hxxps://getintopc[.]com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/

Resubmissions

09/08/2024, 14:22

240809-rpv9qsvhnd 8

09/08/2024, 13:58

240809-q9zl8a1erk 8

Analysis

max time kernel
1372s
max time network
1379s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/08/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getintopc.com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
4948	7z2407-x64.exe
5024	7z2407.exe
2868	7z.exe
2296	7z.exe
836	7zFM.exe
5532	VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe
5448	VEGAS_Pro_20_setup.exe
5724	vcredist_x86.exe
5752	vcredist_x86.exe
6840	vcredist_x64.exe
6864	vcredist_x64.exe

Loads dropped DLL 4 IoCs

pid	Process
836	7zFM.exe
5752	vcredist_x86.exe
6612	vcredist_x86.exe
6864	vcredist_x64.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7} = "\"C:\\ProgramData\\Package Cache\\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\\vcredist_x64.exe\" /burn.runonce"	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} = "\"C:\\ProgramData\\Package Cache\\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\\vcredist_x86.exe\" /burn.runonce"	vcredist_x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\X:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\S:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\U:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\V:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\Y:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\Z:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\R:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\T:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\N:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\G:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\Q:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\W:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\M:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\O:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\K:	VEGAS_Pro_20_setup.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	VEGAS_Pro_20_setup.exe

Drops file in System32 directory 38 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mfc120chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120ita.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcamp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120enu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120enu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm120u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm120u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcomp120.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\si.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7-zip.chm	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ca.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ja.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\7-Zip\Lang\hi.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mng.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\cy.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\de.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\io.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\7-Zip\Lang\hr.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\pt-br.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\co.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\es.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\th.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uk.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\7-Zip\Lang\pl.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\tt.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\es.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ko.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ru.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\vi.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ast.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\7z.dll	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fr.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\tt.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7-zip.dll	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7z.exe	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ne.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ro.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\vi.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mn.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt	7z2407.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2407.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ast.txt	7z2407.exe
File created	C:\Program Files (x86)\7-Zip\Lang\gu.txt	7z2407.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120u_x86	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_msvcp120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120jpn_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120ita_x86	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7B290FAAB93EBDF1.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD712D21157FB750E.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9DA1.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vccorlib120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120ita_x86	msiexec.exe
File created	C:\Windows\Installer\e6c9ca1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9ECB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\CacheSize.txt	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120rus_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120jpn_x86	msiexec.exe
File created	C:\Windows\Installer\e6c9cd0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e6c9c98.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8122DAB1-ED4D-3676-BB0A-CA368196543E}	msiexec.exe
File opened for modification	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0F1840C69B106850.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3E44E6B0A4E7C728.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120esn_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120u_x86	msiexec.exe
File created	C:\Windows\Installer\e6c9cbd.msi	msiexec.exe
File created	C:\Windows\Installer\e6c9c98.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_msvcr120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_msvcr120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcamp120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120u_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\CacheSize.txt	msiexec.exe
File created	C:\Windows\SystemTemp\~DF919ABDFF4FE15ADE.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vccorlib120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\CacheSize.txt	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcamp120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA043.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120fra_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA209.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcomp120_x86	msiexec.exe
File created	C:\Windows\SystemTemp\~DF637E328657725C74.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120enu_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120_x86	msiexec.exe
File created	C:\Windows\Installer\e6c9cab.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120u_x86	msiexec.exe
File created	C:\Windows\SystemTemp\~DF33B8561F4C78E885.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e6c9cd0.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFAA4D47BA95AE599A.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\CacheSize.txt	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D401961D-3A20-3AC7-943B-6139D5BD490A}	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120enu_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1287095F70A09B0C.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120cht_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120kor_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120deu_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120deu_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120fra_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcomp120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407-arm64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VEGAS_Pro_20_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2407-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e0a6bdd5f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900700a100e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\InstanceType = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1BAD2218D4DE6763BBA0AC63186945E3\Servicing_Key	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Applications\7z.exe\shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\AuthorizedLUAApp = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12B8D03ED28D112328CCF0A0D541598E	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v12	vcredist_x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v12\Dependents\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}	vcredist_x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v12\DisplayName = "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{D401961D-3A20-3AC7-943B-6139D5BD490A}v12.0.40664\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D401961D-3A20-3AC7-943B-6139D5BD490A}v12.0.40664\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\Version = "12.0.40664.0"	vcredist_x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12B8D03ED28D112328CCF0A0D541598E\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8520DAD7C5154DD39846DB1714990E7F\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\PackageCode = "82C7CC9682E1077408579187FC5DC13E"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v12	vcredist_x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\ = "{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}"	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\SourceList\Media\1 = ";"	msiexec.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	VEGAS_Pro_20_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	VEGAS_Pro_20_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	VEGAS_Pro_20_setup.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\_Getintopc.com_MAGIX_VEGAS_Pro_20.0.0.13.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407-arm64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4108	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5572	msiexec.exe
5572	msiexec.exe
5572	msiexec.exe
5572	msiexec.exe
5572	msiexec.exe
5572	msiexec.exe
5572	msiexec.exe
5572	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

pid	Process
3468	OpenWith.exe
1516	OpenWith.exe
2496	firefox.exe
4524	OpenWith.exe
416	OpenWith.exe
2868	OpenWith.exe
836	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	4948	7z2407-x64.exe
Token: SeDebugPrivilege	4948	7z2407-x64.exe
Token: SeDebugPrivilege	4948	7z2407-x64.exe
Token: SeDebugPrivilege	4948	7z2407-x64.exe
Token: SeDebugPrivilege	4948	7z2407-x64.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeDebugPrivilege	5024	7z2407.exe
Token: SeDebugPrivilege	5024	7z2407.exe
Token: SeDebugPrivilege	5024	7z2407.exe
Token: SeDebugPrivilege	5024	7z2407.exe
Token: SeDebugPrivilege	5024	7z2407.exe
Token: SeRestorePrivilege	2868	7z.exe
Token: 35	2868	7z.exe
Token: SeRestorePrivilege	2296	7z.exe
Token: 35	2296	7z.exe
Token: SeRestorePrivilege	836	7zFM.exe
Token: 35	836	7zFM.exe
Token: SeSecurityPrivilege	836	7zFM.exe
Token: SeDebugPrivilege	2496	firefox.exe
Token: SeSecurityPrivilege	5572	msiexec.exe
Token: SeCreateTokenPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeAssignPrimaryTokenPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeLockMemoryPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeIncreaseQuotaPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeMachineAccountPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeTcbPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeSecurityPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeTakeOwnershipPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeLoadDriverPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeSystemProfilePrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeSystemtimePrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeProfSingleProcessPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeIncBasePriorityPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeCreatePagefilePrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeCreatePermanentPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeBackupPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeRestorePrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeShutdownPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeDebugPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeAuditPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeSystemEnvironmentPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeChangeNotifyPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeRemoteShutdownPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeUndockPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeSyncAgentPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeEnableDelegationPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeManageVolumePrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeImpersonatePrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeCreateGlobalPrivilege	5448	VEGAS_Pro_20_setup.exe
Token: SeBackupPrivilege	5884	vssvc.exe
Token: SeRestorePrivilege	5884	vssvc.exe
Token: SeAuditPrivilege	5884	vssvc.exe
Token: SeShutdownPrivilege	5724	vcredist_x86.exe
Token: SeIncreaseQuotaPrivilege	5724	vcredist_x86.exe
Token: SeCreateTokenPrivilege	5724	vcredist_x86.exe
Token: SeAssignPrimaryTokenPrivilege	5724	vcredist_x86.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
836	7zFM.exe
836	7zFM.exe
5532	VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe
5448	VEGAS_Pro_20_setup.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
3468	OpenWith.exe
1516	OpenWith.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
4948	7z2407-x64.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
2496	firefox.exe
5024	7z2407.exe
4524	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe
416	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 1604 wrote to memory of 2496	1604	firefox.exe	81
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 4280	2496	firefox.exe	82
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84
PID 2496 wrote to memory of 1912	2496	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://getintopc.com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/"
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://getintopc.com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b67122f1-e0ee-45c4-a911-eff053f11b33} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" gpu
    3⤵
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2336 -prefsLen 24520 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fedb5fd9-8b6f-4283-92c5-868dcb772438} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" socket
    3⤵
    PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2864 -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 3036 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da19b150-b4aa-4b09-9e5c-79a037ab5a29} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:1424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf3d425-b69d-4fa1-a51d-492780f7a694} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:4276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe378649-2701-4771-8397-faaa5b995866} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" utility
    3⤵
    - Checks processor information in registry
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 4748 -prefMapHandle 5296 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {618a10c5-24bc-44e5-808c-1bcb267686f2} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:4236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5644 -prefMapHandle 4996 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c6e78f5-e5a9-4f57-8647-dd063eac0779} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5920 -childID 5 -isForBrowser -prefsHandle 5912 -prefMapHandle 5700 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40bb5c44-e325-499b-a703-5a6cd53191fb} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6208 -childID 6 -isForBrowser -prefsHandle 6204 -prefMapHandle 6200 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fadac264-2f29-4941-a538-2955703bd83c} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:2364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6376 -childID 7 -isForBrowser -prefsHandle 6240 -prefMapHandle 6344 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb63f459-1cd7-4aa5-96c2-dc357e587225} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4100 -childID 8 -isForBrowser -prefsHandle 6700 -prefMapHandle 3896 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aac57218-e745-4a9f-a944-9387da177b3f} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6744 -childID 9 -isForBrowser -prefsHandle 4064 -prefMapHandle 4240 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4761f721-697f-42d6-9e23-4cad15666646} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6916 -childID 10 -isForBrowser -prefsHandle 6924 -prefMapHandle 6928 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa9d16b-1df3-4798-9b30-b8d9e9f4cb87} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3388 -childID 11 -isForBrowser -prefsHandle 2552 -prefMapHandle 1344 -prefsLen 31229 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfffde08-06ab-4cb8-a4c1-b6ee41fe890d} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -childID 12 -isForBrowser -prefsHandle 4800 -prefMapHandle 4904 -prefsLen 28593 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7a4e15e-f2db-4b12-8d22-d8e50affd249} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 13 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 28593 -prefMapSize 244628 -jsInitHandle 1328 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b27744c-386c-4823-8c58-a6ea3a20fddf} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab
    3⤵
    PID:2376
- - C:\Users\Admin\Downloads\7z2407-x64.exe
    "C:\Users\Admin\Downloads\7z2407-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4948
- - C:\Users\Admin\Downloads\7z2407.exe
    "C:\Users\Admin\Downloads\7z2407.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:416
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_MAGIX_VEGAS_Pro_20.0.0.13.rar"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2868

