hxxps://drive[.]google[.]com/file/d/1uK1tpACFZNBWbUUxFsV2rNzuPu-Krdxf/view?usp=sharing

Analysis

max time kernel
512s
max time network
518s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16-08-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1uK1tpACFZNBWbUUxFsV2rNzuPu-Krdxf/view?usp=sharing

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5056	gta_sa.exe
3800	samp.exe

Loads dropped DLL 49 IoCs

pid	Process
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe
5056	gta_sa.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3800-6955-0x0000000000400000-0x0000000000525000-memory.dmp	upx
behavioral1/memory/3800-6965-0x0000000000400000-0x0000000000525000-memory.dmp	upx

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Road\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Road\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Road\electro map\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Road\electro map\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	GamePanel.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
132	drive.google.com
357	drive.google.com
358	drive.google.com
1	drive.google.com
2	drive.google.com
3	drive.google.com
130	drive.google.com
131	drive.google.com

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
5064	GameBarPresenceWriter.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gta_sa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	samp.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = dc96c32200f0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "542"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "704"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "603"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "752"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "643"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	samp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 29953f1c00f0da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "3492"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "651"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	samp.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\GTA Low 1.0.rar:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5516	7zFM.exe
3800	samp.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	5072	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5072	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5072	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5072	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3068	MicrosoftEdge.exe
Token: SeDebugPrivilege	3068	MicrosoftEdge.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeRestorePrivilege	5516	7zFM.exe
Token: 35	5516	7zFM.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeSecurityPrivilege	5516	7zFM.exe
Token: SeDebugPrivilege	1528	firefox.exe
Token: SeDebugPrivilege	1528	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
5516	7zFM.exe
5516	7zFM.exe
5516	7zFM.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe
3800	samp.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
3068	MicrosoftEdge.exe
3456	MicrosoftEdgeCP.exe
5072	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
716	MicrosoftEdgeCP.exe
3068	MicrosoftEdge.exe
3068	MicrosoftEdge.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
5428	OpenWith.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 1264	3456	MicrosoftEdgeCP.exe	78
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 3456 wrote to memory of 308	3456	MicrosoftEdgeCP.exe	80
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 4484 wrote to memory of 1528	4484	firefox.exe	84
PID 1528 wrote to memory of 5204	1528	firefox.exe	85
PID 1528 wrote to memory of 5204	1528	firefox.exe	85
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86
PID 1528 wrote to memory of 5288	1528	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1uK1tpACFZNBWbUUxFsV2rNzuPu-Krdxf/view?usp=sharing"
1⤵
PID:420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4732

