discordrat | a776251598a04f95638c0dcd878a01bec871043aea05e59f2b43aa7013f3549b

Analysis

max time kernel
986s
max time network
982s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-08-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

61fdddfef03616cc0bb43d2534d216ba
SHA1

ad9a340edc40a4c30a757b54a1817db7544d61fd
SHA256

a776251598a04f95638c0dcd878a01bec871043aea05e59f2b43aa7013f3549b
SHA512

91a6c6986e8488d592b8621389eb95abf7dbfd2789d4cfd1343c4ae0dfc1502b8319fa24385f8e042ceb306e0e3141d5dd63ca5274de1b2918e40b9b5de6694b
SSDEEP

1536:K2WjO8XeEXF15P7v88wbjNrfxCXhRoKV6+V+PPIC:KZb5PDwbjNrmAE+3IC

Score

10^/10

discordrat credential_access defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
https://discord.com/api/webhooks/1268956443017478144/qXtQPqPq0lNYWEP6kL-SgCUSDgKk0-oAw47o-nRhBdJiBKnPwUEI7GkpOsrdi8-7DIoj
server_id
1268956309605060639

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

T1102

flow	ioc
393	discord.com
452	discord.com
74	discord.com
76	discord.com
375	discord.com
383	discord.com
389	discord.com
404	discord.com
75	discord.com
130	discord.com
368	discord.com
390	discord.com
392	discord.com
360	discord.com
372	discord.com
402	discord.com
73	discord.com
128	discord.com
391	discord.com
439	discord.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	SearchProtocolHost.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	SearchIndexer.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d18374f4e4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000376dc1df95f219488a1a9409c266b7aa00000000020000000000106600000001000020000000bce8a83f481f7be62b2d9a1215ae2dc44d667cd482767e95ea31c3f348687526000000000e8000000002000020000000d2ff1daf469785fbb16c38473dcea40fd5a4ed6d03959df69d735856a28e46be20000000a4c2d561b2fd06120370bed5cb42b538b055c175aedb3b4514e201c2e3fbee87400000005721f813827a6cb8ed7d0d0dd40d2e913e8fb0d45f0800bba07f27865150657b8b95bca477191a5a3bbb7d0a15360b9f114b4592635a43b10fd2fd53c5e83e43	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FF85DC1-50E7-11EF-ABE2-4A72145DDB9E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000376dc1df95f219488a1a9409c266b7aa000000000200000000001066000000010000200000000a01301f1fc7917157226fa81367799494c16cb36c03e86568d83284082f71c5000000000e8000000002000020000000237762bcae9fcf6455c88e5dac0048d8af1afd5a1922de7f9b8040bf6ae0c741200000000b2403e22ccd7263838365f34f26ba64255fb953668af165d3fb0562835f888940000000fb13f72b10f12c3481325473c1a1cce2165c8173e8de13622833f11029f14197f60a484ff122027369e2643d950e0fcf5bd3b328043d9cec5111fdd1215f0dcd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0417d74f4e4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\system32\drivers\tcpip.sys,-10100 = "Internet Protocol Version 4 (TCP/IPv4)"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\system32\drivers\mslldp.sys,-211 = "Microsoft LLDP Protocol Driver"	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice\Hash = "Aj2GTFi0QIs="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\system32\lltdres.dll,-3 = "Allows this PC to be discovered and located on the network."	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice\Hash = "+62Ocurg9CU="	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%systemroot%\system32\srvsvc.dll,-109 = "File and Printer Sharing for Microsoft Networks"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\System32\drivers\ndisimplatform.sys,-500 = "Provides a platform for network adapter load balancing and fail-over."	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000280b1ea9f4e4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.3gpp = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%windir%\System32\drivers\pacer.sys,-100 = "Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004ee86eaff4e4da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b09605b0f4e4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice\ProgId = "AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\system32\drivers\tcpip.sys,-10101 = "Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000224e3aacf4e4da01	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jfif = "1"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%systemroot%\system32\srvsvc.dll,-110 = "Allows other computers to access resources on your computer using a Microsoft network."	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.html = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Extensions\ContractId\Windows.Protocol\PackageId	CastSrv.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
624	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4180	Process not Found
5680	Process not Found
4384	Process not Found
4768	Process not Found
4196	Process not Found
2076	Process not Found
5580	Process not Found
1016	Process not Found
5148	Process not Found
5908	Process not Found
5888	Process not Found
5900	Process not Found
5920	Process not Found
5916	Process not Found
2792	Process not Found
5732	Process not Found
4472	Process not Found
2184	Process not Found
5040	Process not Found
1188	Process not Found
4280	Process not Found
4268	Process not Found
1296	Process not Found
2364	Process not Found
2324	Process not Found
392	Process not Found
3084	Process not Found
3776	Process not Found
6084	Process not Found
5712	Process not Found
1224	Process not Found
4636	Process not Found
4788	Process not Found
3100	Process not Found
1012	Process not Found
1032	Process not Found
5560	Process not Found
5044	Process not Found
5740	Process not Found
5524	Process not Found
4992	Process not Found
2268	Process not Found
2648	Process not Found
3840	Process not Found
1400	Process not Found
1300	Process not Found
1976	Process not Found
3864	Process not Found
1144	Process not Found
2240	Process not Found
1936	Process not Found
4580	Process not Found
2164	Process not Found
2032	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5044	Client-built.exe
Token: SeDebugPrivilege	1880	taskmgr.exe
Token: SeSystemProfilePrivilege	1880	taskmgr.exe
Token: SeCreateGlobalPrivilege	1880	taskmgr.exe
Token: 33	1880	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1880	taskmgr.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: 33	3176	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3176	AUDIODG.EXE
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeShutdownPrivilege	5152	svchost.exe
Token: SeCreatePagefilePrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeLoadDriverPrivilege	5152	svchost.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeShutdownPrivilege	6000	svchost.exe
Token: SeCreatePagefilePrivilege	6000	svchost.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: 33	2140	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2140	SearchIndexer.exe
Token: SeDebugPrivilege	4596	firefox.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
1332	iexplore.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe

Suspicious use of SetWindowsHookEx 36 IoCs

pid	Process
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
1332	iexplore.exe
1332	iexplore.exe
3596	IEXPLORE.EXE
3596	IEXPLORE.EXE
2456	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 2848 wrote to memory of 4596	2848	firefox.exe	78
PID 4596 wrote to memory of 4244	4596	firefox.exe	79
PID 4596 wrote to memory of 4244	4596	firefox.exe	79
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 5012	4596	firefox.exe	80
PID 4596 wrote to memory of 4152	4596	firefox.exe	81
PID 4596 wrote to memory of 4152	4596	firefox.exe	81
PID 4596 wrote to memory of 4152	4596	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5044

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1880

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnregisterRegister.vbe"
1⤵
PID:4700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.0.754238752\1420542075" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1732 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f82d328-cd6c-4f13-8a9b-78f9c13416da} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 1828 1db3f8bc058 gpu
    3⤵
    PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.1.1060468716\1353696233" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b21ac86a-4488-48d0-a812-bfa714477ed0} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 2184 1db34671058 socket
    3⤵
    PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.2.1175040990\595932438" -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2748 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c051b020-17d3-4e8f-9650-da8b8b893555} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 2984 1db4379d458 tab
    3⤵
    PID:4152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.3.318941077\1460581403" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dd1fe1a-169d-4826-997d-260fb4ff4d36} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3500 1db34661f58 tab
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.4.142255099\92068544" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3628 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {742cffcd-bd49-4ad4-b645-f6a387e691e7} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3668 1db446df658 tab
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.5.848442237\1013721421" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c2aed5d-b77d-417b-bef7-2fbb66a9daca} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 4880 1db45d06c58 tab
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.6.1998439527\1951450733" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdd32554-2687-4934-8008-eb9f83a5f801} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5012 1db46334258 tab
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.7.149032216\1743052946" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3edc5d-eff3-42fd-8ca6-1ceb014e19a8} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5212 1db46334858 tab
    3⤵
    PID:3800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.8.1860036901\222206896" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5648 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11e2dde9-14e8-4404-95df-e5aff71b21bd} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5688 1db47bde558 tab
    3⤵
    PID:5000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.9.692244649\996099291" -parentBuildID 20221007134813 -prefsHandle 2896 -prefMapHandle 2968 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47348c90-6711-40c3-9c87-8e001ca1afc5} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 2644 1db45d4cb58 rdd
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.10.724189268\1521179997" -childID 8 -isForBrowser -prefsHandle 5508 -prefMapHandle 5608 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bb88dd1-6af7-4131-9d70-037cab64e934} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5616 1db477cbb58 tab
    3⤵
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.11.1984688281\589476650" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5944 -prefMapHandle 5948 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b025310-5146-44d2-aca9-3985ba27efa6} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5956 1db41fb4e58 utility
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.12.2044079381\1857572100" -childID 9 -isForBrowser -prefsHandle 4464 -prefMapHandle 2668 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16967e2-fee6-437d-b753-976f562df902} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 6724 1db487da558 tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.13.1824024296\152031835" -childID 10 -isForBrowser -prefsHandle 6732 -prefMapHandle 4468 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e21dcb27-1dfa-4a4d-957e-f9b22758db97} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 6824 1db4926c758 tab
    3⤵
    PID:1148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.14.1063886775\179603110" -childID 11 -isForBrowser -prefsHandle 3948 -prefMapHandle 520 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb7f95b2-2762-4ccd-9665-50d8a95aef14} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5764 1db47568e58 tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.15.1199632500\1171677137" -childID 12 -isForBrowser -prefsHandle 7224 -prefMapHandle 2644 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec371126-d5e7-4c8e-b54e-0b94d0cb9a55} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 7216 1db47f06d58 tab
    3⤵
    PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.16.1452012929\1924674799" -childID 13 -isForBrowser -prefsHandle 10940 -prefMapHandle 10944 -prefsLen 27517 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90f402cc-8934-40a9-b2c8-bffbc109745b} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10932 1db4926d658 tab
    3⤵
    PID:780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.17.1207760993\92774982" -childID 14 -isForBrowser -prefsHandle 9924 -prefMapHandle 11012 -prefsLen 27526 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fe0eb9-f2e4-4344-ad37-d4b8e6cad4a2} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 4480 1db45e06858 tab
    3⤵
    PID:4756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3176