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_MAGIX_VEGAS_Pro_20.0.0.13.rar"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2868
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_MAGIX_VEGAS_Pro_20.0.0.13.rar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2900

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\MAGIX_VEGAS_Pro_20.0.0.13\Crack\Readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4108

C:\Users\Admin\Desktop\MAGIX_VEGAS_Pro_20.0.0.13\VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe
"C:\Users\Admin\Desktop\MAGIX_VEGAS_Pro_20.0.0.13\VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:5532
- C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_setup.exe
  "C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_setup.exe" -m C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\SetupValues.dat
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:5448
- - C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x86.exe
    "C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x86.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\001#Install#vcredist2013_12_0_40664_x86.txt"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x86.exe
      "C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x86.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\001#Install#vcredist2013_12_0_40664_x86.txt" -burn.unelevated BurnPipe.{9F20FEE9-31F4-4DD1-AC37-FE19875930A3} {54869823-3036-4581-8510-8664A9760C63} 5724
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5752
  - - C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
      "C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} -burn.embedded BurnPipe.{E54C460F-6789-45B8-A3EA-AC60DFEE5EB4} {4BF66E34-DC6B-4BB4-A0F1-9F6A7BEF7CFB} 5724
      4⤵
      System Location Discovery: System Language Discovery
      PID:6592
    - - C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        
        "C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} -burn.embedded BurnPipe.{E54C460F-6789-45B8-A3EA-AC60DFEE5EB4} {4BF66E34-DC6B-4BB4-A0F1-9F6A7BEF7CFB} 5724 -burn.unelevated BurnPipe.{C2DD3CBC-3D42-427A-AD90-31349739BB8D} {27BEE994-0246-4E6C-8EC5-11A7517BD643} 6592
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6612
- - C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x64.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\002#Install#vcredist2013_12_0_40664_x64.txt"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x64.exe
      "C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x64.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\002#Install#vcredist2013_12_0_40664_x64.txt" -burn.unelevated BurnPipe.{062EA026-5490-4DB2-BAA0-F9C5EB3DB8FF} {771A0486-31DB-4B69-9CC7-12F558ABCC1B} 6840
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6864
  - - C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
      "C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={042d26ef-3dbe-4c25-95d3-4c1b11b235a7} -burn.embedded BurnPipe.{9D73333F-DEF1-4F9E-B768-8F62AED0949D} {F436AEC7-172D-4D14-9741-3FC1B5C86578} 6840
      4⤵
      PID:7160
    - - C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
        
        "C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={042d26ef-3dbe-4c25-95d3-4c1b11b235a7} -burn.embedded BurnPipe.{9D73333F-DEF1-4F9E-B768-8F62AED0949D} {F436AEC7-172D-4D14-9741-3FC1B5C86578} 6840 -burn.unelevated BurnPipe.{E30D59DF-31E1-4BD6-89CE-3F08D118C334} {8CDA8059-1EF4-4E46-BA16-CCC7C3A3821A} 7160
        5⤵
        
        PID:3392
- - C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\WebView2\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
    "C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\WebView2\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /install
    3⤵
    PID:6320

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5572

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5884

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:5928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e6c9c9b.rbs

Filesize
17KB

MD5
0f12a358621dc55157199fb168d55021

SHA1
bcaf33e2266adc703c3115c1c757e3d14acfcd43

SHA256
e32bec56383b5e2e50d672a027c2b5f8152fd9facce6664af70661a8be8992eb

SHA512
a6b977b3be16dcad8fe468648fdd7df13449e01c8106a62e46eaf22cdaf2244ca0337a1935e388fb40cece0faf43dba8dc17bc18ff28978c64fb887233d7d8b5

Download Submit
C:\Config.Msi\e6c9ca4.rbs

Filesize
13KB

MD5
0ebb85a975126f6e17faedc93b38c0b9

SHA1
05d70843a073748b0ef330c73e57e4a66df5a7e9

SHA256
dfed67245cb3e755128b32a3c8cfcc148ef8971cdef902110461acf1b7ae6ea9

SHA512
d7a639573b522f6e5ffb4240db41a295e8c37c0ff0b7074cd1393ffdd731c63701a76c6e237d14ce1912685395f5aa87dc461f92d730865932fddf34186dd45d

Download Submit
C:\Config.Msi\e6c9ca5.rbf

Filesize
444KB

MD5
a883c95684eff25e71c3b644912c73a5

SHA1
3f541023690680d002a22f64153ea4e000e5561b

SHA256
d672fb07a05fb53cc821da0fde823fdfd46071854fe8c6c5ea83d7450b978ecb

SHA512
5a47c138d50690828303b1a01b28e6ef67cfe48215d16ed8a70f2bc8dbb4a73a42c37d02ccae416dc5bd12b7ed14ff692369bc294259b46dbf02dc1073f0cb52

Download Submit
C:\Config.Msi\e6c9ca6.rbf

Filesize
948KB

MD5
2fb20c782c237f8b23df112326048479

SHA1
b2d5a8b5c0fd735038267914b5080aab57b78243

SHA256
e0305aa54823e6f39d847f8b651b7bd08c085f1dbbcb5c3c1ce1942c0fa1e9fa

SHA512
4c1a67da2a56bc910436f9e339203d939f0bf854b589e26d3f4086277f2bec3dfce8b1f60193418c2544ef0c55713c90f6997df2bfb43f1429f3d00ba46b39b0

Download Submit
C:\Config.Msi\e6c9ca7.rbf

Filesize
331KB

MD5
69004e08c1eb19fcf709908103c002fd

SHA1
d59459f9a18b2e9a06e5af2b88f4fecb0ce690d5

SHA256
c1b61dd24dc2dd5efd5cd548c0cd74fac112358e9e580df4d780d2c125474dad

SHA512
3fc67a5fccb252a67285e19d62057fb4e3c63e702f4be91e552f93d9827cc746b8fb43b4a3b24b7fd5c48832d18a1dae26c1bd237f40b7b88618d402fdac1a76

Download Submit
C:\Config.Msi\e6c9ca8.rbf

Filesize
242KB

MD5
c7739dd4212d084d299df68f0a0debc3

SHA1
cba81d847d91bfea5c03279c0ca03fb1aacd4ae9

SHA256
1d67a8464991a03fc190d87b43591764f231d7a7a71a72ffc51d982b26691153

SHA512
5b8e98e6764460f9afbfa6dd34c12ad59284003eea99997c9e1db9b4a85ba30ac8b6a699b2888388dc424c547918137d42984bf040ac3d292e612bc433368fb3

Download Submit
C:\Config.Msi\e6c9ca9.rbf

Filesize
117KB

MD5
90419039c035404fb1dc38c3fb406f65

SHA1
67884b612d143aa08a307110cee7069bddb989a0

SHA256
62287589fc0b577398005f7ac07256d9fe671cdd3e5369faf74b9f64cb572317

SHA512
e632c78c941861e61fbec68e333e6549cd4bec683593db92c2522e162176bd64160dba37d4226c1599cfe1d77b36d5d4c452dd2f453c291a15310dfb607f3414

Download Submit
C:\Config.Msi\e6c9caa.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Config.Msi\e6c9cae.rbs

Filesize
26KB

MD5
4106391e25355782dcb7d060ac9dc829

SHA1
e758e01564c3ec7146312e03b1a985fdc5572309

SHA256
8f4229bb743afae1ff0c22527abcd49676f4d379a33110051145e53e4c5b20cd

SHA512
5bea8232d73fd529965155cd2ebdcf451315bcc1b99a84052922dc1b3c89e7528a58419fb41550f7cefa34f501c1ba1678803bbbb61c6f1810ac008eed525c51

Download Submit
C:\Config.Msi\e6c9cc0.rbs

Filesize
22KB

MD5
b5b268e6c932a3f1254aceef37383798

SHA1
d32cb4793a383724c2ccd9054270f65b11f470ce

SHA256
fd35afae407e7eed33a7561392007fcb771cff27a18bd5bf5a9f22d5eb61d5bf

SHA512
41abaed5b68ca0965d2bd1e231ecc989fa60ea685e93dec8d88027715f73d38edd1038f73421ff6664cf27a23ec5ba20dcd18fbd1add3dd8fdff264d0a407057

Download Submit
C:\Config.Msi\e6c9cc1.rbf

Filesize
45KB

MD5
2f7c88c43a8966882ca89ce4981e3cde

SHA1
588bdeae6eab1f447771bd6963b5b3329196e686

SHA256
5e7331a6adeb9d4252531ade800d47b8ddf020b97cfedc58de85386b3ae64e76

SHA512
3f2eca126fc821e36aaf4430a0f41af1a060396f52cfb2efd1c3be2ab9d69cfac870121c646776c8b15e8561938ac30367bc5687bb9a79f0c19156c3b56249a7

Download Submit
C:\Config.Msi\e6c9cc2.rbf

Filesize
45KB

MD5
70bbafa7c8b0aeba0e25e27c440a6038

SHA1
44a5e06229ae4f6ce6d3b2b57cb3b6050667def2

SHA256
9eec79bd4af04bba1e11fc24c64d94f30c22985c8ebbce3e0b411a61a1edbabe

SHA512
2e9b8696c1b4ab8e721fa07b6c81fe30613f0d188250991c573af95263688b7db6e25ebc4c030825724248c9713d9c5b772f199369785ac615ad2d2fdf527f8a