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:716

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.0.865831646\86951706" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2864bee9-a097-4fb9-b51a-8e055db7ef4c} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 1828 1615b8e3c58 gpu
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.1.91988120\1440051687" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {205caa17-af4f-488f-8b94-99eb6257c5ed} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 2184 16149572b58 socket
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.2.942932433\2067960434" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2828 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aade24ab-b2df-44b5-a664-21b3eeb6db1e} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 2936 1615b85e158 tab
    3⤵
    PID:5636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.3.721628557\220386622" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ae54793-18c7-475c-94e3-e9783ad7ae1c} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3536 16149562558 tab
    3⤵
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.4.758311344\1564847760" -childID 3 -isForBrowser -prefsHandle 4076 -prefMapHandle 3904 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45039c51-7c81-4f4d-82a5-5cc44c0edd44} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4080 16161072058 tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.5.1785974704\23933522" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08a75867-b216-4a0b-9deb-954bc698e4ba} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4884 16161eaeb58 tab
    3⤵
    PID:832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.6.466602911\1021962548" -childID 5 -isForBrowser -prefsHandle 5032 -prefMapHandle 5036 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28042840-261f-4976-a034-1469fcb03a99} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5116 161623fbc58 tab
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.7.1483067913\511494313" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c9c6494-bacc-4920-970f-9000452e2f32} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5232 161623fc258 tab
    3⤵
    PID:592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.8.1228433139\1910354582" -childID 7 -isForBrowser -prefsHandle 4172 -prefMapHandle 4112 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80fdaeb2-9c9f-43d2-be6f-04703d1210ab} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4160 1615ea40158 tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.9.1094690117\1604424832" -childID 8 -isForBrowser -prefsHandle 2960 -prefMapHandle 4348 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19151cde-e652-403f-a357-608f2cd7a45f} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5760 16163fb3858 tab
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.10.1153945844\734556826" -childID 9 -isForBrowser -prefsHandle 5864 -prefMapHandle 5960 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6dbe4be-a426-46b3-8856-ffc34107bcf4} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5896 16163f8b558 tab
    3⤵
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.11.1192550088\1253430196" -childID 10 -isForBrowser -prefsHandle 4284 -prefMapHandle 4236 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54566096-ee38-4494-9152-0c933562bddb} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4228 16164b54758 tab
    3⤵
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.12.373487868\1957987209" -childID 11 -isForBrowser -prefsHandle 6808 -prefMapHandle 6812 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4798d00e-448c-41db-959f-541e9b84871c} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 6800 16165080f58 tab
    3⤵
    PID:3908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.13.616692512\1190002942" -parentBuildID 20221007134813 -prefsHandle 6836 -prefMapHandle 6840 -prefsLen 26808 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8e32c3e-0a50-4e11-b917-dc1b75b686eb} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 6884 161655a2258 rdd
    3⤵
    PID:2532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.14.1411335023\83206305" -childID 12 -isForBrowser -prefsHandle 5712 -prefMapHandle 5684 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e778bdc-bc8b-4aa4-9608-0e2c8b853e21} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3824 1616547fa58 tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.15.1499861673\622364966" -childID 13 -isForBrowser -prefsHandle 4236 -prefMapHandle 1556 -prefsLen 27573 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc53cf78-a02c-4edd-a30f-7f309f1b1e10} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5264 16161eabe58 tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.16.175439611\1061871657" -childID 14 -isForBrowser -prefsHandle 4604 -prefMapHandle 5332 -prefsLen 27573 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a8f4894-4aa3-4161-9177-22cb1acfe059} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5356 16163f25658 tab
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.17.1419962987\1038479993" -childID 15 -isForBrowser -prefsHandle 10820 -prefMapHandle 10816 -prefsLen 27573 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {542cf7a3-4dec-46fc-adf6-b059d2556f1e} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 10828 16164a2b858 tab
    3⤵
    PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.18.1529572830\1863516290" -childID 16 -isForBrowser -prefsHandle 6736 -prefMapHandle 6748 -prefsLen 27573 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {572ab502-2786-4156-b5ea-a96adfbe0765} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 6684 16161eae558 tab
    3⤵
    PID:3992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5428

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\New folder\GTA Low 1.0.rar"
1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5516

C:\Users\Admin\Downloads\New folder\GTA Low 1.0\gta_sa.exe
"C:\Users\Admin\Downloads\New folder\GTA Low 1.0\gta_sa.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5056

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:5064

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000008037A /startuptips
1⤵
- Drops desktop.ini file(s)
- Checks SCSI registry key(s)
PID:6028

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
PID:5256

C:\Users\Admin\Downloads\New folder\GTA Low 1.0\samp.exe
"C:\Users\Admin\Downloads\New folder\GTA Low 1.0\samp.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:3800

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\New folder\GTA Low 1.0\moonloader\moonloader.log
1⤵
PID:6000

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\New folder\GTA Low 1.0\cleo.log
1⤵
PID:5152

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\New folder\GTA Low 1.0\crashes.log
1⤵
PID:3420

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\New folder\GTA Low 1.0\log.txt
1⤵
PID:1752

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\New folder\GTA Low 1.0\SAMPFUNCS\SAMPFUNCS.log
1⤵
PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14227

Filesize
16KB

MD5
9a0abe9feeb236393a2c5ec814db9762

SHA1
62ac667fbf353a540ac7e22df7107f3d19fc7e07

SHA256
2456906316a3b5fb86010a739f5bebbaaca579b3daa96cdd90d475d0a3978374

SHA512
10761015d764eca67b7527d19ae70eb0356200727aee713bc68507b85a70c0e31eb8e27da60f001b46acca52593f55add1f4dc8b9fa1bbcec07baf3303fff835