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:616

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:2096

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:868

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:5152

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5216

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5452

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5488

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" netconnections
1⤵
- Modifies registry class
PID:5888

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
1⤵
- Modifies data under HKEY_USERS
PID:5948

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6000

C:\Windows\System32\CastSrv.exe
C:\Windows\System32\CastSrv.exe CCastServerControlInteractiveUser -Embedding
1⤵
- Modifies registry class
PID:5572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4112

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\ResolveUndo.gif
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1332
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1332 CREDAT:82945 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3596

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2140
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:6028
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 688 692 700 8192 696
  2⤵
  - Modifies data under HKEY_USERS
  PID:4548

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a45855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1996

Filesize
8KB

MD5
efa1d119e7536a35d481e7ed7939963b

SHA1
cb194475b3dc167eaacfa471eed2e9352c9ba2e5

SHA256
77a9833b18251e30e914b9b96b8b19a4351cd98eded84e477b5fb3317c353126

SHA512
a032f520a5201acb7b93c8718123fdde1f9487a3d29e8229663c9c169cb3029387f9b71094555f2584ab5420fc673207c7105270fa28269e0e5212abfb593aaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21385

Filesize
16KB

MD5
bb310f943ae3c24c84d23515cc1a6c40

SHA1
2d8edfaf711abbba5beae2e6f54e3a449c35efa7

SHA256
306adfae580821930455245dc6408b8dcd8955b79e4f2c567ecda3c4815b6d36

SHA512
8dc2fd1a1e8d4a2eb5499f621843bead63bf223e840ee6c4fec377ee1f524524abe8ae733c2c04bb2db0a2e17b565f6fa7727e736f6bf0dc02471a281b812b64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3017

Filesize
8KB

MD5
b8c78708e506738abc65f53ee4a0867a

SHA1
cacc1f62d95e6a53be69ba858114d1cfb610f4f8

SHA256
1bb0954634ed790a131709ffd438bb502876f54d3fae3331bc53a88bb46e17c2

SHA512
72a38491232eaf9d119e6c94ab7a3c9dee5ce61e2053e4c1c2f3194c1d640a17ccfa6a343bb0148315986b4cc86ee766705565bc36e84a11687270d91711fdfe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6840

Filesize
7KB

MD5
170a669c02498f4329b25478abb372c7

SHA1
969572e661e260afb4cb6634bd8bbf60575f33b3

SHA256
b749ee1c79c72b5c770e032afe7dfd2e49ef50b1c7a22cab409ba2c04edf36ab

SHA512
19b8ac22a7ce9d3ccc3beb56565970fa5a8f8c4a18af3eebd83f134e19ef11cdc1b9d6798fd1f77ff861f74e249820922fd147e64686fe4bd5784e102f8e8bee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6976

Filesize
9KB

MD5
92b12c0f1ccf2ddd78c3d7808e2ddd21

SHA1
df23bbefbbb4b35c5fa5065d37cf1e397ec580d4

SHA256
6d1942e762fdb6dd20ae93283387e6364897f584859188149be68f622cb48539

SHA512
a6f143e6e263c151b880c5481a46b7eb3eeb94fc32591a65c90acb8962d0a6df8e48118a35d3120d06672f197a6f3eaca1b2b196522168f878d33d13a0894c43

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7200

Filesize
8KB

MD5
4dc666aa9bbb3bdfa8b1c0c62097b1ba

SHA1
34e6588940497961769746225855e5fd813262dc

SHA256
b78326793c759c37d3ec83ad7d52c6bd966f4d915f81676333c1f778150cd463

SHA512
3717b4edbeace4811a94a2d6b0dc6c869defd51531830686fca276274253e51d42085ebb0e625836831d7de346b11d6261bda797caecdf059bd32a8c5e43068f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64

Filesize
59KB

MD5
c9dd74bd6a4079e2c8d0a9f562d8f56d

SHA1
a810712a17ffcf382bea39cb7c88f2196a4a1e2f

SHA256
4c1af3a36232ebee187f0a0b11520037cf1dba57056284af95b42f05efad398e

SHA512
bf6d720c3b0600b6e003364b550007ce376f163d8280024ee1c22c3dd640d335090e92ecffd110f5c4022a145c7dadb2d821dddd5493e3cadffd1faa5f81ee53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
f76a4b800938b7fa9733f6aec637e773

SHA1
c50498b0334a7e5a71526357b3860eed975691f6

SHA256
4e1bb5283069130258ec6185b6ab8fbf32b5d183e6c91e3b3a4eacb263ca617e

SHA512
d4c118e469a57a7f16cce1cf93804746797adcd0cc0c531942d98863dde06b82b24fa8b673d191e1f02a0fb8736a9dbf9768ef7ae5cf0e56b6c2f4bb445d3c4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E6FADCFACF36C53AA4585C727B6DE1070FA6F583

Filesize
154KB

MD5
a6868112d26332bfd25f0377017d5bb1

SHA1
b6f66b8ce9eab1e1f36359083c95824e17b091d3

SHA256
691896b4ac5a7d7376eecbe98371b82dfa7539d167ba2571a7570dfd75c4183a

SHA512
99e8eea2447be86ef99370fae69ba4f3be46f56686d8e8911d45775ae8e7f863197b6f62bcb5afec79f99217b129b12957fd5bd474d54b7ebe7ca68613e23935

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\1BVGGeNVfauqR5szYPmqOg==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\auFXDdxedXF8QTyoQmMaSg==.ico

Filesize
609B

MD5
6e62ae713951b6193d202ddc3d2152cf

SHA1
abf75bd80bd84ed39792adf69dddb5a8b3b84bb4

SHA256
e5dc5320473de19e5255f32d0f9f352fcc23a03c254e82511999deac249d91cd

SHA512
8dff4541bb496449c0c0e93a1c60108dff8e8f7cea437b8027ce51bc22881a687597c511df4c32cabdd1c165aeb46b89c410e58563e18c449e84eddbbfa8725b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
da38e298b2a0995218063accfe7f7552

SHA1
2588c176dffef33056a92d73264a19e1c757de96

SHA256
468c6e1534455e5d44490bb85a33533ff3ac47a3511770016d856f60e11ead37

SHA512
e3fe726e769236fffa907fd8df70bdd417834ae35c9390d5c7b8af5f11d1be86cf125b174158f323f170a9e854b9f294a9046e1e85f29e9d7af646b3e1ebc76a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
35bcd0339c1d7c5723b940a8e784988e

SHA1
26159283b7ad5362e4ea0d9be3591b6165a0933b

SHA256
26d4e913be8540524db700e2a49906de306653a9b55580ac1fcfb8fff32d2174

SHA512
8d1ee7d7981de086dc537af0b4002a9959b7fb21d16db1cd913eb628bff854b216ca63f2653c00b580696b0a569b3a89376d7fcbbf4670ccc404c0605dfacdbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
723b4b6f1d045a716b2e46ea394f5a81

SHA1
f4abed699d397c40c68eea5c5109cbaf0f80a09a

SHA256
cd86e0eeb398fd279f3943b6dc09db57956b0d01af4f395058d88cc7d0442cd3

SHA512
82137b1528e1cc9f551f796bb07667141c2a9dfc5da7b14b6f031fed8c7b94bf1a8a30231150bed196c37e2f8b55adadf6381a063300673c1662468b8da66e7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
f16df850963126a291428fbcec109853

SHA1
75466fb293ce6b1344b90d4d05084cc84a0e8664

SHA256
068c8cf30ee88dfaef88e3577ce5f32f51ca741318382b5cd39f180a7460477c

SHA512
a51a369a5addcbc4f8df1b321cf90aa12814f513e7342b4268dc3524e8c567b07f512726372272f1a1e371fffe87bb1be53c2092b2bd468ff9d66f165b58c8bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\6ac78461-aa31-42d4-9e85-874144f7a644

Filesize
10KB

MD5
d01cafefa0506421017bcee2895fa849

SHA1
17092fb68dbb2e007daead666d94d7b73a7723fc

SHA256
0bbdddbcf1c6986704449bf478216ceca1894b657390fbaaf70d9db2f7ed6fb0

SHA512
3b3e7d2bad2bcee52341d42b0203eef36b264086653941cde1b6347b85b5bf2a39d295708e57bf944e43c365a91ed219ed77cf77292f55946c26f537bcabd949

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\6cbf03d2-53a8-4031-b525-0d8681d72fb8