Download Submit
C:\Config.Msi\e6c9cc3.rbf

Filesize
73KB

MD5
09936f1f2ad5ae9d0663b6e8709527c7

SHA1
f0e5945663e65405d94c394db83880f713295104

SHA256
550f6c9f16fe85a8338b04f1bec43de3babeac60ff257197625f2802907007b8

SHA512
3e95e1e3f2043e1f0a4baf1267e82f912bcd5830ae6c5abc750a38a0666b1a6b9e1169dadb58bc2eafae00a2e11bcf574ea805f3a1f07f77d5450d1265e8e7f6

Download Submit
C:\Config.Msi\e6c9cc4.rbf

Filesize
63KB

MD5
9becefa155c8c9f5ef5bf9d537c0a258

SHA1
4f33f6d08685d50ce799df6369cb5efc51673e12

SHA256
d1dbc7677010f9af7b680ea2efa28c964154997bddbf6c8d9d65ea225a5ec613

SHA512
5e9972cfe26c0fc6a0ea38643c644b5ac33e4ddfc1cff5b25017c81f3121ec7732565554f43c1916e9f8e2b1d84226aacd2cc4d6805425c2f1f1e7683e506ff4

Download Submit
C:\Config.Msi\e6c9cc5.rbf

Filesize
72KB

MD5
30281f2891b6deae8c0deb122b5906c7

SHA1
43ed0c7bf45839ba07501c1013ba74c97b4d0beb

SHA256
87e5c496e038c337ca1acee52c145d8f4bdb3e74261b13e1feb740c4e2124e0a

SHA512
cb0e3f3cf89af55e4b849b3f4f883d8348fc8f806690db4fff238ee54bc5f80a34e53c7e8a22dd9d1dc57c1a60c69d3e25ad9cc52ac66628613cdf358e7aa537

Download Submit
C:\Config.Msi\e6c9cc6.rbf

Filesize
73KB

MD5
b41aa9a167ac3d6c11b5c2e1e183c11b

SHA1
ac8efa5f7b8211e4dc0d0d0e6bc7717f88d2c0ac

SHA256
b098ed9a5f44052b9ab5ceee82ab4cea5c6d9a14a61816882ef996a0599838b2

SHA512
de667f1fe0bcb0ddf8f59054a2d5c516ec47ab59f7e78e29ec8a2cc756c72aae65bb73ea03701c67c978166649d69278fb0269e9588d968f630165bcfa6f40f8

Download Submit
C:\Config.Msi\e6c9cc7.rbf

Filesize
71KB

MD5
2bcf9a28e5fe7a3fefd16a9c03d35dbb

SHA1
7c1446d8ca4d2c6890d62c02308daccb8be5475f

SHA256
271abe43d14cbd8c80b85ec804787272522bc06c45b7f93244b718ab0c08a289

SHA512
445ef027eeecda4361834334706079053ce9a735cbeeadaec37f28c4f9a485b07ba156178c2cdb1f012d1760d0495d041deceb6372921eb94d18241eb304eafa

Download Submit
C:\Config.Msi\e6c9cc8.rbf

Filesize
52KB

MD5
34b5ae129703de4a4bb5f52f4306fdf6

SHA1
601ba6cc73cbbe6d7014519a885fde2c9e9c2fba

SHA256
43cd9fdf714b7dfca4b2a8f54bc25ceeddc7a6212ba59233d89a03c650053407

SHA512
016dae93356e42a19f4fb4d34efa04e93f802e5de3157c29ce940d9637d697d2b7a4f61b705b5b5df271b97d942cb81265d0fe7c9561c0ef3c46c249b8b7fb9c

Download Submit
C:\Config.Msi\e6c9cc9.rbf

Filesize
52KB

MD5
f89147c034de186e3ab79326523888b8

SHA1
d3e6c00363a429eae066953f7c187e33c687ec6b

SHA256
32dfe0f26b5024ec900a31f0dde736ca62769dc5de48238b485f4322cd367e7d

SHA512
d7842681f67b46f67233ad0f7c57c7155f152dc25ef546a08fb91914ee54984b87f9ccbd8da3e40d012b251fffade838f2d779681afa84c383ea7982f0ad1cfe

Download Submit
C:\Config.Msi\e6c9cca.rbf

Filesize
69KB

MD5
d7f2e87512d19d01328840187fc7cb04

SHA1
7a312b677b76d7303e01da6064f1a5e0fb26c604

SHA256
1154c537bd700ebbda599a5c2923e73d098c3eaa930fd0f4d415583ff90eea67

SHA512
8a00cae2dc0d59e530cd43bf84f33301f53ccdd96477787805b487ffdf6869223621414cf180a1aafb6b8910ba19684c02c60226a651d051eacc4cac1fbd8c2b

Download Submit
C:\Config.Msi\e6c9ccb.rbf

Filesize
4.2MB

MD5
293002e4332f01c74c2a843b5c638a90

SHA1
2e412f945ac4353b4908c87e31b847415b3ec19b

SHA256
6130ad7d21a492cd3f3924bed43d954f80b6b6920374934b9eed057f27130e15

SHA512
49eaf5633debad535ffc6584c8383e21c99f7a3a81a0b3496943af0e79853399649706ceda9da9990c259d605ab163c22c08f641b91e80c8a14d519837a595ce

Download Submit
C:\Config.Msi\e6c9ccc.rbf

Filesize
4.2MB

MD5
e1629a36f15824346bb54a9ebe9b622f

SHA1
ee5d55315ffb351e24b7c918c82e6ce4ec17a645

SHA256
68df186e26151313a0df2adb0ef5f3a45ebba3cb02229bd8723a29dee60e278d

SHA512
0301ed7ad473015478f32afd3e41dafd045eab26ad42080bad6030324564a7ed09a7516b8d362b5cb2201d087eb25f2bb7ac5fc809a387f49f893ac3df8814bb

Download Submit
C:\Config.Msi\e6c9ccd.rbf

Filesize
81KB

MD5
36ca9bc41425660ad80f23933e6e9f1f

SHA1
3206186f932cd5948062a837b5fc2094ddb1c8b7

SHA256
8c82f149507c3415250e52bf4c7fe937946a60d51f07492a1e36ab3e14482187

SHA512
a58eee2824bad90ea0790bdf55c5b58a6eec5f3e87bebf5a941a6dbcb8106c6d96b7eee0a022c4a16f35d80e38501fed54d88127f30de0e9fdd22e4df8fa2ea5

Download Submit
C:\Config.Msi\e6c9cce.rbf

Filesize
81KB

MD5
9b73043d5646be7b544e3ac3d49b7744

SHA1
a3eecb1a85c244d5428a012041eee947462e7a09

SHA256
d6d2ba4ac1606e825216a25ab401d26d77c4300299e957cfadab3b0b945d065a

SHA512
8f339c23f8d1e8eed1bd055a31c027e5da03d916769468394ba1befe7b4f2586e67e8dcf29326ff40abb0d879a45f886398d5d733c988c507860d1ece16ed83a

Download Submit
C:\Config.Msi\e6c9cd3.rbs

Filesize
18KB

MD5
cf2c9e9397cd8898ceaee57761a83776

SHA1
e8452519af3934e6ab69c89c589a1f9f6eaed38d

SHA256
60922e1a3f7e0d356e4bc2d4b2aa8ab590fe8f828b9791be4eeeda8cc3190c4f

SHA512
8b2129958cd4e74640f4a41dcaefed9330f1b056db951afaea3ab70124a35d0f41b271d621221cf3e04d7fbdf21b7dfb6a94bc5bea0c5109408f32e48b3c4466

Download Submit
C:\Config.Msi\e6c9cdc.rbs

Filesize
14KB

MD5
4c6e20b274b3fc6a428b0d1d71f72ce1

SHA1
a83145b868c40366d46d1a5cda31007162dd05dc

SHA256
8a8f11c0bfe1d2e6c001b6fc6592f838e0c886816e55878d7ed70c5abb0ca679

SHA512
659fc2ea2d395227d5cee5f6469af0f1f37e195bd43fe434e02be248a39a155dedb1a91bda1acf2de4e89dfdd1d764886a0b5d2e16a4a972ce6cf4c61bea610b

Download Submit
C:\Config.Msi\e6c9cdd.rbf

Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Config.Msi\e6c9cde.rbf

Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Config.Msi\e6c9cdf.rbf

Filesize
470KB

MD5
f0ec8a3ddf8e0534983a05a52bce8924

SHA1
5f6d0265273f00ffe8e30cf507f0d05d330ff296

SHA256
88a5ed51a7be4ff7ebded0c107fafda6ace3801877216c0bb6cbb458ae054a7b

SHA512
d7b084d7f20de29ff16341df2756861bb7ac22eab0711869b3e77a84d841fb76a898d7459ca1be62eed522caa1f022c891a7d30c94bf0fff1bb4d016be8aa9bb

Download Submit
C:\Config.Msi\e6c9ce0.rbf

Filesize
348KB

MD5
ea1e99dec990691d41f938085f68bcc7

SHA1
5fdcbcd777e10e765d593994dc66f930c1377b0e

SHA256
1b296bd172332d3b2253bdcb6ecac46afef883f75c13c361632ff40fec743fcc

SHA512
e90a40bd8e20bbca3c6188a78ad75578e51d88aa638e0bbfed4f6f6efdd0917e92b08ef4b0ccc2dee08774f08658b189e25234270e8ce1ca60a7e0ec8e3fbcf8

Download Submit
C:\Config.Msi\e6c9ce1.rbf

Filesize
134KB

MD5
d7dbc7c92177837431ae2fd7fb569e2c

SHA1
c26140204a6db421842ad36599326a5369fd1b5d

SHA256
22d14e004ba4b78a9143257399dc40ef4d0e8f2cdb9127e1ba2638f54cce5c70

SHA512
4f2b197ea912b5ea1a82ac84e1c15ca8e3787460cd79a32733ea920dcf3b1db5cf0507ad7c94f4e4ccab9dfc6773a9d05a8eeaa7bd7c61b63d780b69ed7ae0d8