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14628

Filesize
16KB

MD5
dce17e874a987742b59b269f10d8458f

SHA1
0165fcccfabe75fb301d3b0dea74777a82722757

SHA256
40bb7656d98c2cb3e29b648f5d05eb4b635bce605a416a39b726ec33c1e9048a

SHA512
3ea65128311c2a4d707cf7d207698b4d12c05d46a85c6853a71892ddfbbc14cb2d15b00052404bc88d207d113a7e6a602d67c4936d21e361d8f85b56602b6532

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20636

Filesize
15KB

MD5
4e8c4e96aeec3f5d6b5e5eac114bf26c

SHA1
7e36b32ca5fc70d1d1b6ff3f0664a373339d24c0

SHA256
2087f61c5a6a5887e941c70ef8dd76aacd9123dd59ef96dcb12509a7d1f17b28

SHA512
187adf867d8169ef31447cb82753b91a49d47bb99a927a7880286fb81c7c7bb757a1dbd702a3f822d42a1c51fa1706dcd33ce429efb806c745a0e15bea657e8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\2112

Filesize
35KB

MD5
136849ad240c56dcb2d030564c1e57a8

SHA1
4e0ec0cdbe983f08e95b21da34d7aec6839dfba2

SHA256
2d7f0b202d0c92ca1ecf2a9ade5bef5f100c0d5b4ae4d32a3cbcdad70f13b3b9

SHA512
d6f88f355ec75c7ed0da81bfc08d02ea71b88120bb679d0638ec83282f516b688717ae14054799d2a98f761c0cdde0d63abcc7e207a463da631423399e9c3ba2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21542

Filesize
16KB

MD5
e010ccc6117db47d672ba1caa2eb996c

SHA1
55e8f2c9e63ed68acd64d740722e5f8527fe9811

SHA256
63f9b69e481228e4c8dd40c2d945818d9ec829bf9955695d098f41ae76f20d6f

SHA512
1b28649e4517d84a0fd009ea7df468131148cffe00b0d21a254bfecaa9edd2633ced8acb25b424ccdb06fab3853d2e86d6a5bd90f4217980a066ab98b57a7755

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24078

Filesize
16KB

MD5
45e7e56bd7cd35293f5080230a54a8b3

SHA1
99f3945c74c9041aa2e486fe5b44b480929af7b0

SHA256
15dfb570ce8771cdf57c91139d9d49dc4d89d2fc0fb25cfcfde005b952bda851

SHA512
cfbade555f063a516796e01b53f623a85ded0317b6cd465a6a3c99a257676b9847ddf476395b30b2124e8bf03f624c78d532a0000eb3a65d900a8eea61cd72ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5992

Filesize
15KB

MD5
56817c7ffd0f1fee420d94ff74449e84

SHA1
ce9cecb55925578e3bfbfc11a98e99ab4dc97913

SHA256
2ed1b8e21efd45c1eb93ea9fb9848fdcae49d2b079ac021aea317dd254c11ed1

SHA512
85a0739a646cfa1c559272c28880a244b95824c8a805fd09b074ce99af591451125eec3f941c5961622854e8d29562f2be9de226960fc56340a6746a43a4beeb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8B438216194A4ED99AF52807F6CA1C6FFB86BE13

Filesize
13KB

MD5
75891e805fc7171c02359fee391ccb6e

SHA1
ca0594ef5987dd4da2b5db7b6645f82ac170bcb7

SHA256
5b5f25b85c1acabe40460d3880f3bd4f86087bd45241d15370a8c3812e6a786c

SHA512
d51577ad084b8464fb49eb24e1a0110629b8af05b5e65240ed91d013d7822640f3b7cc1c989de89a540c95c4dfa2bbcb42058f58270856aa0f93f437460f2fc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9357B92D7A82DC731CBB46EBC4F197AB314C7C11

Filesize
218KB

MD5
822ac2df05d99a52d2b1e1c1006269e4

SHA1
5c3c8fd44a0e4d3862c10493fc8bd9ff242e3cd4

SHA256
520d0368cfb7b8b699dcdabf81f913910f5ff0a453d10c5673a65bfff3c5d9d0

SHA512
b9391b7e8d178cefd0f41166adae7bf0a3a6f2f96f0c0c18145225b441be4308331f1e66175974d11eb711d38a7910f47bbab59fa1d77fa7e26c95ec6219ae09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
516cc27fcc5a33b5d90bbe418a1f8b61