Filesize
1KB

MD5
759e5e7307b7e17fb5f182e06dce9cf5

SHA1
f4f528e20f1955b50bf42f58e326548930bba49c

SHA256
b755c073095a9103952be58bdf6034962736599585efdf1dd9dad13676309208

SHA512
df5f1ee3d5f2419521e01ca6e4dbbbf99c1b2598cd945a068e66b576fa9fee9ca818997d2a019c8e1f72fe786d2e236ece72cad1962da3e917e9c02d20da0b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\725b1d5a-a5c6-4fd5-96f0-654f6393ef27

Filesize
746B

MD5
67d6b5d5ee1af9fa8f7001ebb5c9190c

SHA1
26290d7e7af039c189423e121ca0f46e72218a22

SHA256
5fd518888dac83f5a2deba673b7d84c8338abd1c8f4482eac94fc393c9eff7c7

SHA512
777266380e7528a190f82de572d46da2cf0e119e7309f866954b39a6785a0fa692adfe5ddcd7a148c28e69d6f098af494d5e848eb8bcccbd19f4ddef24709443

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\99aae04d-6bbd-4599-bc01-dd81c70d0510

Filesize
856B

MD5
ae1c89ae40d778b3a5c6d62336ac82bb

SHA1
cd10db8b1a508d1e1f04b8b7de224b1dbc4c41b4

SHA256
3519f93fbed7ebd9a8c59d7181309cf88d589343ec9bb5bd47a8a89b113dcb22

SHA512
5f7f17daa5eb2886c1ac3e02567b2b65379414e37da7268a2563bfc3917e2fe0d95003b64db0bb25da24446cd30051d9a27fb23a9d578e0896a8ccd910a26083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d9c597f7-2666-4142-b5cf-5656329c466b

Filesize
774B

MD5
7c15a901812c0b77240edd12a74382e8

SHA1
301125e867e616adedf9fba036eabf7918aa9053

SHA256
9b7b5cf706cfbc8f44f680e980e6dbda3a4b2a9649712351956a10bf99f4cd72

SHA512
ffd88883fb30ca0baeef6a40080b77621af29c8bfa5560c998b2055b83f1fc7e98b2c937cc227dd81b8189a0ca4d6778a51472e51674d0e67641cc2b78c33a25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f331f2dd-afcd-4928-bb52-6362568f7257

Filesize
1KB

MD5
0def36a072f53a45d2ecb954fd7472b0

SHA1
e58aedfb7694d5187284d294d3a31f230034164a

SHA256
005abb902beb9c51524b95c4301c52ac40df83e1cb232683a57914f9f8962891

SHA512
811608b0643ba0b2fefbac4c984fdad4af5054e5337d856a61bb92eeda5a98e3dcf93488899c9f9a78a51174836de121aeaa40c4d4a293a84415888f0c5c0bea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
8bc0323df5c48c5dc7dc501aa02ac029

SHA1
35e5f3dda64028c2439e73ca04dbb590b0c2b87e

SHA256
5ee37cbc3859c5ac155b29ba206e4f16d9b219f97462789dcfbfee6449d7e818

SHA512
1b1b7df9eb7021e87f7d6397d940208b69bbd551e08774f99f36aa6c27eea99ef723c9afd328ee0066fb8c3df60d423ae60804c5d4b709429646bc51380595c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
6d6a64a386627d38bbc85f5492822a24

SHA1
68863c7eb6e244ccd6a69d961f5f5501675d9b1f

SHA256
b0cecc8b032f8c3ded5e34abc132e926aba91729b82aa0d09a932f5fd14e28db

SHA512
92e7267a303df08758c7f8a258940462292b7de4b0f10a56ec345e8987542083d294c4b9c15d11504729f0c8f7cc7874c357bb7b196360202a9cf9178826d4fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
da635af477b53b6e85284a225c41d760

SHA1
3480c78aa84941421258cc6d9d87c7abdbf5fabb

SHA256
572e4ae6959d1ff52d5ab5d11d46c929ef35a97f10d0ed95c5d2f4ba982450a5

SHA512
0d6e777c12d8269fb90460e94aa05204a9c62ded298fb232d172555c4a12170c79ccf9559f3af72a348beaf6c0761a670f95a8d5665191ec00e4a3f22c136892

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
a10059d68b570472eb770c0e39f47172

SHA1
6ba4ea0b5866f7ccc052e4cae671f01a084bddf6

SHA256
e53974f50dbe2c25f49a29bf939477c39c2e400d861dcb3c241c3edaa0e4092d

SHA512
b6b7e2e5ad90d6bf6822f9a3a82dd8d3d1edb2871f412e6eec5a42d8883439d9e5d3ccd8f4bb1a92787fac40111b166fe447c4d4bb371b25827215c2d030afef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
7KB

MD5
1fa946ebfca8a4f518908dda047ccea3

SHA1
5d63d0fd89fca910cfe147342d7b7689c60bd119

SHA256
19a15e16a850ec0def2d0da5c3ba942d1590fa41ab786a67cfbbef6b0d75ecd8

SHA512
08ed44ca4d56e81fe96a3bb425d58ca6cdfbee28e45edcb4df863c68761f44b53f03640a89298e09ec108718aa16728c85de0fa2d9e987df9adcc7f8f0ee2f09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
b26be070ae21a807aaadbd27f8867774

SHA1
724fbc0bc3da5eb860fc0a7422f9ed2b4cc03e4d

SHA256
d99b173787aea2f0a70e1fe98f47f66ea3d31585601fea8f0aedbd6f996fbc00

SHA512
8707b4e8fdf96b42e3775d629acf41089ae087b43e80e3c746ddc83ae37ce92c5defcd3d13fa6a882cde166f27204ef33205ce2ac55fa1f855b49ecfcadbceae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e475f4d2fbaf32bacbec1d8a8becb3ee

SHA1
a2d6316f0c55d32a6b8d7ef641a3b83488c60a89

SHA256
3a5bf11ea515e750ada757a42ffea7b217f9cf513e2dfd152e8af39a32aa1d6f

SHA512
02adbd2ce84ae204e319b4f700e1b567f058abab2c2bd7ad78b0bec78e2d09769563adb1d79e168eb0bcfe4345417032cd05df21ed6611f527dd4daba30d55cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
184cd39d18cf9a50d2472b29f16d97e8

SHA1
57ae5cc1cc326d57df3ffa60cc9b901f9a51328b

SHA256
ecce002dcde10601ae2093d0f73cac5bc440b7c4b47059693f1b8fcfbdce91c9

SHA512
a92ffe328dc5b22930aaefa598148d83c124f452538e5d7fce314fcc5fcbd9b5b0475a6b87c24edbdb7f4dbd3e4f48625d1adf097a3fca5b77409d894245e266

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
3ea1d568000a671d2c98442419e95757

SHA1
e63049dd44e7d33b7957a6bc2732684482340802

SHA256
357bd17f6e1e1b2f45914c70427e4163666e34e7a708a62e18892d4bed1bcbe6

SHA512
92ed646bb00866465e6177ce2a4663d4770550d7ee120514a919cd1a1aca84a40c61d9db5af6c989df8fcce20ce13e1b7dd5a4da11192784f3707db45e45f4c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
902b2c5b43415df44e6e9ecda156c09f

SHA1
3399532ba7f3e57a3210ac27b25452db52db91bc

SHA256
98a268cb474810d41a7c77a742449e41c1ac08341a46f4e1b2ae7a94440cf72c

SHA512
c81d4a5a58f4d036a1003b8c2c0f7d2ed00bdd2acd3fc65fa220d8908d71bdb7ff620b4d5c49ed2b8a39814dd915c882025931c57ac0b6f235bbdb1f4edbc90a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
9cf185513092940ce226b9d0dba0fd6e

SHA1
3d127e9df5be48741ff683c6862ec849ed32b667

SHA256
50194b86224e2ee5f548d543b26810638eaa90e872b1328f44a04f4305821475

SHA512
cffacb3b71a2000817c893d2e2c565a5c8c4418b662efc9eb1fa38b4feb4edfd5719cf56428cf03a2d6a0bdc4a200f6b019c1668fe08c1be5de4bae2a6428cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
aa200c1e7caab635199c01e9c315a3ee

SHA1
8a38f285faadfa30cd30e2596125dbb04450cd14

SHA256
470c0391fd6fd88fef5b3c03ce8573b3caef2e8c4419d0b3454da7d922dc5d18

SHA512
7ebc510d8455970bf78a84e71bb3f0ade2160d030df316cf756797ca5614bfcdf04d51fbcaf4644db70cdc00da34758a569dc62c022deed1b2c068a39528e60f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e315dcd3634c7d6bb6ef496681a8d097

SHA1
8eb137856e3ff7946569d5051efcbcde726d2b23

SHA256
aeaba69b513b8292c30f7745bc56d4c7b3253ef4a789eb509dc604db104b0789

SHA512
38891623497f7d5737a306367ca61a79d71d0c96a90907052a9fbeb7cdd4d53aff290da0cced9f3c7d29e003867544b0e4fc1308c298d26bc21e8599ffaf8ddd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
c3d80caf1ea15fc3e5e6f90b4a15df4b

SHA1
c31dc77f593bcd7e71139cda2f039855d764c69d

SHA256
cd03463d90bdde79f04386bb1150e2dae3ddf8278dece93b69e8c25df9a287dc

SHA512
65bcdf32d8624b9d86176d13569502a2433e5b23b27c93ec4b63d0808756e2a10f6d01b177ae308994cfc4134cc7aa323e0e2e49917ffa23051eebc56af2b4b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
e49d85ff466e0da61231d8b6d885c1d4

