac0319594493

SHA256
a86ea2e049622e12ce08910333205665802525925f472f76caa68583c910d216

SHA512
6bca827bea9f9b91c91b0fe27406cb807bc3bce1cd4f2e6a2ca231e1463b269306614992fa04e011ffa9529d51e04d581102f0a218b142d2e901f0df3541bd43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
7201c21e629c7aaed5c1e322a7cf3d45

SHA1
af23903611d2ef0acd0bc89f863d941b49b62614

SHA256
a018fa8a39bc0cb9bc3c42fb1865c066fcd8fc03de4966d34410aa57a21ee4d7

SHA512
0f9f6008d765cea415fa2c8b2b1b6961fc343e3d747f1a3a9d38882eadffa977753b63f5d2d11627ba636e331d0fea742885a4d7cad3d2765fe8f2638cda04d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
65f202bb65b57ab2570ce2d216c3e796

SHA1
a7f3e62b21bf5378ef582db96a4cf36396a4e428

SHA256
269bd690054ce8e70f33e05166c5c689b7d4a20e61ba517a3924b69d668aee5e

SHA512
813750f7a8d7554e24130ae65845e732e1813f17641ff9e123c4b15e1799e24032b11bce04949b9f705af48bdd225ad63a144fa34951f24a001ec1eee2ef9992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
bd7393b59ce7eb72f84df99419713e05

SHA1
924298fcc5a6592fa2a55021337246b075af3cfc

SHA256
ded35eb8327bc4547101cb535629b717d39af3093ea0a5c126aefb66e43fed87

SHA512
d50673786cd19e1aadbcf38d18076b01aa075d864763baea57d40ea2edb6b1cdd77fbd78e8a65fe5d8dacfabe4ea2dfd26d9f9029af9f24042fd8acd00015d06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
a474863f89de84d2f96b95c5fe1b8f3b

SHA1
fc391792d3580883463fde80377c38aba5158e0f

SHA256
34797a83fec367284c1437934decc5d1e70492775cf4eba38844d6295047de8c

SHA512
cfb97d87c2b7af80dcf4fc7c139abefa97dcb4b2f2d56b3bdc5985e0e2f0825dff2a67f53ce57edf7cde78326ab45ca9b33de0feaeb0fb6e620aeea6b1a08240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
2647ffde5e52dd2e63a4ca83e2c9c73b

SHA1
66ed3020ba5823c6997ef7e5e628de07965e2177

SHA256
39772ec3b566f1397e8f69785d8566ee5a7c57b6603621e6df89e516713d8e08

SHA512
3209d76b7783322d6258f6e6d4bdd41209c95c3fbf9d5b5e763197b5c95fe077e54902d3607f360897bd1ec4f1a8a511c2d7e52b9c38534ce1caa7269f35151d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
c5a89155e0ee97854820a362456fa9a8

SHA1
2de664c8af3f348fe345c785d9b07bfdb55f795a

SHA256
9609b6fe4d5a167e70d93dac2c0c3ee4583fe74a0b1129d4b48d010d142e64f3

SHA512
1d0fe470413e378610c5d70ed3289985ebbda5aaef2968f682b79fb41ddea8bf7a6ec8a95925588f1d42b137d0f35f98a3c566f10a51a9bfe5da69e67f493ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
e94ad5321f342527466d6140121aca38

SHA1
c09e447116b4b9cfdbdc581610f40a565f68ccc0

SHA256
55f5ab36ee14210b7e3f964a483afdc3230c099c117d8cb7f65eda9e98e3497d

SHA512
1e194cef20038ac96bf3cdbf40b95b2290bd83e2303736cb6eba1f802e0e0ca007fd594a00360a69323bb14ecaf6fa348a79f7d468140cf2be5354b3a8737a2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\sessionstore.jsonlz4

Filesize
18KB

MD5
6199bb0f43d603cd06b8d1abb2351b91

SHA1
60e614b19789dae84d9c767e65f7942c7972de8a

SHA256
ff12d45807f4e62ba81c9c71aea7ab4c8dc089f8f8cf51341ef7838a64a2c8cd

SHA512
6102fd98ab87353215f09e19101d153a7b969ee2d33fa5cebbdb4c0c455853aeb6c65391225bf585a0c061b97528c31abe8ba9c45e820ed03c00a53b16813a8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\storage\default\https+++www.pornhub.com\cache\morgue\140\{d37e148a-7138-4588-8028-51ec52c3008c}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta9v328x.default-release\targeting.snapshot.json