SHA1
13e3e86e06ee5ae2c6d70574f795e95cc0c005b7

SHA256
989d64edaeb1aa0b7e44981c0aeecc3376759ccf7d76f6a633303cf449f1da14

SHA512
e535e81a27f65601fb942651c3f80cfca25f4b2afb9e6e72e9c9d6178d499961247c6bdd1f570d8e07a23dc86590f2a5a0b878826353c648db30153e02358756

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
23KB

MD5
2a86ecbf6cce20e9da47b441d3fa0466

SHA1
d68b8e5ba8f6a169753a004b2c289a84e55f78f3

SHA256
893ed77743225c35a2c843d2083c89af4701bdc08293f760173b22ef4abf0595

SHA512
2aa13882847e39e09fb9f466d44917545c47db4cd0667fb4fdcdb38ea5be085ce50a7fb18b02c58c746133d61c678bd0ba95a36929eaa651a095fc7558d620a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BE87F002AA1BDD4CB9B911DB8CFC1B7C0A3A869F

Filesize
60KB

MD5
640712904d9cec7c7e0e0f765e20d840

SHA1
22b3e4bde8ce9431fcd6d3567e3f9eec70986896

SHA256
b8852ad5ef5890583c0ff5ea6545fbf9aac618763868035baa13eda92a50123d

SHA512
059fb0e05de10f46d6898519221da318640e10a010da46a876f15248fe855da67a7f65ccabcdbc76e41a3b11e7a583110c1a390249e788d9c3af287fbc2259b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\APUQRZOS\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ZG0H8T5P\www.bing[1].xml

Filesize
1KB

MD5
1534430bf899b0abc07768a899f217b6

SHA1
417b0636487502e993a07d156809d582e3346bb8

SHA256
6ae13e1e7fd20c876a368aff8cb7b24588b4e3b433d49ec246b879f5da056993

SHA512
07b560dc3f33d1573100e5780b3058c5cbfd1f6726df40ef47cc2317b246c7b314d54d32165adfa7afbdc2f6aacdb2e65bbed87d33467a51e4fdb4e518fb8400

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6KWJ2WN4\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GOT449B1\favicon[1].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF7602805B31CFFA0B.TMP

Filesize
60KB

MD5
c5b1ad5b13e6cf10c4431fc0cc94d96c

SHA1
e15c4aede984dabb4d90d03272ca1b85e8cc1e37

SHA256
e4eba7c492803cf032487c3229d1a15c2e447d96b36045bcb119ca75354b6765

SHA512
988197e1096e478668417169965c49832c49ec3ee4491f495bcd983ac5d69726447c1f96bb07b8aaccee7cce678d98b193d709833b53ccfca20ffa144569cf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\data\Decision\m_weak.ped

Filesize
2KB

MD5
cf979d9712f478d0deb92fbb11c6ff2e

SHA1
b8023f8c1a39705db456a79dd917b745ed46dcec

SHA256
26fc955b2ff4f0fbc83ba75ddbd14b5ec347775ce2088e7066a389ea2e409d41

SHA512
85f73cc169b6eccad41126e48297e63a82b859efe74e330814d5317badb117fe2ccc3f4ca8a3016d70a738bc41c571ee0972fa8d72c3a3cf76507051ae259016

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\data\Icons\saicon3.ICN

Filesize
64KB

MD5
ffcc3a0d32517475bc83f08331169ada

SHA1
e6627a0eef7f631bb03ad79b977a2e9fdc137933

SHA256
9b94c7f077ead920a87071ea51822b4c3c43c90ba46ea8bfe3647bed909661e5

SHA512
423e25ee0bf6a6e5aeb47447700afbebd41d771a42fd256a3755ce5c34ae493180d5d0ee4424cc552c6bbed1f0bbea410dcbbb667d2bb700dab6e7b831ff9609

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\models\grass\grass1_3.dff

Filesize
1KB

MD5
84e3cdac0050a7ea9a87395728b99ac3

SHA1
9efc70003517fb180d4341125c382f826598353b

SHA256
ae0d950738f9abb5d327c413a62a76479a1d686b090d7ba84e51542cc98e264c

SHA512
413d5aa56330adff1576350c9b2fffd6fe35823b31f71e0b65f1ace36430ec66d3b60424834e95d9b7b40078e53216e9e2af693536004351fe6ae6ce3abe4d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Skins\sfpd1.dff