SHA1
4bb307059abebda4776a8e0783fb45f3420748d4

SHA256
1accaa5a57564a0a4f9c5ec9bbb240721e6b95aeaad4bf2b6a218a11fa222162

SHA512
3e56e4342b5b100804cbc0ae7a06c62768792f1bf3452e92fa92b906f803882d744d3e9f78474f3c9228de161621a153af641ebc7d2f9f718b27ef3334e3618e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
23d522b5e300aadf693d120891568055

SHA1
f768ee31d0b722107dcb634b85c28871c14c912c

SHA256
353a6970399201f1faf486cc97464af5303fc856eb348608c92a688230bf2f21

SHA512
ed9c9c24caa775ba6108f7e4cdf29ec3b1ffaf121ecd591e207c45d66b3cb2979c970e559af02240821bb42ec76e5b266cc189c51680bd2ec469678aa2a101d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
b1c69f05b6d4a1d71d081a89c53abf17

SHA1
0237dd833a74570ff67a9f865718775886d0ab22

SHA256
af2b6d7baa097bb077fa682521e29b428ae455be833eaaf02350d0fe2b308631

SHA512
3f0841049b0b493efb062099f53a4f99c4a27f2f855e19751b104a99feccaea04d6d5c2d48e3607d7f9832b6036490b4279dfa6dbc024c0fc13a1973e2b55b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
a86b470c67c47bad7030077aba0ca9d9

SHA1
5918210f23e249fec641b981e4db4b26bbc70ec9

SHA256
0601dbf7a517fc1849950ca7a53673fcc52a7edb486af92b6d69847fe7ef6a20

SHA512
95b361f49613a18d75d0e675857330988a6c802fb74e619efa5d56f4a1e0cbd4be303f7aa27e34fa64805139c6ec85507a9b4692c10c32677621b5dec1b42385

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
f671e9e07853023cf7b90b0d5ffc9848

SHA1
21817e70c7acea91c72bb5416e1cd639abf1c533

SHA256
dd584781441eb3d79f3dc69cff5388818a8270fa7652b184af0f8daf8bd64f0e

SHA512
854f540fda2cfa96ea17e95ecffbbf78e10efd5756def720ee9f8fc489af6cd55b018b92acb7d9598a899c4fcad2ffd99913c1627e6df04efaccf84bf81c33a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
36KB

MD5
d7f7158cc7977a18572541655e4ee066

SHA1
7e442d3cedbdb2c2a467c8c90adcddf826fb113d

SHA256
c139957bfb530c0f2e6ffff960dbde2fa768996f7d8a1ccfb828198491f84d0e

SHA512
e1887b3bd2f402372096a6da6940a1f22787d50a81ed77141e979ef294d43e4456d025aaa1c469af7134e9e8ed2794f0cbe65919f83c6a80a9eeee51cb40e9a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
58KB

MD5
f76b8a1ae599f06282f74c36c4a9f8c0

SHA1
61c44eec016692546445f9b728c26273d4aebc04

SHA256
06245142b8a69a41d563463e489a84e0de1bd0a5e5b44a053d82290bd8b4a790

SHA512
fc7f46eaee42e99a98e4902a14e02c76a51d2699f4051aeeeee8320addf48ef2d360df535422aa9bc13f227e4a7c3daa78773a11a1bd74aa05bfd4d84210deb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
58KB

MD5
51809ac4ed9ff4f5e3544ef5e483dc42

SHA1
a4ae133677d541ed6de816baba69ce21a4143251

SHA256
ecf84adc57c16ffc546e709f60d5075216c4ed6daf817854406aabee472e9577

SHA512
a07907720ac2db25cdbbdee5cb143adc76bb0731136fbe5d1220ef1b99a6fc79fd1fdc529d51cd804df722003ba788f0bcd62836618515f79cfceea9a608b730

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
58KB

MD5
55bb794bf0ec5ecaa683e9ae2021bcba

SHA1
0f774ffdcbaf0b3ec83048318492b6db72919a8a

SHA256
da7ab2060b1972d8fcb52bc6347768473ee858d1d616615c73824369effd4173

SHA512
728b5731a0acf0803a60822c3431f9be51fad613041668bb8bc484fef03bf0f3d5f558e8576ae65cc4e4e1240fc6893b4a6ae17bd1a1e7776700662eeb4fc6ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
58KB

MD5
7ba262071c95e472c18d5c7bafe2a9cf

SHA1
ea36f92e68e01129eb1c79f76b80ccd03adca8d7

SHA256
c268f6a4e4bfa7662b4eee93692042c6890a915253568aa000d1e11dc15a8273

SHA512
542a256abf620aaa0b2b4479279b2f2c2036f04cf4cc61650890f04f881a26ba1a74018ef8776177d55ace14572666a6df46c3b1ab970b25770690d606a3764e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
58KB

MD5
853542e9c472bec813a92bad6380f74d

SHA1
dfa9978e42c746a3e868499b02b2b013765d0e9f

SHA256
be028d24643e6ac9276984babbf27f86d3f38ebed33c404501c66150d9e7dc24

SHA512
e6b53e821b7e64f0570c366ae81671fcb75eb77b1efaf2ab0fc54a8da57e38f7698a633017fd0266e8791a44abcd280bac46d483d4e8c29de2d2ff0e9d8b25ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mail.google.com\cache\morgue\10\{65ea4ff5-73e1-44c1-8cfe-89f1dd79e50a}.tmp

Filesize
111B

MD5
615d9fcb4533363b0032fb2de5ff48ef

SHA1
a36560c52fef423fe0121e3e956148d4d050549a

SHA256
b6e77896c094c201436a553220f57aef336116a0119dbf63ec1bcc196f2b4b78

SHA512
85b64d80cd61aad92e68349c6306ced6fa660e0f891cbb40a93079d9b45257a64260f808e86d936d55ebe9a4c0347b5b91458ab36339d02de776725ad7e3b364

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mail.google.com\cache\morgue\114\{a86dd2dc-38e9-4f9d-9d21-117f0827d772}.final

Filesize
44KB

MD5
74c423dfec6966cfbca43086e8cd4617

SHA1
b356d1af32784b36e0bc314b7b72f94c2295b3f8

SHA256
89b15d243f25bb39eac32ea617882b4d7fc48d9fb9766d4f2c8994763f61c5ad

SHA512
27d5b852f7a58bd5f5ee7d714b785574c5024c2e37c597afc9ab2a01a986f8baae64752abd2cd71f7a3634c24ed8bdda2fe30e6fbce46d5942f1da50bfeb77f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mail.google.com\cache\morgue\70\{a9c455d0-eb11-4e89-8664-68bfd03f5046}.tmp

Filesize
132B

MD5
8094d7c823758f6f8cb76b9b6c2a2840

SHA1
96faaa2de728a0087192511f90b3156cd8144292

SHA256
45d56f6c912091232a506e6c9c8cf63a614f99aa709979aaafde46eb59f1d073

SHA512
b1d2d783894b4fcde0a74da2d9672388eb2a5ec1b273e638c2c951482146e9cc800ff9509d216d9efe3f76ba9ee0a0c56dd2052248a0bad36ad5798e5f43c131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mail.google.com\idb\953658429glmaaviyle-ks-w.sqlite

Filesize
48KB

MD5
fd75f116c2dd5b823e5074ccfc867092

SHA1
09221f1fe0087ae8d6813a717bb17df46568f709

SHA256
e29ac9f012bb7b7fe392e5c41dee2e254454536e1e3442c9271e86a6f547185b

SHA512
d858f606784c8ee1aff3974225b2ae0557ce78e627b7c5c2d763d45902d594788e433b20a3e068df35bc562c74c029067d6dc5bbb50c08853d63225c0bb76845

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
18f314864e61ee0dc148f041620aeccf

SHA1
8da09dfc2e80496de6ff2fa660df89526ccbc04f

SHA256
c96b8c8a50056ab7e90230dc65d8df1a896fd3840010e24ddd8445e13b2ffca0

SHA512
9fb8c9ee0885733d1ec128a8f0fbbfc22e8aa2cdb052ff46488fe594555187af5529f227c7b22613ac3e504dfa6afa1c377da81d0dc57343d6c48eed41fe90f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
7f868e557b098795d645df9ea302427f

SHA1
001f3306144559b4049a8ab139b4139f51e59c0e

SHA256
b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

SHA512
56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

Download Submit
C:\Users\Admin\Downloads\AddGet.hta

Filesize
300KB

MD5
e2ed4e239e79628c24596a052d1a0db3

SHA1
9cd36b26704a73b1d9df23ce8c287b4d5cf953b0

SHA256
5b5427742eed57b2906139879895b1e54152726543357b7e4330cdf884ad0ca3

SHA512
89a68517ab89cc606ec85dc812bf5578fae1748e2959058117b4079b4767df0ef8191e42461a948f7932a2f2141ab1dfd5705139c6fc85a5dd93d3839843642a

Download Submit
C:\Users\Admin\Downloads\AddSearch.cr2

Filesize
210KB

MD5
a6e767336ab4ed9df736088987e029a9

SHA1
edf1fcabdc898c83fa2c8a27e6d5d334492f2895

SHA256
ed69245b77c6e374b89e06d5ba9c715176452dcbc2730f4f8622cff3efe9153c

SHA512
cc3c4f85501d36d628f49988c9d9096d0123c3e6cf1326092c71fa4af4cb17e0ea9589025b914c1923e682693223ede323056ce4d6a5eeb03c5dcd2e2ab59734