Filesize
4KB

MD5
05d96c1ab0d87543422eedbee5154574

SHA1
8caff790ee47e8a50e3ead46e86782610e646320

SHA256
8a46f9a433d681abc6899a1b7533bad666596e49baa7df7bcc21ebafbb0fca3f

SHA512
f60fc43355b3b384d5e03f17a8c5351624561cfa3a2e7c090104d317746a3b3b152b257c30f0b05f15e312b12288d81cfe0d09e3f40e79dc229f3c877903513d

Download Submit
C:\Users\Admin\Downloads\PowerPoint.hsvoS6B8.zip.part

Filesize
66KB

MD5
196611c89b3b180d8a638d11d50926ed

SHA1
aa98b312dc0e9d7e59bef85b704ad87dc6c582d5

SHA256
4c10d3ddeba414775ebb5af4da5b7bb17ae52a92831fe09244f63c36b2c77f34

SHA512
19d60abf83b4a4fe5701e38e0c84f9492232ceb95b267ae5859c049cea12fee2328a5d26ffd850e38307fb10cb3955b7e5e49d916856c929442d45b87071d724

Download Submit
C:\Users\Admin\Downloads\VirtualBox-7.0.16-162802-Win.exe

Filesize
106.1MB

MD5
5f6a8d381b1b622f168359515c0a5428

SHA1
53eca4549abfa5ea8daf19eaa182c0bbb0f2b35a

SHA256
2fb44977d3329e55e8b61408ab4af5239ecd3d80c5990fb5cd6bd0c91a854d62

SHA512
68691dcba2effdde006cc1f9d9cc973f11cb531afef11ea2d144d70a5c999822d68d24807584d4212f92b39996a9978c44aafb55df610b5194356cdaaa3e5e18

Download Submit
C:\Users\Admin\Downloads\VirtualBox-7.0.16-162802-Win.exe:Zone.Identifier

Filesize
159B

MD5
886022ba5654addbd67eff3303851777

SHA1
46d537f1fc901eec650e89229924035eeb83e7ec

SHA256
b38d0c76fa4581a2fcd090779a7fd806303c09235bf8003771c88826ee4076d4

SHA512
6962b6a05dc695faf5df982259d4930e1c0ac6a4253f458b37b0068e6ad971ad2b57d2a0d862c115749446247bca3270035d5622653b933f927929361a081575

Download Submit
C:\Users\Admin\Downloads\VirtualBox-7.2-_RAYR2.0.16-162802-Win.exe.part

Filesize
15KB

MD5
8e15cf24386dbcdb043ade55423d628d

SHA1
0ff45560e6c7ef42e004398d272693f5d15e4f27

SHA256
a63b135a0575eb03fa9f0d6fc3f073759c9912b9548774d3d9ffde31cf5cd00f

SHA512
50331a7ff34f01c3f3b0f85ee2be5e166fdf3f87dcee62b9464a56d32952cf2aa4e2dc8e4d1bc29602cacd2046d78e7f295f935497a72fb38564771eb6a9b197

Download Submit
C:\Users\Admin\VirtualBox VMs\kill\kill.vbox

Filesize
2KB

MD5
311e1aa9c04ccfec746337864ab407d5

SHA1
25fca3e34d91eca0540a2b3267d6eff4fe8294f2

SHA256
06c260476f2f9567141b86470412a18ef745ffdc1749360d57f96b5dca997ccc

SHA512
de2eeeb63cbd28052f51e47d1b025983722c8e28185860b872ccf0eb25673b6c1f71e187ca435d2d1df44232d44d10e8100f96ddc6567043666178acaacd860d

Download Submit
C:\Users\Admin\VirtualBox VMs\kill\kill.vdi

Filesize
2.0MB

MD5
92b6370ee64a52ebd0257f32e4f85615

SHA1
b38a0c6368f70f4996feab45f468703cafc81c83

SHA256
3a409aff846f1ec436c75bc51e6946c42363559be6c8c5722e96e1108358e4d9

SHA512
eb5e9c053cef00fb9be805482efdfa35979560662c8005e8d40345c50857d65cf74a3960cf7dc080deb176a6df419ca225166f3e7bb6bb60f657d9f2d64653d5