Download Submit
C:\Config.Msi\e6c9ce6.rbs

Filesize
27KB

MD5
07199939af7cd422c889cc512b9bc960

SHA1
aa5f0daf848a08af321afb528d5592077ccefeb1

SHA256
07e96bd06f58eb0ee6fa21253a109d7a1de816038ccb10fa6e1142c9379c1fd2

SHA512
d334ba20d2818ab7d96826578e82cab53b193ce2508b41a6f157e08f89132fd830c095160aa7b4546765ccebbc93b6cefc56701d84ddd3b732b113822718df79

Download Submit
C:\Config.Msi\e6c9cf8.rbs

Filesize
22KB

MD5
a9210362ce10d9523d2e83b4380b0743

SHA1
6b139ef171a7b59be4807edcb66fcfbe829e1582

SHA256
bdfea9f5a2d5f25248bdce8ad72aceb60c4cf44740e9768159f6a367293b33e4

SHA512
679ed522eafc9b026216978457a674b2031c0298bde5c695c4921d00b7a16f55b6296eadf770402f30af7b760a57f7805454bc51e01ccaba663017e175dd573d

Download Submit
C:\Config.Msi\e6c9cf9.rbf

Filesize
45KB

MD5
f96a9a88487a27de7b3e15c733cf1fe1

SHA1
0a4157f064349b0370b8ee3f244f44debd04b4c0

SHA256
cb531679be2881677a93d11067c71274ec30b30aadf1cdcf1543dddd6b1d7b61

SHA512
df5390b235157e65efa3a9385a7ffd6d5f4f2471306625f01370ed463c65b81c4274370f93b5b0d04d44175c57322d2f2fb1cdd2bcbc123997f4ae4ae9557f0b

Download Submit
C:\Config.Msi\e6c9cfa.rbf

Filesize
45KB

MD5
6a5e17d5a4b24e5c2b947a343a182949

SHA1
ddf5ed505953e073f09b17e8e2bdecf2766c6a4b

SHA256
0301c5dc6e762788891356987e9c8cd0d40b262df06e8384bf5796b1f20f083e

SHA512
8a383192f9f6e6c4fab24645cf7c30fa927881451f0e65175b724717151cca6fcc49ed3394cc689407f19a7b1afd6b462688bccb898912762b804eeeb7cd8d97

Download Submit
C:\Config.Msi\e6c9cfb.rbf

Filesize
73KB

MD5
bfc853c578252e29698ff6b770794e6a

SHA1
1091dced7b18bdd7eda2be4d095ac43cfd342b7d

SHA256
80e0f29ff6b7ada892f23927f17021783575ad80f9f6c8a268a6c2a7ce35e5d6

SHA512
306445384614b48d3182a91c8adf8d8206c36efd88abf23753800566f9650518af382164ca1a17ed000888e6a99c175478ad621d0a0d46c9bc7d5359113e05fb

Download Submit
C:\Config.Msi\e6c9cfc.rbf

Filesize
63KB

MD5
19b7b852ac2dec695e6a52801e59c421

SHA1
cd72265e1a6a64c761984980895d92cb93bc61b7

SHA256
e463f38fa6b6157398ad224a462538bd8e36b75031fa711e567c5505a9092df6

SHA512
d0fd9f75820d3dbdc4001ed6262a940f062655ebb5f31f3d45d984e38b1bae2e5a958665b79b5b4aeb899e39348ba987c82148bfd85477e69249d3a59a076017

Download Submit
C:\Config.Msi\e6c9cfd.rbf

Filesize
72KB

MD5
9ef2dc352d20b615a556be53b449b17c

SHA1
933b2a39f3d730c6b5d437558d0db68c5d2c22b7

SHA256
db4fc3652d24224d5375d1a5696144ac8881332cc20f5992ed1488236e64c120

SHA512
8031a4d0e44beb290c48292a0987108ed6d6f56950dfb17ee4671e692407fcbb8dc652d82907d8f98db2f841689f9480aee6fbce60cf2bfa1d0d6294c3f6da91

Download Submit
C:\Config.Msi\e6c9cfe.rbf

Filesize
73KB

MD5
06473191b67c8b3d1a26b76474c5daeb

SHA1
94c72bb597c365cb77f621e6e2cf3920954df2d7

SHA256
e7cb6c2818ca27c864bda635d5b5d9f7bdb308f4b5d4bbc206ee1e135b7dbbf7

SHA512
237c144cd3cd78c4a4eeb5c6a22043a8e604bdbd7182b89bacb81135b1e3de08780061dfa3664508cfbdc01e918fa2610e317f9441b10c4df8def1ca444de4eb

Download Submit
C:\Config.Msi\e6c9cff.rbf

Filesize
71KB

MD5
713e30e13c1998e035cf4ace66b03230

SHA1
2d244e01c2bd9f3f17dfa0b74c19ce6bc512e1b5

SHA256
9cfc5985440df4e70b57869b32c8ee69eb6fc570a98cc94a53141a0dc7535e10

SHA512
8a2581aaa125eb45543e679e58be7040d151cfcfe0625f6e62dccc3fcf87872d3504b30082036d5219dc4c8493600838d31b2ddfde3ba0bc1b2b6ef97078e29a

Download Submit
C:\Config.Msi\e6c9d00.rbf

Filesize
52KB

MD5
689b5f0061a67ac95f59a64744702186

SHA1
52227dd2c8a66c0528bff28475846faf7036340f

SHA256
83fb72fd2142d54bff6280e7c4d4ff22d43c3a81fa4ff8881003abbe5e21ec3b

SHA512
30b4e01d20c6c3ac1b799dd4d23fda3ca988eadb59356f84aff0a0760572b5c4119ef21467494e47a7d74dd6b136633a6ae40f45ec051d5cacbe44b5d6255d42

Download Submit
C:\Config.Msi\e6c9d01.rbf

Filesize
52KB

MD5
7d03ffc6a8fb686abd660efdc3aaf223

SHA1
3d04c53971a525cc3255ff1eab05ff0cbad75bb7

SHA256
b2c7fc2c95b13bac36316d298c94d842dd2574f78e9c22e4d4e4af1c3fcc0fd9

SHA512
b5d41294630e342f2242a91c9dcf9085cddbd2389860e14c741147cb695425971cf79339b523d28fd3189589e5f948115359b89f59a03186e3c6a103f854f4e1

Download Submit
C:\Config.Msi\e6c9d02.rbf

Filesize
69KB

MD5
a99ad214ccd1e7bc1f609b972467b0ca

SHA1
9ee79954fdb2338026c3c81da00ab6e7e6c2e1ff

SHA256
3238676035d9c1595248ef65ef5b044384b473ab9bdfe8d1077e10e4fe7bc983

SHA512
da1f8a4dd82559635ea53dfeac1817a9ced1d247a170a8153a54c05c371fc80aa2fa958bc5c515c026815c505f70fb374178f8ccf94836b66c4a7e23dab1c083

Download Submit
C:\Config.Msi\e6c9d03.rbf

Filesize
5.4MB

MD5
ee4af4ceb4b7fded7cdda37faef69704

SHA1
5ab8f2ace2f4a1892ea4a2a26df5ee7e9cd497b2

SHA256
75497de4aec4b5f0f258164672db2eb55eef5138c028317860e05f11030f7b7c

SHA512
4f807157e6bd57ac37bd1d8a52ffdc38e330e517101a1ea603096d8728b04c9c2ae96e510b961c87536e957587ce169fdece6bc3ed5e5025aa87c0f276da0ece

Download Submit
C:\Config.Msi\e6c9d04.rbf

Filesize
5.3MB

MD5
a6d08e8e290c80822842015cd877d405

SHA1
2ee9d28e20a73facff20be87092e482b562dad41

SHA256
950ff7746d747de51cc09c1aaaf88fbc2fc97c59865f574cc3fb10243ae7b906

SHA512
b6dfc3d0ef4f57c116d44b201fae187c9427d4fe7cad969f50f9408af40071d811e88698134491f479923b259a47d0b528e7ea23790248314e902ee24d0b93a2

Download Submit
C:\Config.Msi\e6c9d05.rbf

Filesize
89KB

MD5
43aae7bfb0c911e7e98003e2b45667e6

SHA1
0c6c7d96cd0eca734e425b1ddef178c3ab6c31ce

SHA256
a78e7988c9f99bcbe02d29441b0dcbdebafa616d2a4652aad867b81f554a0476

SHA512
33d1293a7905ee9ec58b9a7744981006d6dadafb75ef64769723de02ba273f344a20e20d206d64d2453746549fe471328a035e2b5cc8e485e7cfd2c2fbc7c6a9

Download Submit
C:\Config.Msi\e6c9d06.rbf

Filesize
89KB

MD5
0d5451a0050f7acc970ca02459c63d9a

SHA1
2de9febca0b1d48014081907e835237c832c65b0

SHA256
864958960b8dd2890d47f2774ba836954f2c4f5ad6e4d529b13138caefcce73e

SHA512
4d0b3d3d494c1774ae4575eb945f3c0742b723d6583d98dd36cc51a1d099b8f1a090d4b18c54897d1d58a67381b800604724cb609447860105bc2e0e8d5094a8

Download Submit
C:\Program Files (x86)\7-Zip\7-zip.chm

Filesize
117KB

MD5
b79894fbee3c882c3efc71ff3d4a21bb

SHA1
8bb4fa0e32cc892f8be396dbaa35acef7a53e36e

SHA256
2d55ca494a8b6dcc739d84bdd112f5c50d612f8abf409c9fb5f2b5c2c84c37a0

SHA512
b66a75ee3831c56967e2c64f8c9ba434f3cd9e4dc4c4fa79580e5ef81e8595863a477ce487921d46891bffcb31c6d45ea332e441c5c26df9a1ee59c0769f32b6

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
0009bd5e13766d11a23289734b383cbe