Download Submit
C:\Users\Admin\Downloads\CheckpointJoin.mpeg

Filesize
364KB

MD5
f0b78280eff7c402aaffca4854b87b3f

SHA1
880b6c22bda1fdfaf3410169a63487e949041957

SHA256
f2c4d9a62ddd80011a27b418cbc95528bd34b7a5f07ca0ae9c70ce4416d59ed7

SHA512
27b94acb195bee2d0c0f3d79a7ba1638895a15a218c696ad294514933ed2042f2789c9d7b31f8fe3d2a68752af4cc37c1df3c9273e694f16b6d8fe7417520047

Download Submit
C:\Users\Admin\Downloads\ClearTest.scf

Filesize
779KB

MD5
5e96d4ddda98a85de05911916155f813

SHA1
c765eab439f2d2fe5e562ce0ba1a892787938c85

SHA256
af220e7b353730386ca912c73a9802d9fb1be273687caadb907a7fb46419af59

SHA512
c8bcc2c309347d2f7b078a6f3327f813be23779c81ccae76274f6957f31b732ff209a78b9fa1996a1486a996a835c4f39c3d40b1289edb149af2cebf2792f84b

Download Submit
C:\Users\Admin\Downloads\CompressConvertTo.avi

Filesize
492KB

MD5
9f3caba3318f7ff61001228bc2aec0f2

SHA1
17259c82ed6829a9e842a79e24e99779aaf12208

SHA256
971eb40060dea6b2f976a60b7c674e1f1f4ea04e9bba655616af2bfbb228f315

SHA512
897f40433ddc6ac5e0c420c7cec426ec17ce84c0872cdd6d6b0ef9eb1a4a47dc51d71de24ad406b1ed7ce1d256a6d9679f53a386fb565ab161d5eeab2ee1ff7c

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.sFnD4Zfb.exe.part

Filesize
8KB

MD5
0d767a0aa6dba2c7d27b36d9428d4937

SHA1
0058a5c656da9bb5f9814dae06d36fd69cb23962

SHA256
b8c4a1c6752d2add46b5757ef79986ec71ae5e1f45c4199f5657043e534cb354

SHA512
00a325a33e1646bc26fd64f7ff5310fe87ee50cbfa0377a3eb630c502d6b5cd705e01cd632252bb520d17b865fa7e5b644120f057d016278ca5cddd2f35c3f8a

Download Submit
C:\Users\Admin\Downloads\EnterInstall.clr

Filesize
441KB

MD5
d80aba510803459be96f109f09c877a2

SHA1
a0eae087feef19549d9eeebe00c525472799aa74

SHA256
fe6fcacf5b4ed706dad98ed9d4724f5129f21650ad6f8ed4a17e6e0a91577047

SHA512
1514ac640017e553ce0681c8f14adfcf3c85a861748d231fb51e0c6e84fafd5e70fcfaa6db59f99d2b25837cafbaf702aa3bf546d0d688ed8d6f6dabe379c338

Download Submit
C:\Users\Admin\Downloads\LimitReset.lock

Filesize
223KB

MD5
1b741f1e55c429cea815c9d6bb054625

SHA1
a20a523c627794e892e728bb4d4708a2a3194d55

SHA256
b7248a5494fed581d0f7fa49a41fe06a0cf6413ce0e380c4919d293aef562538

SHA512
d483a60d145ce824878adea99cb4fa7849988c5d6a799c567a9bc715e424b0851094da5190dc433fe0097a57f1f7790bc075fae6b9d7f3acb12f8ab3fe1353b7

Download Submit
C:\Users\Admin\Downloads\OptimizeUpdate.vstx

Filesize
287KB

MD5
54cc4be22f621ced100071f238bac3d3

SHA1
7d1a35d2d12024b7952dcfc54e6648eefa80f8a4

SHA256
684eea907812fa430db708a71c1e74bcaf0180134fdef069e79238d82e025050

SHA512
559aae9edcfdeb1fe9c41ca05a088b7b3fca359cec1879341d40c006e3d1a315bd99a5a90e224c498ff76d7a9d958e78163e0f4e3530cda2c5c63696821809f6

Download Submit
C:\Users\Admin\Downloads\PopRename.ps1xml

Filesize
351KB

MD5
7a6fa9ca394bb8948a0bbbb431065846

SHA1
e7352b60982b53d15f83a164fc39a4d5db49f5cd

SHA256
9c0659befddd0404379609aa2452636966eaeff1219d5d9b1126a6dc8b242a30

SHA512
1109a83a1493c535191fd1b97620ff8452f7477a7ee86e95bbb147a01d943e89931cd49c90046908f6f3285ee775fd5322758f01260e7ec3eb96d2b63055c7e9

Download Submit
C:\Users\Admin\Downloads\PublishInstall.xlsx

Filesize
517KB

MD5
d03621d2b7019bea60c3917393d897aa

SHA1
b8fa7a25742da2087b2160eb851f933d14da0378

SHA256
699f5b41ffada41197f36b2ad8bf7b6945601a7bda6b8329861700e77c1b99b1

SHA512
033de9bd0a53db194743fca4058088585d951338925877420bedacd3500900cd4cb3e00311c83d12e599281118c10cc493fdba53768e0b7eec49947d447f68d5

Download Submit
C:\Users\Admin\Downloads\PushOpen.eprtx

Filesize
415KB

MD5
ec1514f9ac3236620b130fb9fc93f791

SHA1
3cd81fd1397b9bc2faf5fd8994b5e3a643e1ed63

SHA256
bf35fec2f1102a7ab5dba2fef0a7ad022fd5a2ac2595734e969b26a1272b34fe

SHA512
dfbc29c40e629bfbd8aa2d7ca75e9d906b72f2768269426fef0ecf30017a500e9c0507cd3d79fbab0c732ac73d03ec353e67f1645fcfd3a26a9ec25ade7c7051

Download Submit
C:\Users\Admin\Downloads\RedoProtect.asp

Filesize
466KB

MD5
6a58e479f15d9e351ab264b7b114453a

SHA1
a706c3c1732ba70e9951493aa74de1723155312c

SHA256
e52eb45c012032255de428952cdd61b7486f5d635dd3ca4394a7c274ee9ed3fe

SHA512
308582a3bed1c113fe15bf97be2dcaa14ff9a8bb8378be8f37ac685079a7f74711d24ebc85b56b159fc5f49cdcc8acb5178a73bf4cd8bf2ebdbf33733f76d674

Download Submit
C:\Users\Admin\Downloads\RedoStop.mhtml

Filesize
338KB

MD5
8cfbf12f67c53dad62186e2af8b34f7b

SHA1
e9b5229ea23dc404fc2b0ac2968eb6aeaebb1141

SHA256
15d6d4abc28161b9ae73a0dcbaabf7364809188cb52378d8504864f28900c03c

SHA512
6e8807498cf7371a5291a1b7cf6ad70adbe6a1ed8474c1eb4c39f38e23b224b659c77cbc3bacb07535cb2e24654afbb2eaadb278c073bfd2cb2e7c573bde4810

Download Submit
C:\Users\Admin\Downloads\RemoveConvertFrom.pptm

Filesize
453KB

MD5
07b4c424933e39d4728890a94f94dbde

SHA1
ee41b9ae0ffe6f9fb7ae843ca4f6033a4cecac6e

SHA256
f09cf9e130f906d730192e7f2121eb1fee2b9e024a8084aa1d5251637a46a540

SHA512
4cf82d7bb077b0d964e7c462efe1f4c57e94c156a805eda172c9e58a2500d4dfc42794fed87b4a83e1409b86ef8b20ec8c96800ff7f5bf8576fe056c019fc5c8

Download Submit
C:\Users\Admin\Downloads\RepairConvert.xht

Filesize
428KB

MD5
674f35a86c76325d89397582204b37a8

SHA1
f9dd7b84130c28ab1f5e2c275393c2fbb327640f

SHA256
7a272d9fb60bc409434b281504b5fbe09ea997aa527ab1f8b405a4741576cba2

SHA512
f9bada614f160ce57b1d2806c1cc81f10b7008c4889e9ca03d3aafe0bfad961cfd980b0b0c171c4212c4fde2609b3e31780b0f453a57491f733ebf64437af00e

Download Submit
C:\Users\Admin\Downloads\RepairSelect.vsx

Filesize
479KB

MD5
a3e03b30ee37089f015744456ffab8d8

SHA1
5afaad34ec1068116c9f07c49023d87cec4b033d

SHA256
c7128aa72250804f3012405b0fbe4fadebec20be85f84fe57100890fe37c155d

SHA512
72e275490520a11a9a470f9d5fff58988abd713b1f1755fb21661ba19fc13b0982a6b28cb58b7be829589c09775ba3f2f54072748788ca0539b75a88a7d5bf51

Download Submit
C:\Users\Admin\Downloads\ResizeCheckpoint.mp4

Filesize
505KB

MD5
880b5bcfc7303566fccb503c0b6f3567

SHA1
974aa1a838e1c8d9441dcb4521cea20bbe41da2d

SHA256
465a68830d232b16456da460a40e14fcf3ed184e824b4d34fae25072b3769698

SHA512
0359455ebc053c63055ed96d87114016d825edacb72f5d8da0963ac4a18e26c406a91e5cf0b010b4f7979d78bb88e3ca560a6613ed57831004513103df0e0807