Download Submit
C:\Windows\Installer\MSIC9B3.tmp

Filesize
234KB

MD5
8edc1557e9fc7f25f89ad384d01bcec4

SHA1
98e64d7f92b8254fe3f258e3238b9e0f033b5a9c

SHA256
78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5

SHA512
d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

Download Submit
C:\Windows\Installer\MSICCA4.tmp

Filesize
149KB

MD5
418322f7be2b68e88a93a048ac75a757

SHA1
09739792ff1c30f73dacafbe503630615922b561

SHA256
ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b

SHA512
253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef

Download Submit
C:\Windows\Installer\MSIDA05.tmp

Filesize
690KB

MD5
8deb7d2f91c7392925718b3ba0aade22

SHA1
fc8e9b10c83e16eb0af1b6f10128f5c37b389682

SHA256
cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

SHA512
37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
2KB

MD5
ef51d935e575b58aba16945f436fe08d

SHA1
fa4ab58ba0e10829c97d5d4a93fd817a8c60bc56

SHA256
9193fcf6d869fbadcb2ae6a96f84c3b81a1c4c64dcfa7826ff68061ed721027e

SHA512
93b23193f7d7e86eb02a42702a0230d28368c02d8f70ecac7bb62e679bdf7906e7d32a96de24e039e42f99690782accbe2c2c4328f568aedd2f95da150ebe40b

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
2KB

MD5
3fb90c3be8d9fe09a6f406268f926749

SHA1
166d3099ab5cfb7e86d02fc460d327ad8f523b57

SHA256
80ef369c62c10af6b55d0b7fd8239f040d02e7e9be205020f016ee52576d9672

SHA512
b88290d23679111f468bf462712df4e4f68baa011505cfcf946bc32ff41bc5dc885e401e3cfb616e981aa27b715ae372ce902e1b46b4964922d47e0a098f4517

Download Submit
C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\VBoxNetLwf.cat

Filesize
11KB

MD5
035dee8dc971f4453bf8ebfad0fe2b84

SHA1
81fa4e47a76405894e3001e9cef4fcc6ad137e52

SHA256
862190e8017dfbd8540379ee61acc0b5d6829e664ab4dca9928622e4df2692bc

SHA512
f92d31623396af51772c8aa0eb14826eab3cb0a6fd8c6f223e0e48431c84f3c94674c34edacbc2b11de59792ef057aace17851f41a1fa4af3a01bb3efb1740a1

Download Submit
C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\VBoxNetLwf.inf

Filesize
4KB

MD5
d8583ce91e8f12941a07fed65aea7503

SHA1
fb5a8142941b102c41f5577094e7a210d585be02

SHA256
7f390c13fc10ff293b641527d34833334080839e05704236f9d3dd1070fbd38d

SHA512
843812c9d9824c0bfae536a5e7f6abde9b4b676117a18440cb685c40529a4f8b52bb6c312a33362e0816a29ca883d57fa312166d444a384bc79205c13c72aa7c

Download Submit
C:\Windows\System32\DriverStore\Temp\{3292348a-9c94-d247-a4a5-6c5435dcbf13}\VBoxNetLwf.sys

Filesize
259KB

MD5
7c7c82cd0ca2a085642a2bd7fd5b96e0

SHA1
4acd6bc241b92fb56999a4c23438217e77c5863d

SHA256
382ba434508383e9d8f9a341292278fee5042393a898c2cd73c861d645fafe79

SHA512
7d31e57635e002255d74cb8dfe15b90d00b43b82e8a3acb99a5c332667a1d876addfafde64230015e88c66f88e6372304f32675038c9ac92e237c61e8f680c56

Download Submit
C:\Windows\System32\DriverStore\Temp\{8808f097-2b5f-8644-b7a9-501f9a7e3d5e}\VBoxNetAdp6.cat

Filesize
11KB

MD5
cf0d4c8af5bd5912448ce28f45dddd48

SHA1
c6cddb49e2cc8230eb80aa737a08720a3e6aca74

SHA256
5c13e3007e07ece5bc09b288caa618b62b8fc9c3c1e55e696379ee808340c185

SHA512
554a193123d64addf53ea48606d63a6eb698992d530ddeeaa56781edf5946879af05085ec7b63fa5222180921812a43d92f9e10f44460fc0f375f73bd9263e5b

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
79dba67ba1dc736b362771557fd5c18b