SHA1
913784502be52ce33078d75b97a1c1396414cf44

SHA256
3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129

SHA512
d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
548KB

MD5
1d1b0349f970c8de7fae7a94520e21f7

SHA1
8787ce498c9f1628665dd17004676a9cc5e8f99a

SHA256
f63a2d492d7a20e7ae6ace725da0320b05a6250794c9b449e1bc48d3f63cef56

SHA512
2ff084ca8b7bd05e156fcce6faaffd861ee09e09821e8f3325093a0aec46d54481d18d61d84b35fc2c760d93aeda70648201c740fb429f6f75dbd6708774f0f2

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
79e8ca28aef2f3b1f1484430702b24e1

SHA1
76087153a547ce3f03f5b9de217c9b4b11d12f22

SHA256
5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

SHA512
b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
691KB

MD5
ef0279a7884b9dd13a8a2b6e6f105419

SHA1
755af3328261b37426bc495c6c64bba0c18870b2

SHA256
0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b

SHA512
9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
14KB

MD5
1ae18a5934322b0b23da7c5678e2dbec

SHA1
a1ae84c861f338e8f8c2a7c0102d8b0ef9aa6da1

SHA256
e5db8a72bd2901a877c67b3acba60f386b9d6e8d3e485372f7180fb76652b93a

SHA512
01e660e2dc2ec9d4d64c4f981804f252f77bee400eb21a43077681a2fc51bc564fd5749ea8f25a4b3da0500bbf33dd3cd27ebbe3cab96e333dbd6b57966fc151

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk

Filesize
1003B

MD5
34c236c7688ab52fc46bf579415f3c8f

SHA1
d57d230bb2ba76426e7b0311fafa11b91d2b4865

SHA256
f47c7bec00b37bb3e5dd8d0bd7134610aafb129ae112c7ea3e5122669a39b13b

SHA512
bd222fa4370a0547a93ad4285f25b8cd57d21b5f2c415e1bc711dfa5ca7526c2a201b3db6154b15f985a45777e056c2e63baa4d6e8321557b856fc504727cef7

Download Submit
C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\state.rsm

Filesize
788B

MD5
75364d7cf58c7287f2bacfceae8f1f0f

SHA1
b53132bc8402481b07bf87b5745f799ffb6bc3d2

SHA256
075fd078932310763f3d8084b10015a81b401989f5b1fa2dfbd3f92dec3f52e9

SHA512
503cc75041ac773be68168bd985023346f0abd4eec10ac544fc158fd5c88a0094252b64f52b1dbb01d2a449d4fe19cdc9eb120d753994b8e78af547a1f35d664

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
a5f148b1e3b0a0c16875675cdc2b8808

SHA1
a2b97e429cc20167f76db3133e3fbc3fbe201555

SHA256
ceed4f386d32fe3f110eea0649b8992c88de9b86caca50feabf483d29bc6c7b6

SHA512
125e408fdb3c4a8e8a9a933c4d0321a64491cc8a2294d8addf2dd2d33b17a87571eb2cd868e23e14b6b5fccbf9ed06734730444393391b604889cd2c3dabd4a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
d8a1ad61d1102a598cad300f33e72a6a

SHA1
dcffb5ce05fbb9fdbdf347bb364f8a4d6137ca85

SHA256
b43a982ba2abb70067a5bb7fea0a28dabc3a0977b460eb66a03bbbac135aa56a

SHA512
d348bc69be72f4dfebef092f7035472f0c7ae0230b3992756cd5ea812a279b59813ed402cd156af5bd368c3a4edcb213170b6f81ebc0ac4556fdd0103a961329

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\doomed\13257

Filesize
15KB

MD5
625118ad76b89a3304356ca4018aa57b

SHA1
3d27bf667de9b0ca4abc27bd2a70cef09b23e4eb

SHA256
eb657d391d6ccbfdc8c59613a039eb06009ad3fef84a2fad2daa7348cd35c706

SHA512
8ade6f3822d00e5d82b1c0e3205bcd1e657f42bee86e893ac20b1c3b9199fb2ad429fff292ef53ac5bfbb114df198fa7881371fa77e51f020e77f8a819dc3480

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\03B83F65F9419A723AB0D577F95C2419EF7BAF74

Filesize
11KB

MD5
44abad10333014699617e3df86ca4edc

SHA1
ab357ae073035a1894214aa19ed7b1c6ccad5d37

SHA256
40559cb66c5cc597541f68948a88a7835a6c960c1a5925d6b87fe87cf14f0879

SHA512
153fd8c71fb5e43a074cb3ca22b227ace819aa5f39afffc7646f60b115afb3a6b57b191bef7a6179a1d699ca5a6aa4e6f1b3824945148cb7fcb93a0b65490088

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\16AC2308EA9830B0F765228DB2A0AF92019D47A5

Filesize
139KB

MD5
e6b1f85e47119272ef732abab9e2110d

SHA1
854fe9f9ce086e287eb46db67ce5cfe63ceb90bf

SHA256
bfe9a800b12bc526786340f86d2fd9ad1018a1e01181650df2b2550d73a23a9a

SHA512
a4068968964c9fc53a7a31b03c3fa57445965e9011add53c7486c9758fce41d51164f4d367e5c90d631faeb2b38f70b95f5c1f758deed1c4ebc4bbad136e6329

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\24C2DA48D5FD87E7FF5423D6619E2398D7F8D00E

Filesize
17KB

MD5
d5faaa669dc452b49ae64c772719b9d9

SHA1
69543ff21692f9e5df16274d21340ba30a1cc306

SHA256
b9d753371a6be5c593ff95fc08b561b0b73b1933c1cb6f661b525aaa37372c4a

SHA512
2bd2d90e392828c2a39d7b67e50d03746b91b6c222907d20e30df1f6e1ba231e672f169036147a7cdb577ad048186f3be3f8c84a76f0231afb041ab38bb69326

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\6CF5F4F0A6E6091D9059B38FACC34547A6E31913

Filesize
18KB

MD5
ffa76c823d0440928dc8e15aa0a44b5b

SHA1
d103fbb01068ba64590dd877316ee870b5cc7d3c

SHA256
5f96f537e992c31ed19c90be1eff208294031fca3a57969f608c9a3f8f66501d

SHA512
3d0898d6b4f6100916ddb0825401c1e66fe343de085f53ddd2167218264b917e53f506d36b02835f4cd27a91dd7689ad2dfa56718261d75c98cf98c5dfe0e9a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\757E36BC07B5E974CAB8637DDCE37E42CB734138

Filesize
20KB

MD5
69d8305da66ce90795abf01d52ffff19

SHA1
b2429a755f8468f0f1614b38051c5719a24fbc30

SHA256
47d22e617caa43da3131442e110d4e484e83e59d09aef93511155cfdaeb0f58b

SHA512
9733b305bcd65c1acfbbf28a856f4c3741c3e0142f721deb79eaa652a550988f8bfbf875d3a5c4cef53e46ee13c3f6bd367ff27a1cdc759d7185f762eb0ab3ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\87296B67882B48322F71B01EFF3F1C9D5A41F1FB

Filesize
18KB

MD5
068a5c8174e6072b6389e2aa1528bb0b

SHA1
9eba721f453b9d18f7a6a2571a2c4b15ec1ecc2b

SHA256
89878a9b58f6d3ded37007a4f9bee837312498044b0fff29afd00a5fb9a414e1

SHA512
1ba755b530b51338c68e51e654ca6080b5d8e406a8d0bc734fd727c149277a6b3175ef04d3a2bf1484355b12f465c0388babfbb3a50c364aac384eccb34ade9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\A75A7CC143AF62011114BC1912A93BEBE270DEEB

Filesize
42KB

MD5
3a74ead96915eb17e25f1bd57ff82dff

SHA1
aa546a456047ccb587c8acd76e5f544f5e344d51

SHA256
0aec487babf2b1616eeee1e99a95314dc4354e3539fe99514fc9998d5e08c061

SHA512
95947fee2110d601e6d114976559b14d7ab6c6d8d8d8e0d76aa4d4431f88669261bb77c6653d3b63576d960458a108b3d5ae2557e1c2469f2889a081be4744b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\F324F0D11442C4F5FA2ACD8B49A97F755FED0B5C

Filesize
85KB

MD5
5b9ed25087b3fbee3ca9e60badea1f81

SHA1
7cf84e933b49a2b0ecfc18224c946e12c5a49ce5

SHA256
515a56f33535499282d2f87a535bde8f84cbd5f4c90d662771a4bbb66ad5bff5

SHA512
f1b1ebef3461ff1a37c6eab01f82223fda35624cf69ec8d2ddff2717b84ae4cc168b675ba8c089821cea995918daa9aa569c98e2c6bad35e7f2f62de9badacfa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\thumbnails\683ca52163a6809f7ca5becbfda0f9f1.png

Filesize
16KB

MD5
45cea602665c129934aa9cba09eb1dd0

SHA1
f67e696be231cb67a9bc87ab953fe48e643a2941

SHA256
a4e51eda22cd77867def4b9400290c21e1ef6b2fb26d2f898a77cdad19520458

SHA512
a2f683009e9cc9d5b68609f599eb18fac00544f7984e33dbe79110d9f72f1f12700558f522807f2e88f40fcc144eeaff43cba5cb5c3b45abacd806c208d406ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\001#Install#vcredist2013_12_0_40664_x86_000_vcRuntimeMinimum_x86.txt

Filesize
2KB

MD5
29395f1d7ac64fa966bd4a7099766ad3

SHA1
6b3ad9c6911a74eef54d63bec9081c054a0dac9b

SHA256
daa8d7818f2f5ee5f49d0775e30a2d299d1e7164a223ea654bccbd2c932c36cb

SHA512
4f2507a05a39a1f0ead7a85189c58a45e19e17693932daa65539911b47357abf83a3b0a6e229947cea99e31756725b235d429ddc5028bf4f901f20b6a38457fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\001#Install#vcredist2013_12_0_40664_x86_001_vcRuntimeAdditional_x86.txt