Download Submit
C:\Users\Admin\Downloads\ResolveUndo.gif

Filesize
390KB

MD5
750dd48153d49c12978b46f7a8e3990c

SHA1
0781a6fef42e46c2cd9949cf8390d101c17c1a41

SHA256
5dea431a16ec2403eacaad446b56ba0c291ddd627d424c3c5f927760dba06a3e

SHA512
91b9828e236333b894b8ee8a27f3cd6d8ce4dcab99bdbb118a26c9136f64b5a427980a4d75137acb304688b93f20dd9aa568b4c3fe2679b1079ff4f861fe47cd

Download Submit
C:\Users\Admin\Downloads\RestartRevoke.ps1xml

Filesize
569KB

MD5
9d8ab78d7339590be6c5a5205fb3e6c2

SHA1
ae3c48616270870afae3a0179c583e49157d32d8

SHA256
db0e5424e8da192977e2fcf558d580a287a7baafea402a9808afecd532c8043d

SHA512
06f09ed926162161aa9c9fa1ba5fea2cb5caf0b48333d5e947d06e59693c2b8107ebd196f167ac89b6400bfd284ff4b5b6008532c325a4b6fc3e697961ce2fbb

Download Submit
C:\Users\Admin\Downloads\SelectExport.m3u

Filesize
326KB

MD5
c788b60957f265ff91559b44d081828a

SHA1
9038b99182dcbd724dd6c91ca3b84bae26d22a7d

SHA256
685fb70860a60968d2bc90b0627a97090f7b622aefaec7dd3ed2688d6aea7627

SHA512
961a1ed9e41deec678af235c9b4581e7fccc6887e804703ffea718217451b7a5e515347efe0f2572b6b7c79a22a10c50fd77b8af4f0b10cf471a968919ca489e

Download Submit
C:\Users\Admin\Downloads\ShowConfirm.vsdm

Filesize
402KB

MD5
28a009a15ceb4f317560c9a43be1654b

SHA1
38bc047596f2ab38831681eaabefa14927cb58c1

SHA256
d7fbdaca31ed525acfeebde3218db9c8e702eec4a24bd21545d40cc109fa175a

SHA512
9f9cf25f006cb10ae5d617196d92feb678c281ac34e46539aec5b4c066cff883c5f81b49dde9f776aa54b0c5fa447efb1a9a509cec0be511d183e9d6b7ebbfd1

Download Submit
C:\Users\Admin\Downloads\SkipUnblock.3gpp

Filesize
236KB

MD5
7d2dc1ae6600ca7f70c6127e55113328

SHA1
c16536ba475bc6882da17fcc58f8906fdbde31d5

SHA256
5558a4c246d949d1b64a7158e7d3976ee7d7d85284eee3b0d60244dda2e97116

SHA512
2515d3eedb02458494c5e3b07b190a69e68053650f97b5af5796dab8796326f73667370464cfb4b6f376ffe07ede483b9f7a7e36acc2dc8064813d99d397d5e0

Download Submit
C:\Users\Admin\Downloads\SplitCompare.ppt

Filesize
377KB

MD5
4ca38e154be7c8a184371b24d35663e5

SHA1
2768b9710587e9c1097930a95ba57752cd9b82df

SHA256
4e21a4b3bde8cac6df31dc60fdae7c6d133905a944e7d2bdd6dc670fe65771b5

SHA512
9b64ab37f61e36b48d23622185eea5b7cd72ce54b736b1cca7ee78821740c64f22febad159f57a20b89502919f170aea6bedcdd8e6154e7d96e88b0e5e5c8e9d

Download Submit
C:\Users\Admin\Downloads\StepConvertFrom.ram

Filesize
313KB

MD5
6a9cbf31f7334ffd29db7674071d217b

SHA1
f1964009238371c9ce4cd9ea5fa96f911f6386a9

SHA256
21801d12f2ed011703d38fb98779f5b4b16bc28c19db4fc59a853aad69769176

SHA512
8bb28ed8246dd95503d2fa0a0d3520dd7025b40b0d3a08518736b88940f460c1621e86854bebd441ed7d598ac8484295acb5dfba7c1d404a8e9e9886f84f5c10

Download Submit
C:\Users\Admin\Downloads\SwitchInstall.wmv

Filesize
556KB

MD5
fc9f71072dc67cf0cbd4979b0f550f64

SHA1
179dd0bf6367cf92d482356cd4bbae21dd3ce58b

SHA256
5e31d414a943ba18786bdb8effe648febb4f7daa1b8128649b57a13934303e06

SHA512
3df70464b48e7fcc48e13dfd0b0f5ce1b2975c251abd59bd129a31d2ea83f758318ea3ffb59f9870a8256db375266aed5e78623e78636cff29e03d4a6e874930

Download Submit
C:\Users\Admin\Downloads\TestRestart.asx

Filesize
274KB

MD5
79a34ade3ca3c156b97dab4210659dcd

SHA1
913e00a7fad82753b7760c0f1fd41ef475d3f6a5

SHA256
3dffd414b4dc50cd2d42c9d1d9fb4bda50bda4a5f6654e08d9a6a1517ce1f739

SHA512
6c0fb062d1445eb73f785e72d0d1d8d7d855403bbb7e4bc29a1f7944344d3bc4a552fa2311a8502186b467da3bc1fbea580cb9b992357918e6df21f3ee6930ab

Download Submit
C:\Users\Admin\Downloads\UnprotectUnblock.tiff

Filesize
530KB

MD5
03288056d675cbd0b47d4a5916788442

SHA1
c5967841c29e334c566dd8766c1aa14272091df9

SHA256
b760269d3913a8fba20f778c6641797ad47122dc5823d6589d30148e1bfa8f6b

SHA512
5f6e22768f029c070877ac6d60241beb47e888fe64c74c35a0a0d37d61e4d017bbef259bf6bbb472feccfec88ffcaa62a6c2f33966b0872a8ad297bec68685ea

Download Submit
C:\Users\Admin\Downloads\UnregisterStart.mpp

Filesize
543KB

MD5
f7184efdd582c584e01adf62608cf5c6

SHA1
31b712c2e0a6eef53c21f84557abee278ddf4fb1

SHA256
ef33897da267d453622936ee349e98900c845e8eb0e763847f19114f57a7efcd

SHA512
3c7dd1a348001594153f1a9f4807611ff21304cd633e40b00c0189940b36baddad946604a934b46fcbf56ebde4e956ba91116a9f520ce63acd1641964e40380a

Download Submit
C:\Users\Admin\Downloads\UpdateEdit.html

Filesize
262KB

MD5
0544e28422cd388e0f9568f6a3429528

SHA1
ae61b40820a0b1454a4190e7ea57509a8781b6f4

SHA256
db01bd5eee957bb0e2c166d7041b264ee8457f96b2f87921d8b006b1479394af

SHA512
d77546860bf86a9ad67f683c56e47c2b0a7d1bada3f3a3f7245e39dd99b59aa96ad9a4de0091fcd727267a4c1b85e4c2682b3c6edbb43e04d43e07ac48c4f009

Download Submit
C:\Users\Admin\Downloads\WatchOpen.htm

Filesize
198KB

MD5
2d368669a3a318c0be4745a1ecb72278

SHA1
2a122c875cd178993d0a3d038b2d4ef712ac0c87

SHA256
bfc584cfeea42b179c6c3343a63d1c92136502b2f04b904b35d9c1a2da21dc0f

SHA512
f81429c744f93c939534307a6ea0be03f205f680b8212b75e5fa71641ff168bb529f3fe15994fe9c08122fa5007c029c5e73e7290e752bd3c43e6bd9228bd063

Download Submit
C:\Users\Admin\Downloads\WatchTrace.pot

Filesize
249KB

MD5
7c9b7c8c0d50c4f4e673e335a229d92e

SHA1
880fa1b43377a4231b1c76c33f91b46a67ba24be

SHA256
dacda66a566cc2e8aa88a486fa01656f32ee3a3e6a56ada4cf0b3ef10fea6c39

SHA512
c48fce9fb6fd0b780d81d90f34e0558a09fafe3af6884e31dcf9b76e83c91af8698ca25d77fff5ad4f90261a03d504f92a705b6f92e02ad375f3da0107aa4ea5

Download Submit
C:\Users\Admin\Music\AddSplit.asf

Filesize
536KB

MD5
5c8f596b8bb7b3774738fa3e340e2203

SHA1
0592417ef84c013e13d8780d8b553e872ab2ccfe

SHA256
a2659c404b375193f01df1f458799f6e177ffd1712ec3e80acf362bd826aac75

SHA512
7d5820113aad2176ce96dc5a251b76cb12bceb1df81e0aab345da70fb49e8fa70a6f608aed48d4f9cd78fb7178757f73b8612d74d2eb3f63811875752a86dd23

Download Submit
C:\Users\Admin\Music\BackupConvertTo.xlsb

Filesize
744KB

MD5
b8eca51b67c51bfec091582b1920274a

SHA1
1189797ebe1da165accea756dcdd2c8ef72721d6

SHA256
420f8c7401903e5eba7b12103c7078a13ec0dcae00c5e554f9ada95acade66fd

SHA512
c39caead35df8ec2b98e48920a5f582f597edcfcdaa20ceb5344e762486c80c27e0d4d72e3c67e1d6f7aa413ee505166a6058e7e9d70e45694e61511b67dc6eb