SHA1
914bf2215b616e0e7d84363f1c652e84ae947334

SHA256
cc9a8fb2640f94a419c256b8d17f7e6941eef2879db359b4d97c0461dce4246c

SHA512
6f11d64c1c0ec3edaa2da6cc4ea5e6bddb958220bf399b3b80e3f5c4c3ed4791ea79cff4611a21f6fc6b16b3ef83fb5f1f91ddc8709eb183916167a00b2cd21f

Download Submit
\??\Volume{47f73939-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{331fbbe0-a5dc-488b-a54a-a3f54f6b69b1}_OnDiskSnapshotProp

Filesize
6KB

MD5
d5685d66fcddd3bf9540a4fc67c7a45d

SHA1
5927afcad002197582211b6b67e621aee08383ca

SHA256
1d75f82dcf0aea5e27fd031124df6fa9507359f7794d3fb5a58ea4b188a61bf9

SHA512
967bbaeca1aebc3cff1a2f05409cec85887b2b137d9ded41bd92a75b6884c6a01270e618bf07c32de45f8ff82c3fc29cc878edcdce17bbe39468b27f896877d6

Download Submit
memory/1256-2473-0x00007FF61E2A0000-0x00007FF61E524000-memory.dmp

Filesize
2.5MB

Download
memory/1256-2472-0x00007FFAD10B0000-0x00007FFAD15F1000-memory.dmp

Filesize
5.3MB

Download
memory/1256-2471-0x00007FFAD2250000-0x00007FFAD3E2E000-memory.dmp

Filesize
27.9MB

Download
memory/1256-2493-0x00007FFAD2250000-0x00007FFAD3E2E000-memory.dmp

Filesize
27.9MB

Download
memory/1256-2501-0x00007FF61E2A0000-0x00007FF61E524000-memory.dmp

Filesize
2.5MB

Download
memory/1256-2508-0x000001F0DEE50000-0x000001F0DEE60000-memory.dmp

Filesize
64KB

Download
memory/1256-2553-0x000001F0DEE50000-0x000001F0DEE60000-memory.dmp

Filesize
64KB

Download
memory/3428-4195-0x000000002AA00000-0x000000002AA24000-memory.dmp

Filesize
144KB

Download
memory/3624-3288-0x0000025860E90000-0x0000025860EA0000-memory.dmp

Filesize
64KB

Download
memory/3624-3278-0x000002585D570000-0x000002585D580000-memory.dmp

Filesize
64KB

Download
memory/3624-3284-0x000002585D5D0000-0x000002585D5E0000-memory.dmp

Filesize
64KB

Download
memory/3624-3283-0x000002585D5C0000-0x000002585D5D0000-memory.dmp

Filesize
64KB

Download
memory/3624-3286-0x0000025860E60000-0x0000025860E70000-memory.dmp

Filesize
64KB

Download
memory/3624-3327-0x0000025861490000-0x00000258614A0000-memory.dmp

Filesize
64KB

Download
memory/3624-3291-0x0000025860EC0000-0x0000025860ED0000-memory.dmp

Filesize
64KB

Download
memory/3624-3282-0x000002585D5B0000-0x000002585D5C0000-memory.dmp

Filesize
64KB

Download
memory/3624-3277-0x000002585A360000-0x000002585A370000-memory.dmp

Filesize
64KB

Download
memory/3624-3275-0x000002585A340000-0x000002585A350000-memory.dmp

Filesize
64KB

Download
memory/3624-3276-0x000002585A350000-0x000002585A360000-memory.dmp

Filesize
64KB

Download
memory/3624-3272-0x000002585A310000-0x000002585A320000-memory.dmp

Filesize
64KB

Download
memory/3624-3271-0x0000025858090000-0x00000258580A0000-memory.dmp

Filesize
64KB

Download
memory/3624-3270-0x0000025858080000-0x0000025858090000-memory.dmp

Filesize
64KB

Download
memory/3624-3252-0x0000025857F70000-0x0000025857F80000-memory.dmp

Filesize
64KB

Download
memory/3624-3394-0x0000025861470000-0x0000025861480000-memory.dmp

Filesize
64KB

Download
memory/3624-3395-0x0000025861480000-0x0000025861490000-memory.dmp

Filesize
64KB

Download
memory/3624-3396-0x0000025861490000-0x00000258614A0000-memory.dmp

Filesize
64KB

Download
memory/3624-3393-0x0000025860EC0000-0x0000025860ED0000-memory.dmp