Filesize
316KB

MD5
6815a6ac2690a3394892503f45766a90

SHA1
183b61d5026ffde09ab90136627956065e974185

SHA256
fece4e2e399eef274f9725f8ed54e97cb220d236498b657604118dedf0164914

SHA512
af0b7ee758cce72838013db42578b098f5c2027d281f9ff34d46e7f8127d1b6e179c55facf797563ff8f18663773b7d48aceca852a25de98743d713a7406e162

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\Bank_114\sound_002.wav

Filesize
239KB

MD5
ed3c0b1c164aa8b56ea95c13728d2aba

SHA1
38e2d9e40db5e796c5bbf2604945f484a97823dc

SHA256
ddf544b737c04cebdfae103f78bf661794c52bc876873515382ab38609f6c725

SHA512
b10b1f164c2efc6effb59c25719657c8eac02318c8f75ca9c029e8d2a23dc537495669d40e486fa48bebf4396d8bfdc4e12bba2c4d259a47d5c0dd39e1b044ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\Bank_120\sound_001.wav

Filesize
18KB

MD5
984bf64d92e92bee74fcb61c3b3d9339

SHA1
8247fc002ce5e87a5d8760057764223cc404b1ff

SHA256
72cc6bb993243388cbe6e068f73e5ff024cca395349cba9a3c96184cb9ca5b25

SHA512
2bcc7378705d6154ecec787df434c1ee6e658e47c294072936475333c5bf89eb07929acd7639f3bc02341364c938e0f61268badbffeac2ce9b6d7f492b1c2bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\Bank_120\sound_002.wav

Filesize
7KB

MD5
5e0b4db297f04dd4099e2faa58db0fc3

SHA1
787b5b7c55c16bd1ab3efb96d05c7d66d6d3327e

SHA256
142cbaa7967b57a1bd6ad0ab9179c60b0d3d909fb48c18158da1442b0f3dad24

SHA512
4ae143ee7e34fe77ac7be1bf5efee508e94d0528de4d534ea9a83870c1a775803c7776f61d39b070f90c6a54110cf1db73330212e4a7428960cb79d573fb94cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\Bank_121\sound_003.wav

Filesize
20KB

MD5
ffe8b842e65b39e4cacfaef6aec122bf

SHA1
374f294347aeebcdfd40ec0cd399e3c81a75a32f

SHA256
2bd6c11e8bd815ec3c11f9ed82f353defe17ec76f057169051860e2654a55dc2

SHA512
6dc8c71da8486fb9da0d468c57d9d3e2090997a9754fbef08581c8750324678074d327630240a790ee5a7f731475ac2934f4f14d017ee366195fab730b64921a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\Bank_129\sound_001.wav

Filesize
302KB

MD5
613f7bbbfefd5b6d687bd9b02e490a8a

SHA1
618b31a4a7d90f414c223fce8625b4c35fb83037

SHA256
cad10d2f3414c6aac0e418bb399e79c39b0bec9fe29793ccd897c056d2114eeb

SHA512
78b9a2a5890e273b5b1236b7e763b673d54e5c27c5bdb4e0babdb3c328d88b8bce44195f983c32e954e799b52d8367c61b276de394a68929be06c15355021c2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\Bank_132\sound_036.wav

Filesize
19KB

MD5
724fad7ba340ee4f134ee352c5e0290b

SHA1
27f47df84486e0d429a944ec8505043d3239350e

SHA256
2ec42a5adf6e1d3931747c155f1e10d966bc6ed2b3036c57675c384a37792ef7

SHA512
47228a391904977839e84bb26f1a026e6202eb529cf029ed9f4c1101666916a7e2546bc6c3c0d337caf423cdee7390f23942697d9127a03bc8a6d29148584a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\bank_099\sound_011.wav