Filesize
2KB

MD5
d4ce56419a078611d9595695c0beea09

SHA1
2b95e289fea516cc0c299f38cfd0a54b7da4defc

SHA256
af2f0f2b85e3403911533fcab87351cb486a3313c45354147f16e2a3e1f33eeb

SHA512
820f32261c746ec1ccfd91e666db93f8de594a694546905141e20bb06c6ccaca599a84d024782b533de03739f87ef5ad17ad44d16fe0af4dfbdc2c041e5eeb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\002#Install#vcredist2013_12_0_40664_x64_000_vcRuntimeMinimum_x64.txt

Filesize
33KB

MD5
f55876c7446bdaf220bad81cb8b4b780

SHA1
0ae2f15b8ba4a939b188555511c850de84ca127f

SHA256
62b0c66400ff9b1ebb095a8489c3bb4fb7ced87114c420cac24f5566bcac5bb5

SHA512
be7c1849c38d6c39fce0a5809a9dacfedce035bfa39a0c957292490efaa799626cb1d174dba64a7fc95ac93ab16c5c2db2b2ae72ff17cfda32f82f4bd6e3e60c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_142118\002#Install#vcredist2013_12_0_40664_x64_001_vcRuntimeAdditional_x64.txt

Filesize
2KB

MD5
f44306816da3e76beac2bb7ac6445a05

SHA1
eaee02a0a2bf42b8e93c91d24f0c8eefb18251f9

SHA256
515b5b1b62d32396b31973f095141ec9b164424b9aaa0da404c2b57a866a7b13

SHA512
dc4ee17d96beb731592b73b7e1a2cf7fd76399d6d24af6180223af0bfa10be21d7cfedfa5bf5773606d5e88e16f415a531dc814f475381d6818205a9bf1fcbac

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x64.exe

Filesize
6.9MB

MD5
49b1164f8e95ec6409ea83cdb352d8da

SHA1
1194e6bf4153fa88f20b2a70ac15bc359ada4ee2

SHA256
a4bba7701e355ae29c403431f871a537897c363e215cafe706615e270984f17c

SHA512
29b65e45ce5233f5ad480673752529026f59a760466a1026bb92fc78d1ccc82396ecb8f07b0e49c9b2315dbef976cb417273c77f4209475036775fe687dd2d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\addon\vcredist2013_12.0.40664\vcredist_x86.exe

Filesize
6.2MB

MD5
38a1b890ce847167d16567cf7b7a5642

SHA1
0f5d66bcaf120f2d3f340e448a268fe4bbf7709d

SHA256
53b605d1100ab0a88b867447bbf9274b5938125024ba01f5105a9e178a3dcdbd

SHA512
907a9aac75f4f241a85ecb94690f74f5818eea0b2241d9ef6d4bf171f17da0f4bc702e2bb90c04f194592fcc61df5c250508d16b886ed837a74b9f45da9627cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_SetupInfo.ini

Filesize
1KB

MD5
0f9b272995d5a4006119977e95fb2686

SHA1
b7f626600d693c1cf05cdf8cc00cc6fd5c412098

SHA256
b500fa16098cba0b9a60340834185c5d1c3b60528d1ef86b262785e37d727e11

SHA512
e4fdfac2f0c5ce1e90167bea82931590c99a73974bf6cfba6bfea4d56b919e2a47be158b458d90686c7a6badffbd2777b43c7492b092b71729551d6bbca664b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_SetupRes.mxres

Filesize
2.3MB

MD5
106dc03b6e83113c84709cbd7fef4f2c

SHA1
1e4d1d835f82557ca17f1f5016eb525f42429514

SHA256
eb1e26006d02c6ee5f49b8f321f84bb9aaf167169a298f4b306539bbd85a3254

SHA512
55c135e7f22d479d383a592154125e217631a377e64426bd1c119b86f2bd3f9034723daa19af0012eaefff1b9369725a73ba932399057663672eca59080662a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_en-US.mst

Filesize
48KB

MD5
a39462cb32fabbed15189cc0275cbf00

SHA1
ef209f952e0653b4a1a65827becffa9dd45b1b1a

SHA256
5e6e353911f45d829ca31b70f1d763730f1e8216785aa87e1ac57f9c9c23f2cd

SHA512
f8ac2f8556f3ea0d97f6bdd4c80c3c04d9474c0e36e80ec00b416ea688e253a1b206749d4ad58f6b584313388b9a5c9631e4015fb0feb4fda8c51e62524f33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_es-ES.mst

Filesize
48KB

MD5
928f2477cfdfb7a531de1f77d0a97fdb

SHA1
ad386e5cc50f63b407a9f847f00c3b813abec37c

SHA256
8f6efacb230ac2587524b13b4ce1e95d7de51800a495dbbfa7d846057678a632

SHA512
2f87f6e53a65181f5405df3cecaf20de9f7f19f9fe67a8c90118406ffc791e74636f6154a69ec222154c4482932174b976ec7a20cdb3cd6d49bf5d0732449fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_fr-FR.mst

Filesize
52KB

MD5
3ce3f886f3a7716fb901b2d24f89ea60

SHA1
c0cce042c925a4d687e44d709f042ee998bab4f2

SHA256
0d7eeb6a2ae87a64cc7c1f1c09bff69a7f53f8bf758d7fcbe56b0139975dcdd0

SHA512
05e299f91e75db24239bee5bd00d66425792100feeb714dfc9b4f14a1f826cd44b006e462b9b07b7b8bd876425f979618cd9157825e4711e07e787600fbe3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_setup.exe

Filesize
4.6MB

MD5
917717e087557e261275260f84a3b276

SHA1
d087843ed032c2ebf87cd82cc76b3b8ccaba2d57

SHA256
6a562ea680d7300a582d8ddf204342a6bf332a2cf883f43668ce0bd4a3315346

SHA512
ddacad901355a3f3acefd1c4cf28de7799500d1cd512f5f9f1ef087e20d17c2b83d27926ed346a7607bafc55e7f81890e73ee7e502f1bdc38e1f44016fd9a2b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_setup.xml

Filesize
5KB

MD5
165d5e68beedc583873611ecf592c4bd

SHA1
fa8dcd59626bdde8f0304ce6ec09567057f18ef3

SHA256
9c017fab68cdcaf3dfa8e27bc4d330a40e5e90d9faf8bdb26762adec0075b485

SHA512
11b8017a7d98a9c94dcb67c23ad3b7930995744029209cf976be043780c60eee4e1c1ff756a67bc16c634e62b1609ba774a436638d36c5896d10c957c5389e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\VEGAS_Pro_20_setup_x64.ms_

Filesize
2.8MB

MD5
b8c935669d29c9471636f2abdefc2b29

SHA1
49b85eabed1bda1e2d45633d674c30109d6f798a

SHA256
6a6f786ce2d44bce9ffc0622855e45f024a745ba194c08190dbbe5ed8427eb1b

SHA512
5657599417a38d635b6b5f55ad2f11ddaaeb7ff9deb6e66029b2a825471de0fbf1c529c2bac75e35200d750250a58f246cff09a6ec63bc56a2215a9db9cd48a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxjnzto2l5\product\_abzdx6t.cab

Filesize
36B

MD5
8708699d2c73bed30a0a08d80f96d6d7

SHA1
684cb9d317146553e8c5269c8afb1539565f4f78

SHA256
a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f

SHA512
38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\license.rtf

Filesize
6KB

MD5
1e47ee7b71b22488068343df4ce30534

SHA1
deaee13f21ab70b57f44f0aa3128ec7ad9e3816a

SHA256
8518f0420972c1dbe8a323ffc6f57863af0b80c6a3b27fd0c6fc9bdabb7e2d13

SHA512
c4c653bfd1fc493b0efd8f9c75495287818179dc35969d1fb1927faac3ff9189fde1131c5abbcc3963f707412a7f8ad05a9e6855b7d47d6df1f80d25d67be9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\thm.wxl

Filesize
2KB

MD5
fbfcbc4dacc566a3c426f43ce10907b6

SHA1
63c45f9a771161740e100faf710f30eed017d723

SHA256
70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce

SHA512
063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\thm.xml

Filesize
5KB

MD5
0056f10a42638ea8b4befc614741ddd6

SHA1
61d488cfbea063e028a947cb1610ee372d873c9f

SHA256
6b1ba0dea830e556a58c883290faa5d49c064e546cbfcd0451596a10cc693f87

SHA512
5764ec92f65acc4ebe4de1e2b58b8817e81e0a6bc2f6e451317347e28d66e1e6a3773d7f18be067bbb2cb52ef1fa267754ad2bf2529286cf53730a03409d398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.be\vcredist_x64.exe

Filesize
455KB

MD5
3284088a2d414d65e865004fdb641936

SHA1
7f3e9180d9025fc14c8a7868b763b0c3e7a900b4

SHA256
102f69b5a98352a6a1a6b26bc2c86ee7611c1f45f5a9ca04f5a8841961f191c6

SHA512
6786fb431addf05df256d0e1383501f96356aa78f66482db9772c58334aead59838abb7db0ea793d4a17627a357598266681c28328485489a21bc2985e751b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.3MB

MD5
f5879f5f3ffa839a280ab853338de872

SHA1
3b4366abb2da245416531925ebd8c76adc3e90ef

SHA256
1f2f8f5d60dadbc6e4d3d36c88cc54f22af0a615b609609e748782dc26231174

SHA512
96a88601cedf859c9fcd388d9e8d2fd6139f6e69ab6b05b0e044d1a598cd1a066d27a0f7a7c71bd77576dcdd083dec7a55f2cd9de52ff95aac23171c9f9670de

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\cab5046A8AB272BF37297BB7928664C9503

Filesize
1010KB

MD5
361903c5ff86511786d7b450301dd640

SHA1
c9fc04a718a388294658590f1240d8c7e9ee4f82

SHA256
e95d29cbb06bb323d9d43fc2ce61d4565b0866622a83d93df76430a0c252b433

SHA512
78ceaaaa7f3e1a40ac2528e2f169416d6ebfaba54301754035f2a62f845421c8cddaed84770182e51794c9fb32720aec998d453de2bef621de7a7e2b3b35af20