Download Submit
C:\Users\Admin\Music\BackupSuspend.clr

Filesize
218KB

MD5
63075f413102bee199eb3c4317af3690

SHA1
222d2cb64857c20690d06e269d7eb574ed08126b

SHA256
8bd77032268701d9beac257c00857647146f0bb6bf97a265b1172935b5e33aaa

SHA512
36cc1518da8d8be34090055de8d24711763726b950bda6cfc7d2adaa2beb859ec026601f5206c636e205c7f0b8325c72693c68071e5ad2a2cc0c237c6f5abc26

Download Submit
C:\Users\Admin\Music\BlockReset.xlsx

Filesize
397KB

MD5
a483c1d50f1081b44dcc9b2d9fe0eac9

SHA1
ec90a5edec41277e40b35a4f9e987b98b89a48f2

SHA256
21b8e30bdc74d27a5acae6b3c9365a5c3375adbfa79daebe64f7ceab97efd251

SHA512
226d15efe1c4379182189312112d9582d6a4034bccfb10b64f61a29cad765aafcb5215041ffedd6d34ff7f62fb5f14b4d4638bcbcb1db425550c9399bded3e46

Download Submit
C:\Users\Admin\Music\CloseStep.mpg

Filesize
546KB

MD5
48af139a23dfa694d3d154ff2ec08be6

SHA1
41f4224f7b26e580fdeadc5b5b1171c0ef23099f

SHA256
022ffea0bd03d6ae559930d006378a9f10f41bdc73d457eff27d0d272dacef9c

SHA512
27b43980452471ebb5dec42e9ad8d93affffde05b887f614723a675ab2131a34b49c64f185f1e252a57b73386e095eaa0746635c4b1f0a78e2f66b864942bdeb

Download Submit
C:\Users\Admin\Music\ConvertSelect.gif

Filesize
297KB

MD5
ddd517f07465a4e2c564817a3e8dcca8

SHA1
66883a15cc0002ec0465f8de94e10521e3fea05f

SHA256
16985ce2600f6916dfe4b8a9f65ceb6ce1d405b1910404926e802517dbd17793

SHA512
9860b4007dbb99ee2df265a57a987d9e0a36208967092a1492069db5e3d1f5102f8183dce1d83fe521449652f1233ad4559e5412e27134a61c9b31ef4230884c

Download Submit
C:\Users\Admin\Music\DenyUpdate.rmi

Filesize
307KB

MD5
80ba48e64a7d0150bd58661b11fe9e18

SHA1
51f8700147eb717d88c0afa6b970853a350a342e

SHA256
7e49d80615d406676d02144511e77cd7a0d93c997cd287b31e73815017eafdec

SHA512
769ed087d251f59a8260f10acba738062eff01c661bac9faa3a02b48f636fed64d4d40eb761b3d97ed3ad9138fed82be4fe36f88e1622855b119cb6351ea2274

Download Submit
C:\Users\Admin\Music\DisableResume.xlsx

Filesize
277KB

MD5
159f008c728b2186f97b1a76ef26a3d4

SHA1
a51cb4a06d562ba084f94791ec1dc1eedd56f4db

SHA256
a9b05911ee2232c00efc543c43045191f67b1d1364fbf2bfe69942f8822215c8

SHA512
514e3ed5b8fc32a2c1d9c8907877fe9ab4a796d7d02276b064647f36ddc5e31d6faa1b9380428898aafa22834db6d2f73c8c66df0760c8224f71458235b2759e

Download Submit
C:\Users\Admin\Music\DisconnectHide.sys

Filesize
436KB

MD5
3619d8e12639089fbbf57fb24fce8f24

SHA1
f3172f07b1220b1aadcfffb18da3a72536d27536

SHA256
8bd6ec9244fb6185485c6a2d223e36dee54b5623430dc3934bdf90ebb66e42ed

SHA512
4f6c980e3e53d71e2693e092504767e7c49fccf4a63325a89ab32c2f98fac8cd7dc631ddc023f806ac9611b35560e628d47610b255ac6a3cc0dda85baf0b2915

Download Submit
C:\Users\Admin\Music\EnableNew.xsl

Filesize
496KB

MD5
e630ec8ddcecfda81beb35faf5ea8c9e

SHA1
5a5a91381c5abeb03f9036f79dd4708ffb832bf3

SHA256
84ead3e460a360df9ce26d89c8c9751327eda5648c595446efd0973093f2e4b3

SHA512
e35222c93b5ccc1852bbeb30cc1a53a4734b2b049d1121205e643a4543dd79791dd6a1f799a2db251ef315aced8bc825fd9d250f318fba085f84fe6d43f47540

Download Submit
C:\Users\Admin\Music\GroupDeny.rar

Filesize
258KB

MD5
45f44d5bccac2ba3125874d63839728f

SHA1
fbf4c2f267f348e058563b1ed5455450b23ab372

SHA256
4f3978bd9804b7738959bbc31286133f1b257ab213450c86b676ac254649d8e5

SHA512
e9ad545f83f929209417600e2dda35a096f21bbf0a1cf6315a2dbbab3961e63b7187af062347662363dee305116ba965c5ebb57026cfdf836d74cceffc75d46d

Download Submit
C:\Users\Admin\Music\GroupProtect.dib

Filesize
486KB

MD5
286144850cea30f500d82e89cd41b479

SHA1
8709cf964626fad79a62691f0cce302d1d63bd37

SHA256
ec22dc31a4180b4b54dbc4dfa1e03e8c8c0bda721f78212a295a226ff6fa2e4a

SHA512
126b7a9788bd1de2f7e71b6381578ee190dd91545740ba0b8ebe411935e02918aae9f5cef87b08e23b8c56f93ffb1a69934f860627e54f3c1f29178476ea9968

Download Submit
C:\Users\Admin\Music\HideUnblock.inf

Filesize
317KB

MD5
91aecd9eb8b03319e4f20596411d13bc

SHA1
317701f4f1187ef8d89519206a692ff171050b33

SHA256
a046606c8dcf3107210070e0e500123fce6bf0bd8f838316921287a118a16ff7

SHA512
d3a31902bbeee506bab412cd5eda45023161c48e1af71d1da0a736763e89f8c7bed036dd184fbfc0e01d57d4dcc227faf79d125622529ad8abebc19d01c9a8d8

Download Submit
C:\Users\Admin\Music\InstallUse.xltx

Filesize
387KB

MD5
70bb16a45c2c53ef85a80275210523cf

SHA1
6f0aed4d58f33d5cbe2afebc9cd0f900b2298c52

SHA256
f6671cfe4891697cf9f680a72306e32f40f0a4db741b04d5a56d7e7cde2b53d1

SHA512
c3cf3adb8bc881b20710fd63b468a3e9a385ca8db283bb525e9b8e1dfff6ea4da72fc20817170bb6b8b061ccc0b8bf2ba4362a516365d3c0069888e3d63ccd67

Download Submit
C:\Users\Admin\Music\JoinBlock.mov

Filesize
357KB

MD5
ba57ace75dc85228546eff3b71416d6e

SHA1
ca9d23a55c73e3edff2a3f7db4a89b02e1adeb1f

SHA256
4a84bbbe22eacb179fe5c9ddc1da4c6036b90ee253ef9411897809d2f1c03d7d

SHA512
e440e2fc7b4e1bbfe96fb3875987cd9cdfad476f1c96b59ed52e9eb00c33b706718c50cf9b624a8fba53e1775010dacca0967a9127b93a6c8ef892a14448a1e8

Download Submit
C:\Users\Admin\Music\LockRequest.emf

Filesize
347KB

MD5
d16bb892199672323a89e76fc217c783

SHA1
6b04f2cf51fa3324a94e0065445bd764de45008c

SHA256
10448fe4bdf71c6339f31f122298c3d3b916ce2d5cf871690d92a75559d19c7a

SHA512
25cd768f8dd333b561022ed239e980382f2d876a6536c13cf2075e18ebd637b90e1b57265c8d96d42aa4c7cfcb7eea1532cbf0700fe25eafe08a7307866168d2

Download Submit
C:\Users\Admin\Music\LockSend.DVR

Filesize
228KB

MD5
511174aaa3067fb9335521bbadef15ce

SHA1
f1ed748dfa0d10b8ce287accf5846c8e7399f4a2

SHA256
f667f713617c83c34095e228b1f2a235a9d4ff8fc7cda854403a1138af01ee64

SHA512
0dcf7e873643512431dc0fbad10199d6ee25a53b0d6647df87706cba200108d6e61c77ebc15b52d1e5b90762ff3b42ea4e5a99d6b46e4ec3c8d4510bf62d6648

Download Submit
C:\Users\Admin\Music\MeasureUse.7z

Filesize
506KB

MD5
dec7878b5c1ab8824779e8efdccd3db0

SHA1
83b1204626cbebec9b0e823c9f3686419ddaea02

SHA256
a410682c7767e2cce8c7fdc5e79ffc73111fd2d7268e48fc30046ad38b1897f5

SHA512
bce6be13ade14217cb691b03c52dc837dad7986680d7a4f2fdef694a08ef14de333e2489893b337e308c3cda8c018903e3a8f62a6d369bbe0a169ba8e0282953