Filesize
64KB

Download
memory/3624-3392-0x0000025860EB0000-0x0000025860EC0000-memory.dmp

Filesize
64KB

Download
memory/3624-3391-0x0000025860EA0000-0x0000025860EB0000-memory.dmp

Filesize
64KB

Download
memory/3624-2829-0x0000025857F70000-0x0000025857F80000-memory.dmp

Filesize
64KB

Download
memory/3624-2817-0x00007FFAD2250000-0x00007FFAD3E2E000-memory.dmp

Filesize
27.9MB

Download
memory/3624-2818-0x00007FF61E2A0000-0x00007FF61E524000-memory.dmp

Filesize
2.5MB

Download
memory/3624-2819-0x00007FFAD1680000-0x00007FFAD1BC1000-memory.dmp

Filesize
5.3MB

Download
memory/3624-3292-0x0000025861470000-0x0000025861480000-memory.dmp

Filesize
64KB

Download
memory/3624-3390-0x0000025860E90000-0x0000025860EA0000-memory.dmp

Filesize
64KB

Download
memory/3624-3389-0x0000025860E80000-0x0000025860E90000-memory.dmp

Filesize
64KB

Download
memory/3624-3273-0x000002585A320000-0x000002585A330000-memory.dmp

Filesize
64KB

Download
memory/3624-3274-0x000002585A330000-0x000002585A340000-memory.dmp

Filesize
64KB

Download
memory/3624-3285-0x0000025860E50000-0x0000025860E60000-memory.dmp

Filesize
64KB

Download
memory/3624-3279-0x000002585D580000-0x000002585D590000-memory.dmp

Filesize
64KB

Download
memory/3624-3293-0x0000025861480000-0x0000025861490000-memory.dmp

Filesize
64KB

Download
memory/3624-3294-0x0000025861490000-0x00000258614A0000-memory.dmp

Filesize
64KB

Download
memory/3624-3290-0x0000025860EB0000-0x0000025860EC0000-memory.dmp

Filesize
64KB

Download
memory/3624-3289-0x0000025860EA0000-0x0000025860EB0000-memory.dmp

Filesize
64KB

Download
memory/3624-3287-0x0000025860E80000-0x0000025860E90000-memory.dmp

Filesize
64KB

Download
memory/3624-3281-0x000002585D5A0000-0x000002585D5B0000-memory.dmp

Filesize
64KB

Download
memory/3624-3280-0x000002585D590000-0x000002585D5A0000-memory.dmp

Filesize
64KB

Download
memory/4776-4200-0x000000002AA00000-0x000000002AA24000-memory.dmp

Filesize
144KB

Download
memory/5292-2735-0x000001FC8F7F0000-0x000001FC8F800000-memory.dmp

Filesize
64KB

Download
memory/5292-2692-0x00007FFAD2250000-0x00007FFAD3E2E000-memory.dmp

Filesize
27.9MB

Download
memory/5292-2717-0x00007FFAD2250000-0x00007FFAD3E2E000-memory.dmp

Filesize
27.9MB

Download
memory/5292-3397-0x000001FC8F7F0000-0x000001FC8F800000-memory.dmp

Filesize
64KB

Download
memory/5292-2726-0x00007FF61E2A0000-0x00007FF61E524000-memory.dmp

Filesize
2.5MB

Download
memory/5292-2690-0x00007FFAD1680000-0x00007FFAD1BC1000-memory.dmp

Filesize
5.3MB

Download
memory/5292-3251-0x000001FC8F7F0000-0x000001FC8F800000-memory.dmp

Filesize
64KB

Download
memory/5292-2691-0x00007FF61E2A0000-0x00007FF61E524000-memory.dmp

Filesize
2.5MB

Download
memory/5680-2938-0x00007FF61E2A0000-0x00007FF61E524000-memory.dmp

Filesize
2.5MB

Download
memory/5680-2939-0x00007FFAD1680000-0x00007FFAD1BC1000-memory.dmp

Filesize
5.3MB

Download
memory/5680-2937-0x00007FFAD2250000-0x00007FFAD3E2E000-memory.dmp

Filesize
27.9MB

Download
memory/5680-2947-0x0000021EC73E0000-0x0000021EC73F0000-memory.dmp

Filesize
64KB

Download
memory/5680-2996-0x0000021EC73E0000-0x0000021EC73F0000-memory.dmp

Filesize
64KB

Download