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcRuntimeAdditional_x64

Filesize
140KB

MD5
4f782799f84cd006f7f1c750afb04d8c

SHA1
0cd219d326fd40665d2f1b22569e2517792edfd9

SHA256
8909e5c1d917064983595a4e4717f758c2a8df8f59d7b31a5b79b2f95bd8f7cc

SHA512
cfddad551aa5a35b032b7006b167fd322aff46ec8a2934632c087882b24404ee48083ee38b9110add9846880b1ae0bed136bb21ae751e1d3cde9dc27eaed5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcRuntimeMinimum_x64

Filesize
140KB

MD5
87b74c694f295830ffe516ba20de0b93

SHA1
e6996d47bb76ad25954b793f73211524490f55a9

SHA256
e88d0915814e622cd1deca849efa23a0d58d5d756be44ebbb4d460d3dac9e816

SHA512
d0fd7f8c8964a99ce7a9d187640acdbff4ca3d16f02e44696706d6107b58890e763a18857bec2b94f92ca559510fea0ae5515ce3de20aa4371aebb38006c05eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\.be\vcredist_x86.exe

Filesize
455KB

MD5
0ce624d3a5a586c2bdda26b748da78d7

SHA1
b9ed0a86eae645ba19ed08327888a4474c95e34a

SHA256
fd597b58a578cfa46e1818b3b4b795ca6d25225dc11ee86cd491f3d55d7b235d

SHA512
e5bc577bd319eb3ac70c527acfb313fac817e63f5184e6581f6d813491ca0f1a0f80583c14c2b9f2b8fa1df5938c2ae3318a91bda41171c63cd1670c55a85b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\cab54A5CABBE7274D8A22EB58060AAB7623

Filesize
973KB

MD5
258b65eb9fed187051d5fcec7ce65dc5

SHA1
b9afc5fcd8c6ca2ee3dfe9507e9adabdd9ded039

SHA256
80a29d5ce27c6794b9a38e5d5b98d535f877ac3363f450ee7ac0be9394426e49

SHA512
8d5b4c14deb07cc1bf70abfd6e04573822eff3b3937fb3867f5300d97c46f900f2446f923334d1cf5b51b17eeef063d6d59e8540456f310edecd98d223125bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\cabB3E1576D1FEFBB979E13B1A5379E0B16

Filesize
4.7MB

MD5
7fe64755ed8427ee4512760b69cfaee1

SHA1
30b8c69a5eb83a1804975f04fd0e701e2e9d98cc

SHA256
e12efc1bc0c61a7b9ba10a07502ef6833297d028368760da26e63218b744da79

SHA512
dc6c9dc1cb0502be87281ad5bae3ed54c5cfc7cbc4434880f1ba7a33599fc5503d8192ce6afbcf8ffcc142955f593e9830e49e72c0d5c9a7aac5f91024eac38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcRuntimeAdditional_x86

Filesize
140KB

MD5
b547a22dcdcf3d035a56f52f1b16c2b5

SHA1
ec9e2fbee0a5c43c021365a35d1d6d04eea335b3

SHA256
7cef0419f52c47f41b9546065e6788f20de07a7f1e647589ab52d88f6c7e50a5

SHA512
6d49cd8266575f3a9cac205425f1fc11b70a58b0a657ba3e4ebafab43cc37ccaf54f551cbf367c8c08b2a6710f82a18ccffb3870683a9b922c91cff19ea7b65a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcRuntimeMinimum_x86

Filesize
140KB

MD5
89d36fccb34b319b60d1850863e0560b

SHA1
f356410e3946063b85750f54998582510b9672c8

SHA256
60714fcdac0a7cbfc45e6ed9bc6d4b7f8536947f630016e5faca5cce1745adcf

SHA512
24e167d0305811409e433c8d78716e9b3af4bce4b3f372276f4730ae7c802b8be8f193a70ac0d44ad6e083a35f03fcfdb2faaae4a9975c9e2ef1254285b0309f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
77e1ffdab614ba03b36098a0adfa080e

SHA1
46c0d5313308c20e730657007a61126bab0c303b

SHA256
e0a27c512914355b5bdd38b5448e75c92e23732fb84c2ae1410bd75330d98630

SHA512
a2693cb98ae269633692f766ca97530de2e48454048c713bb0237e862d4dc53018f96ac429c8454f71aa139e9aecee2ebbde043165f0f245f15f19a6c4fa9aed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
0ec1f1502ad0719375ce54fd1207273e

SHA1
7b9b8a2436b8cd4228b33379f22206fe675fd4bf

SHA256
c7c820c14c8ad0f575810939d2550e707e1fc0cec439748ebf0b028fb118ae1e

SHA512
99badd773dc63eef7521f1b0b2e14b19c312adff26b0589ab573ea7c863c9a68e06f4c43ee34ce6c242d45bb3c4ee76b55a5665e63cb7c1006a1366046a10ec7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZO0AMKO2GESGB5K6DGV3.temp

Filesize
11KB

MD5
73bb027005a0a0e88367ef68a65928e6

SHA1
1355b71a78202e680fef56ebd34dd52c09701c35

SHA256
2ed2420bc081bd1fa6e69e16cbb7ac052ebbf51594da97d346b8186f92afdb6a

SHA512
f67ef367bbdb05dda7ecc92e733fcb243a80980db51522ff8cb301369fa6f4ef2391d37b3a265bd5a4910d474003a6ee23def475bb261a05bf99ee84721b4cba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

Filesize
10KB

MD5
47aa8cec4a777c21587327d7d513841e

SHA1
af48fb0e9f21869dbb429e136dff4d901f2d8ccf

SHA256
7324b3083f02d9e7823e935d1c99e42c697121536690b83ed8f119f3a1fd0981

SHA512
cc60cd63288ec9cebacd871229dd29b0ab153c3d8e2c1071e647b3f5d68a32c789056cc8cad347a8dea3ab5419a57d1dc5135cd6e455db6a320287b5886c1202

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

Filesize
40KB

MD5
0597f33112312eaafda6f90ae1871697

SHA1
3cf1dbcd1453500c099418ef4a6dd92727afd82b

SHA256
f524b275d4b62deff92291e34a1b89af992939da13a247e3604cf92c7e277757

SHA512
2ec07fbc209a1c6481ceda27bdf64620f5a943ddcad4280adb88edbd5c77287bc0ccc15eeae1640bff3e0987008e3e8bd23b1da02fc4c11a7da56652226cd9b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\bookmarkbackups\bookmarks-2024-08-09_11_mcsYCZVqji0dQlCX5IyUiw==.jsonlz4

Filesize
1010B

MD5
b28773d0a04cf290d6744bbc1db71e30

SHA1
1a74984178b8474f645570959b98a65e51f74ac5

SHA256
9b0f6fa48dcd71d002ec9d1c5ca5d3a581d8213c7bdb4a2f474db7b1defad6bb

SHA512
73f004b607320fee622e2cec46a69398595695b25b2465638a6d18ab583229423fbcd6819aa598d213a5c6e819737945e018aa870564f6dd5445c243382c0293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3cadd234370c97aa7b3e268d6ded0a8b

SHA1
84376f50634c8c1588f1576af1708f9b5b5798d4

SHA256
cdf95b347ed15e8f4dcfa168e475c3139e0f83b9c0ebb64f04f4657d58e1ff8b

SHA512
546d75cff4bae0c2da82c35062c696f215bd3de4e2d9e6714ed3ef7dddf16823f34e874a4b68581207751dce2b0f0ccf6816d8c6268196c6d24ce201c3336a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
45KB

MD5
df804a6f5f7d340eb6397b219594b79a

SHA1
e48e40a3cbdee6d8e6df0b253f568f8a18c5ac4f

SHA256
d50cd85e2fd7941f0ffb719953feac0e3f23d0fdbf3a6d37b62995a0c80ce69e

SHA512
4b7e5d787d43e9d04ec174c8c50d38be738e31b37c235cbf0e993cc3f4ee2f26f8a87ade15b6cb4ff1dc87641131e9966fa215adc227f785f84bcd523049e244

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
9b23c432176aa5e85a2296c9ba58edff

SHA1
93db05dceb6739b12d09df275d3c112f94e3bd02

SHA256
76cc51cc33ce9930e47b8609a328f543ec4ad4974196c13ae9c251ef446fa1d2

SHA512
16dba27fcc0b051216b95e8372509df91bf65151e2fb8d87c8ce672421c33bdefdc0f1ce71e24d09c96cfab01a7a1805312ecfdf22c8525bfc20383b04113d5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c0247b8236550e74dbdc64d9376b4c1b

SHA1
bb3277df941acf8081b17d66a23b9986e542eadf

SHA256
d37f8cc8d811517f92c3076cd42e67d39605e7357680ab71ad867a59cc2db13e

SHA512
40073f058636ebc1c70122e4c65adcb2d1d88422ef1f7619026d44a400fdfdd4ed7d1bb6eb54740b97d8685ddf876e3267db2e47b2491552fcf770a33b14e56c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\72133ab0-25fb-47de-822c-a89c16787620

Filesize
982B

MD5
319abd6ba79f7937aa78f83d6c11a8bb

SHA1
3da58635a9c24c867f01d850c72512155165c6aa

SHA256
f35db2171788f3b42f1f8271948281d320e210351a38542885bef557113946ef

SHA512
95035e3f0eddecda6615a912ed774ea54ef96882053f44eef6c308340d9fb62e0234bd3eeeed33cf01b69d444974e784ca52fb2a44fcf6e62351ec0730abe682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\8706b20a-a59f-4319-ad08-69bd0a628939

Filesize
26KB

MD5
fc6df65a44d7c74642f09e367e8d9180

SHA1
2471bd185f500fe7c3460839efae6f14afbe6a7e

SHA256
1312bcd92653629062ba4fa200e5b538936fa867038ef247cdab2f0aaa650735

SHA512
1c52df2f8b8075f2329de810d564efb9d1606e758b875154ea784ca7b12285058b2dbe5bcf14ddca66cc201b6b15dd7f801822a3cce59c97251dffe8e3d4e93b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\a61a0e83-926d-417a-ab49-9ebe9a18a3c0