Filesize
6KB

MD5
7ab6977c832e7f3eca49891119ec2173

SHA1
031e95e6c3dd2257cc03348933d0c50df1b82325

SHA256
e71aeb66b24dc07e84c9ae4fc77d7d676bc32e0f32cf3ca7aefbaf8feb104bb0

SHA512
18067c0fc7f16a77c3d1b2aa4fd41c5e8dab14985489e7a9007271098a5f7b15a5cbe2064e7196227d95379410283627ad7e20dd50320920007f781cbbbfdf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\modloader\Sounds\GENRL\bank_099\sound_015.wav

Filesize
40KB

MD5
afcb6bd71b92995674b807b7cbff0f91

SHA1
0266712d8f577b6931f4a4759555127fa92f3088

SHA256
d9fa62ce7caf3860737d70d343423a3ed81e640fc265569002a5cc2bad05461e

SHA512
96af86ed8b9517721b37a772bf11c6dca7c6b35c68329fe5b4d8d713e36a86c199e2d7bad8bc3fd9c389bc494e07237cd6373f098e6636f01bce290d6a50e113

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\moonloader\config\ADEV.Addon\NoteFiles\CODE3.txt

Filesize
397B

MD5
418e84d71666e822bf0cc9205193703a

SHA1
9b805598862d61008020b8a4870e84dabf3b9416

SHA256
7e672c3307ea8587746a9b6c67fdb415dd677daab2984257b11586a90dbb1225

SHA512
93aeb43b0e971435cb54ba1346dc803b865b6641f69cba02e15aa3a34f7c33e1d1827d60130c65c6e12fe19b08e6516bab934f219e094261f5bb377dae207c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC85C29DB\GTA Low 1.0\moonloader\lib\lockbox\cipher\aes256.lua

Filesize
17KB

MD5
99bf0daaa25ecd20f2f1e00dcfa4df88

SHA1
0a7a936d9744fd0babec4a4595610730205b22b3

SHA256
f348aab3da77b69ca7db28a07112096e83291bac935e85c021b7934207938007

SHA512
a6b306aea6d5f5d1005657600ce35c7a6b6ae5d1b9fa99fa40057d7ce4feb884cdae5f54a2b9d8f5cee41541404fda41cae7a2aba488a98c37fb1d918703527c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
c9b9dcd2f40a03a2add839c029c89ab0

SHA1
b678930d00caa961dbd32c5101137f2d2801dd4e

SHA256
4aeb227324a2fdcc3816edcc39f056719439282fafda0dda35334e470441ee46

SHA512
4db61feeebd028b42be095e52c833444daa76da0255806bd8c7b54cb44b0497b24e7906d605a9bbaa72e6e2e6b8f4af2fe18e099cc60a0801d82eb48b96eb7de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
933943eff10d30888412fb3f56165367

SHA1
8cc5423f10a387955680f6f6795a04802ba36522

SHA256
d412e4adc7813c095247fa1d1c20a440353b29037492b75d804204bade4bcbf7

SHA512
07013b391e93ca500aee23e02b82d684405e6fe87460442d35a89b519695c38d05f5c5b3f150b7a95b4f8f3f82cb0c1e23a5f928d498ae342aafc3b25764d9e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7055581c-a5c8-43ea-9612-f665b24690c2

Filesize
1KB

MD5
d76a1a63f7f019541420689899495044

SHA1
c094d4f2f864159a715df23944aacea583d98b49

SHA256
008a2f3c0c0273dc01717578abb3e82e2f83ddac8955600b2d212e6ae440b384

SHA512
ddf64573dea0c27b050d725aa31728528fba4ed837ff8cb55b45810917a0c3ba8bb7b4f5b889fbb8b782678a0f5b4dd9e354bd391463d9e1bfa306ffe07fd326

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a42b4319-dfe3-457e-ad60-284b02b86473

Filesize
746B

MD5
da44de22746744c00e51dbfb5e5c81f6

SHA1
b9ad3ff628b969a85e560bbf160915042730f626

SHA256
643c7d7abce1ada642b67415142f02301f07fb190e1cdf409a93be4a8f61aa81

SHA512
e66aaa4d157716396689978f1589fbb32b2f3b80e62fcf3e4e3528aa9252ba7f9bb46bbfb70bd2c02b9a10922198995cd795d85ecac2a41e42eb1610b9e093d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\db3ddf36-1666-49c9-951d-e113dae7551a