Download Submit
C:\Users\Admin\Music\MeasureUse.temp

Filesize
476KB

MD5
eacf56d8c14aba21b1db948af88db3cd

SHA1
4b2ad38fc88dc8bcfdfbc0eb37f0a78e24953bba

SHA256
86f6aefd00fbc0c78e67c36cda14b268d4a57935c62df2e6da84951ab1045b21

SHA512
f8c3becbcdefba5433df4c2686ebd125ed20ae998a32dc92508ad8b0f8c2ffc000d07fcf5c42d70977cb24c4f456670f484c3c121ef1d43b0f9cb5100e4ef0b3

Download Submit
C:\Users\Admin\Music\MergeSubmit.html

Filesize
377KB

MD5
7fa2eb4b73206241efed76efd9fe1078

SHA1
0ffb8eea4cd20945ffd26499280463e173b7039e

SHA256
6fb358550c79bdc8be32947b0dc5b3b3cf176d5e07a1a0137e190f794e9b5190

SHA512
383f4aa342ed02637dd45072a7227950e1aedb6ce9f18a823a30ba53dcd6107c01d2646c60573c36b3c9f1f38bef1b150db80d93c25a4510fa13b47e9251526c

Download Submit
C:\Users\Admin\Music\NewOptimize.wma

Filesize
268KB

MD5
c5ce7dc9a135f6f8b88f115b8257a331

SHA1
56b985ee4a3a83772c190d14af6e19a0792a7edb

SHA256
79da85e0c8c34b43ee7830761fa08219490d332cc9750efc941531732e256bae

SHA512
9f841c1b9a48db9b0c0ceb8b1c2dc392bc09047487c0feb00fc5440d742c269a9a029d9e83a3154f82f5d66915539916afb775ef3fb81d244dde066455f91f3a

Download Submit
C:\Users\Admin\Music\OptimizeSend.wmx

Filesize
287KB

MD5
17acfa0284e180713d43a852060d4d0e

SHA1
bc022700717b3ac44d0dbd67d8bca37d626f897f

SHA256
5e41768c47d0eaad7e45f1d846f0376e8ea18470a95fa1dd391042d5e71110f4

SHA512
5581864cc7c42de808c5f57479f895505cbe67d7af37efed692f1d7b7b8499a9cacbd661eecdf1a04d2c9d1d4d4f201b6d508e62f22bf73e6cd83dc5ea2d5dcd

Download Submit
C:\Users\Admin\Music\PingInitialize.TS

Filesize
238KB

MD5
be0500560f944756e5d357d736077122

SHA1
ff7fd8029001b318815c5f903089c6c9215deda1

SHA256
aad8dedede6c1f0a497bae7e03068d4634626a724582064f65850d4aaeec75d9

SHA512
0c9e6851408e5198bf4735871676acbd0e3b40c522d6df2839f6928c11b5f23d43821ae7c0e7ceeba7e1c358edd830e315169492f2b282362144bb4685ac3401

Download Submit
C:\Users\Admin\Music\ReadSwitch.jtx

Filesize
456KB

MD5
fa8c1c8b6b8144c3005971c93772b58c

SHA1
6cf631a7f6e7506a557ae5c80a66dc00ea7fed57

SHA256
94bf4ea3212162f62004f04bff6b0b02aef6f3bcb5bcec4c0a8d7952b43293ed

SHA512
cfabd7b210cbaf7c287133ac9789e12117eed25753f0df0693118fffc4343e17acb133b4d85aa7b1b6d3e2192d17de4c102d1882a99b659eebf5d3e43bb87e57

Download Submit
C:\Users\Admin\Music\ResolveRedo.mht

Filesize
248KB

MD5
fa2f032682469d2157100a88610491d9

SHA1
c8175550f1570d9829a0891d2aa8a2197819fb07

SHA256
8bf8c5fa86c42acd21a9b2738ebe27d4accdc8c5933c7639e787d41a98ccffa2

SHA512
fd8fc8522313d8e4e3d455d57b7af3d75de0db9efb7359d5a62bbe7398411140e8d47f27b7dd97985b36d4ab518f98acddebe4c2f6f3dbf33446bd4bea7352f6

Download Submit
C:\Users\Admin\Music\ResolveReset.jpg

Filesize
327KB

MD5
efba0e35f27da754d53ce420936fd33c

SHA1
121d00f1027037953fe2d6b286fbedcd4cfa948f

SHA256
3d5e807d720a198f5653008c717012a9aaa78eae09726be45a38964466f6fe34

SHA512
d843304cc30e5363b2717fa76526af84699ebe1f15310df3b9aadfd2ab7da572da41f2087f635cceec49c371e9ee8c7dfe3470a1f7264cea06fc9c0595ba3e81

Download Submit
C:\Users\Admin\Music\RestartResize.emf

Filesize
208KB

MD5
e57f8c2618bf9b9e21bffda7e055785e

SHA1
8a7d7fcdb8e977f58219ad13af96c48c307d5918

SHA256
d391b15ea964a1a4815ddda7d236e6bcb7b3b0525b411db74e97fdfc436d006f

SHA512
d9ead5543b87a5d412266b2232a55a7fe3e093ea2b20c057d6619791e9ce5b5ede430dfaf6f0ffc9dc944901d36847f5353e34610f933d92a3a8f33ff62e4cdf

Download Submit
C:\Users\Admin\Music\ResumeConnect.vst

Filesize
526KB

MD5
ab8f2ee9f5e4deddac4ebd4549801556

SHA1
1b767d19565d87486c99c15e5a1933a64d4b164e

SHA256
0a0d226b1b753f8797a692603b054988022ead01612555377fd3e5396f94dafc

SHA512
a864c8f347c9a2be862a8a5fc4419b6d2d8adec806adad12f1d249f5985366183aee51bc5f70cc034d05ff197028a132b9d00786fc6ed8f41efd234840a96d36

Download Submit
C:\Users\Admin\Music\WriteRestore.mpeg

Filesize
416KB

MD5
130ea118ccd163904e4282ffe91da946

SHA1
f6f662b353ef538cae199fa34c9c230783e30854

SHA256
8ae4ba16fbc1061f4ff4b7b3c75fcda740cc79227c442ab978a4cb02c6a227db

SHA512
94ea94b4c7c3513f7729b3e7906474c406a1455b051f799db27865c73f46a2844bfa0952d562c524c4634e0945a50bd823eb742e7b9e5db4adaa455f401ff4aa

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
C:\Windows\INF\netsstpa.PNF

Filesize
6KB

MD5
01e21456e8000bab92907eec3b3aeea9

SHA1
39b34fe438352f7b095e24c89968fca48b8ce11c

SHA256
35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

SHA512
9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

Download Submit
memory/2140-3356-0x0000029A447C0000-0x0000029A447C8000-memory.dmp

Filesize
32KB

Download
memory/2140-3385-0x0000029A44830000-0x0000029A44838000-memory.dmp

Filesize
32KB

Download
memory/2140-3314-0x0000029A3C880000-0x0000029A3C890000-memory.dmp

Filesize
64KB

Download
memory/2140-3330-0x0000029A3CA30000-0x0000029A3CA40000-memory.dmp

Filesize
64KB

Download
memory/2140-3346-0x0000029A40EE0000-0x0000029A40EE8000-memory.dmp

Filesize
32KB

Download
memory/2140-3350-0x0000029A44140000-0x0000029A44148000-memory.dmp

Filesize
32KB

Download
memory/2140-3352-0x0000029A44410000-0x0000029A44418000-memory.dmp

Filesize
32KB

Download
memory/2140-3354-0x0000029A44640000-0x0000029A44648000-memory.dmp

Filesize
32KB

Download
memory/2140-3393-0x0000029A44830000-0x0000029A44831000-memory.dmp

Filesize
4KB

Download
memory/2140-3357-0x0000029A442A0000-0x0000029A442A1000-memory.dmp

Filesize
4KB

Download
memory/2140-3392-0x0000029A44C20000-0x0000029A44C28000-memory.dmp

Filesize
32KB

Download
memory/2140-3388-0x0000029A44AB0000-0x0000029A44AB1000-memory.dmp

Filesize
4KB

Download
memory/2140-3390-0x0000029A44AB0000-0x0000029A44AB8000-memory.dmp

Filesize
32KB

Download
memory/2140-3387-0x0000029A44AC0000-0x0000029A44AC8000-memory.dmp

Filesize
32KB

Download
memory/4548-3362-0x000001D3BF420000-0x000001D3BF430000-memory.dmp

Filesize
64KB

Download
memory/4548-3374-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3370-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3375-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3376-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3378-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3383-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3384-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3382-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3381-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3377-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3369-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3373-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3368-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3367-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3365-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/4548-3364-0x000001D3BF460000-0x000001D3BF470000-memory.dmp

Filesize
64KB

Download
memory/5044-10-0x00007FFE783E0000-0x00007FFE78DCC000-memory.dmp

Filesize
9.9MB

Download
memory/5044-0-0x00007FFE783E3000-0x00007FFE783E4000-memory.dmp

Filesize
4KB

Download
memory/5044-4-0x0000021C2C7D0000-0x0000021C2CCF6000-memory.dmp

Filesize
5.1MB

Download
memory/5044-3-0x00007FFE783E0000-0x00007FFE78DCC000-memory.dmp

Filesize
9.9MB

Download
memory/5044-3433-0x00007FFE783E0000-0x00007FFE78DCC000-memory.dmp

Filesize
9.9MB

Download
memory/5044-2-0x0000021C2BFD0000-0x0000021C2C192000-memory.dmp

Filesize
1.8MB

Download
memory/5044-1-0x0000021C11A30000-0x0000021C11A48000-memory.dmp

Filesize
96KB

Download