Filesize
671B

MD5
e2588a8ecce2777e54228730af50e959

SHA1
5abca97e9990a2a12de5be6fe5e8f44244631cc7

SHA256
09fb3b3208b48444f97eed21ca21f74223766d31b6267f28332cdc22d2ce6e58

SHA512
ac31f5c9966c9eac2db3bf41c056945af8d29319e67b9b70c62a9dbb717a4f48cbd59791ad6460fdeb727db1e5ce443982c1e517fc54a44ed8fdcfc5f345ac29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
10KB

MD5
f427a351b52dc75cb2af4035a557c71e

SHA1
85060f0b5c2ce40f449a82cc83e598c10bd3b787

SHA256
28e2cab27f689c3faf18f7d49989fa062adda5cc2e0a1df02521f624eb10b496

SHA512
2eaff6178c49bc5c20a873cf7cac0222fea9121f1e6de8e3367c0a86d8cb09ecc3486f4ef14a498f73da7ed86306561ee41d94f2e7f60d661fb05dff1a4ee5f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
11KB

MD5
577dcfe31acfe57713374db265c300de

SHA1
3bcdb9c66c47eeaa57d32d2ca612c399f95bd846

SHA256
683d62cab5b2bae7fb6ab563294c45099bf0fb0888bd935a480df766e5567d99

SHA512
271e08c3594b839af1a1f360c9f1c60d0483e11c853aae30a44e3d8c0045a663d589024603c53330afe1bf028bfae7258b1b993599bcc323706c1b8eaf0ef2a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
12KB

MD5
a28383200d9fef5016f16fd64f99869c

SHA1
be6dac6c2893bd492100a7f494f88de847a4a91a

SHA256
022650793fcfacd28c34a6dddef0c5a33adae61514f1c71b5a837b4af7b8790e

SHA512
5624cef69715c3672cbb35293fb9cf6d3f75919a12eb64a6afd0a6ea2a8b5355ebdb0ec7cab28eb6c603d739f815709241d1337a1c5f355e533ae7a72864b6ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs.js

Filesize
11KB

MD5
455e8c7c2af93cd90ab9d5b72ddf66c9

SHA1
6fe4095499f94a57853bbbedb9ea4a8d723d8cf1

SHA256
88b46781b57283b2c05bd0c3a84192bf3365fb82c5fd4210e8e40d0f9e4bfeb8

SHA512
39d541d973e81edb1be46758ff779524d60b5bb3b8bed3f58b54fdc822ebfc5bd7b283a01382398e92a32c12038ef03eb1891649cae76234b5cf9f8683e349cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
7ed1c8c68b817f29ea8ae0af15f90435

SHA1
5d62584f1fe6e423ccc34982477ac6ee189e32ce

SHA256
40f9a8cf97285d12b2b6463f4fc822de0e52b3c33714f7dc3582d7650d24713d

SHA512
ed1459ee2105b39eb19aed262c7b931b348ec0454c4b105fd88415272465bfd481f628335b74185aa37fc3da913ae4b43b9aa99a3dc14cd4e49d74cd918b0ce2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
be0628eec580dbf3afefc418067cc6f8

SHA1
867e8bc28a07f7cca64d88b384e73c422e57edb0

SHA256
2303d9d86809c5be5786d16a7df2a4e999441f9d3154e515a967589e765add45

SHA512
b8e48696479683e8fd26f681ad2d8b3dcbed99d2604d4d1f4c58387d8cb84de9e1994670a900894b17651c4643cdb6e1f4a0eb5a2f2b644f94af1c3fd7f3f9d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
0199c3c723d1b4a20898daee5e9907cf

SHA1
ab19ccfff1abe26609cd56ea08d4f6eb9e3cfb42

SHA256
1cc4de9647247357b745137966761714c660df998f1ea0851c12be0887296c38

SHA512
4a4ddaef0f296eec5d637fcb776ef05646397043996b70e4f70681684922b117499723747987d79fa001e5b5035f0c4e66226794a29b116f0542f45a603bd289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
9875db62ce90ebb5dcfb902672e5f23a

SHA1
30e43a851559ae5047999bd8c70963e655d740df

SHA256
8a1ae0408b2d831c3460feba68a9e15bf3a778fee5653753f6d7dec7bff912b7

SHA512
a3acafb659541df52653923d66a2991b62b303975a0c4cf1d9dc62529900daf6e109311fc9ab53baa68963c5b278f3e1b4c07d1ef865c2773a7b221eb87bff1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
1c0d55363634d5458000140fd4aa7eeb

SHA1
692553a7d9de9acb03bed1b63b785818f3332963

SHA256
f07b01eff72534e45f52a920db69bc59dab1cf7ed030137847f6fe6d07e6eac5

SHA512
a49d9be03ee8c8d27b820b42ad339240013eab3a6055eca4803a8adbf4e931229edfb276f9d577426b0a2de4266d9082545075e68c3dc62234ceb646febe8ce7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
6523237cc9d124ca0b4cffe8e48e835e

SHA1
c3f92ca0f2ebc777e894e494bc35915850ef0df1

SHA256
a8cd2ca5bf5fed0056ec0084729be483e70634537799dd252999b56a0b265142

SHA512
62a55b741d9086465f13fdb1f8f56cfaa2846bc7910554b61407c680543a01a55eae93300f5158ee9efc53776109bf668dc60b61bdeb20593b3da53c6a1b3116

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
8c167cb9a476b1a9d771a3ac90b51fc9

SHA1
867517fea9bb8ee3f88ad0c43d03e645063f7fe3

SHA256
829fa2d329f85d46e599ef991a1c9611d7576641c6732817ab733d983c5ef8e6

SHA512
21e0f151aedba20d8129644ec6dd68caac888ae8cc8bc2433ea96c15befe64fad54cb10c96d68c537955bbaaf24decd94f5f77f2ac356e26a4cbecba26338a58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
1ffc91c538c0422cff0af5bcdf48d631

SHA1
0551fa9e7a2b6d4c1e2be4e6f1cfbbc7723091f6

SHA256
7d0ec7e437215618bf3469adc89b776520749b105bd3ac482e202868236aa5a6

SHA512
7a427d965f3f1ca99db7c0736d8742242e13956895c5bdfcf8aa4c6ce39efec6c1435aadc2504c48b7d675936d59a4f3278bf65a9794fb34df320dc0f9cc0a47

Download Submit
C:\Users\Admin\Desktop\MAGIX_VEGAS_Pro_20.0.0.13\Crack\Readme.txt

Filesize
53B

MD5
5661a1ebf69a52d5f8faa742c5aac5d3

SHA1
5934fe33fbe4d218c977e79f285e30f4a0f96f8c

SHA256
3eca7ace001fb994b42c254377b18fb3f15783e93d8769f07535d5b17ec6c64f

SHA512
b883a84bcc5d1207e48c68e927a962d038f102567bb14e50ec50f122279453840f897d0056f21f9d999d669366de76ca2352f3ff9fbb160caace536128a0a703

Download Submit
C:\Users\Admin\Downloads\7z2407-arm64.exe

Filesize
1.5MB

MD5
64e16722dfcb1452e6980c104df2847e

SHA1
20b4fb000386745f78696b85e9ed5c32ca6cd04a

SHA256
ffd49da0ca77d5376d9040d6ccd3a9963f6355f3e796455812569b4c61593f34

SHA512
ac309aa1240b9e2402727509f6b475ade3103b8daeea5dd4c3b7e3c1c74d0ff4cef324f1a33d6cae18d2778f77cfab77810f96d7ffbfc77fd66abf5454cbfb6b

Download Submit
C:\Users\Admin\Downloads\7z2407-arm64.exe:Zone.Identifier

Filesize
104B

MD5
ecfb8cb7193c95e2758229dbea70c72c

SHA1
6d6601a7ea6be8d83f68799b177725aa013b841b

SHA256
8ab43756c1c893a0fc4c06a6e6593dd54fc79b753efb61e0665267a4711c0376

SHA512
265e6ce0a3e62b5537bc0de48d2db4fa2abf9dcbbda9449184a2ab0755f004cfd2c8f29988cfca7a64040def864a02d9d5255a15af70695cfc7626f6db790768

Download Submit
C:\Users\Admin\Downloads\7z2407-x64.As_hYzl9.exe.part

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

Filesize
617B

MD5
de6656aa8c19adba3f7b2e306496feb0

SHA1
431a3535eb5c396895075c68a211e93030fd52b1

SHA256
3292e2e524104293b8684380972746440a14d2e6e71d0c0b8b3271529ede3663

SHA512
7fbde8e094101f3b4c3833055c3076a517cc08b7b7bf4d3303719a47f3721cb50ebe2c18c34b4dd77c6ab9ccfec0f7b7b978c4bfa8eca425d667dc34d111b94a

Download Submit
C:\Users\Admin\Downloads\7z2407.exe:Zone.Identifier

Filesize
613B

MD5
5f2e6c1f9c00ce8d27f0172cd8af16d8

SHA1
6081bcd713c4052573f60b892c8963623b24d9d8

SHA256
c27aeee7602e84675a62a8a7145011e0947d8cdce7d959d78b81f7c1e3560915

SHA512
0815c5b5ec8d8cd2cb2397726377586f968e47c702f05200176a71e05b0aaa22dc53427fafdd43e088b2d4fc37a7194878a6bceb440085306130ecc1162c71a3

Download Submit
C:\Users\Admin\Downloads\7z2407.nREvY9EE.exe.part

Filesize
1.3MB

MD5
3f6d2cef65fe49a38190781a0cb46707

SHA1
6132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0

SHA256
151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb

SHA512
731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58

Download Submit
memory/3392-2794-0x0000000000F50000-0x0000000000FB5000-memory.dmp

Filesize
404KB

Download
memory/6592-2414-0x0000000000940000-0x00000000009A5000-memory.dmp

Filesize
404KB

Download
memory/6612-2413-0x0000000000940000-0x00000000009A5000-memory.dmp

Filesize
404KB

Download
memory/7160-2795-0x0000000000F50000-0x0000000000FB5000-memory.dmp

Filesize
404KB

Download