Filesize
856B

MD5
b485cbc690704a8feaa5c1e9be42c526

SHA1
c56112f680596373a7620900804f52509403558f

SHA256
6457141f7b9976df13f15311cf30ed9d06bb79f8948c1056a76d14529b95a219

SHA512
dc34500c7b99cf87552acd7b5477ebe56afa751650f7d7537114b223380fdab10b4c14350483fbc895eccbdaf452116b1ac82d50f15b30cdd9eed2b622bbc0b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\fddcac56-f47e-48c9-abbb-042561fafc02

Filesize
12KB

MD5
1e1534e1f147b8fca5573f1069805f00

SHA1
e55b4b3be5101ca6551c9af175baa57299f4d8c9

SHA256
871de8cc2a41f537c25cb9bbaf8d5761608ed66fccc5b288b702ec74fed8cfd2

SHA512
5e039b401bb5ee0ae7ed7c78a7cdb4a73104eaf6db99f8147e836329a61d6c498b308892c55fa0dadcab403caf1beac4cdbc5b740c288ef1627af4e4f33ce580

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
ddef5b410c4f8072d205e021dcb2db37

SHA1
76a8834de78dbb2ce3a4a75662a94907619c2fad

SHA256
3235a808b60e9e67ee63757878314a07bfa1f1d38eb4397df69563c72d856bd1

SHA512
4476985dd7a422b428d73c547823a7a1a9a458e0573625162c9b3aa424399415f167b78ce7e25e5cb3152a751dc716a4edca8bd85ea589eede44f41d359d3b2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
2d5610e9320aea4285516e58e2aaef53

SHA1
9efe3c8f6c019a0994b49f50f72b1fde5218bdfc

SHA256
8e7bf8b9edbc8b5b0f4eadc5fa6324f6a0e112a027fc86240e6e46d1429c93f7

SHA512
09ab1b92ce308205615f79ee61cda52074757356da6bc4b6435ca1cd1d01539358eb79dd2e36a25ffddcc63736ecc5d282dcffc05426b89201e88a64e826c7fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
45c0018c405f223edf4f287e23c16fea

SHA1
d41fa7894e17020a78db6fdd4eb292fbcaa59ad3

SHA256
053faa67b935fa31c5395cf2001eb2b5cb57393edd0c435a9998eda2b033ecf0

SHA512
584b3a59a992c2f49560a5418826e47ca40b9bdbe4cc6b81fa96cd43ac0759ce4a16e2863170c561737913de78814a73f40187692fc886a4e548c49c85f0354a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
e042b5f6e1cd653679877fc940505b64

SHA1
bd23ecbcf7a611a3434724bd3ab759e7194e561e

SHA256
2a94fa06574f25b4660e7d774bf300a17ffca759398d09c9934d7dc7a040466c

SHA512
56c8c02a0587bec5c19f3b97609157bae9c114096e56ab7f320428771532a25acc94a5c06572a1950ce1c1aa096c62f8af2cafe5d47afa56c003684e4ecb7ea8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
c652d0e8cd0bd864534114e7318a0908

SHA1
22cf7adaa74985aa06109dc09a128c5bb30f5c4c

SHA256
fc4fa7b49c33125665f97a78386d1966df0b84a0639da3d6b24e2a929fb971ae

SHA512
87400cd3eb08003efe033d97620ab4e9dc3e8762be9c62ca2cca3347a8499f3513778ebe3b706b306426a0310367e7be9263b6d241a43a18e5f513b5753fbb07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
a2573fede8fc05d2b446c9a20bd4e0a1

SHA1
69fa51111946152e63cc808aa8d30ece382078bf

SHA256
eca010e74dc5a8ff7e92b46aed5eca087a7db3d914786660ca34880d8aa96b93

SHA512
0bfaf2d9eab59d09aad47daad4b63d7408b47464cdf9259d8f0c1458eda1141f8d3d92ea3ca752cfad19b3e8b2e33f167c6763a5cc4260f4d95e0f50a4c70305

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
6c50c36b24a47ee80f1e2082d748a445

SHA1
304ccbc27bcf6d05cf7fc4c780728163ffd700f4

SHA256
940c86ce853fd903e43d74f206f668e148f6a126b863fdd8cb9f7dcf4bfda735

SHA512
5b3f9ba7c8e0e446cec39be5c22b8c7833fa6ba1851c880d27a975bf581ae9e3732b71e4b57caa9257be7223a29ab91916783a0d3b168fefaa6efa931905ba34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
6066e681ec69fb2d7cc259a4cbe7b9a4

SHA1
4cbbeae8195f2a825c4793df4500893594fef7f3

SHA256
8f25ba789fe857712b85d8591368ae359784a64753e41925586f625f97fd3864

SHA512
5f3fe1339d70bcf343d85e3427fbeb7cbcd96b8dd1163dc0adf2f7d1ea227e09bc60990312ed0d56dfd4f2c77584b7b93e6a29750b6266f4107f200e5300a3cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
20e6480734b696f44f0e132ba4bf7716

SHA1
93838c0e262483e26458746b8e10c14b101fe7bc

SHA256
9517df11ad9a85bedd536aed53a97ee4e54f1cb00a8b7a5657c48f93fecd9d78

SHA512
e0e2205f9e779ac3652e8dda5f6ab4b812b26a1959520898e383028f462602a4ec93f3a05de4f18228bcc2b86b4f32bef62dcdaa2242282c7db4749cf84c80b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
b2fb90e24ede92c8d67a45478c9e97fd

SHA1
9cf40b7cdb7a5e8aa4636ac039545044f99109e9

SHA256
c819481c03e880d2b4eae0f02ca528ebc669ab9faa52c2d76b3b7d6e4c410507

SHA512
e120bc751db39cbe6dabadb08f7d2e930f46f00a34f61514c3748175098f948c819006e16cbffb9189c1f758e885af920d8f2153ccbfd22d886302046faba462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
66997fb5933772a963f4b21141809780

SHA1
c1294b8c6edd69f1659e0cd0b5d5b299fcf86897

SHA256
16a53adea7c87e9d9392bf3bb1b43e182899e685c9bb012cb6532a0217c85371

SHA512
53f8c21af9ac46a8aeb47b0fe87e03f7ac79c1f5c0521e3dfe67ac05117865de6f3466ace1a5bad114e2fa054f59a6b8938b4306c51dd3d852bd4447845cd24c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0b1cae13326a929d505e80f5b4d4bade

SHA1
2fd5271505d0dea8762dd6f3489902b616aaa80c

SHA256
09d7cf3138e5f06ff47b2f8c1a600d5454f019b2459e6fab74e234f7ac936ad9

SHA512
1f4ef5e9efae62f2a5fcaecc14a1c6857a44645b715a6f86e7a06558eab8452409060ea8681e7394f5ab4a6e6069a32df23cd99ef3cec9a89137b1d167ca7cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
24fe02fc5f654b6c4ce4a543aec5fbc9

SHA1
add65d1c2aa07c8a5ae479bd0e1c17bb90afc0d2

SHA256
dac4b941e094fc58435d957d3bea617b93f439ed5f284480dd8cb7f5a2cead44

SHA512
e9ca8f2e3b49a2fc93830ad798cb0189ff3a3654aba4b833b6cd3e780642e73361b105dea5483d547ec021d9f60a8f5a9fdeb524d0fbe071d5f1058e2f99bbb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4e8544fc3f48e6275470e20a57ab1b90

SHA1
ec6135e3ebc83f22edc94990196e0eec463aaae6

SHA256
427053cb063d8867611123f51fb7699d3bfab81a3da03137b857ee59610ac107

SHA512
b5a15e69e4477f30b2d21b399730976dc3988ef3ccb8330f37b79aac093fefaac4818e60c72f9fdda8155e59d2414490454d2a41bbb8c8523a5bd204587269ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8eadaba7a3388f5bb35b852180854b4b

SHA1
f86299a50c7de2d21e371fb91a403d33c6df2fa3

SHA256
24e4345c24a68af98e7608b3ff0dfd5d0ef6736252ed3fe12637ac6529df3fd0

SHA512
cc64c7deae8d5b0841c7613cc801c47b8b4be7f6ffc3ddf01a4c152ea9ace6ae769f70fa916da22bca4f8502207fc4d19a5f1e8ce3bb6992c222a2483fdbecc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
6a92a55f07c9a908d593d8b86db112e5

SHA1
9541ef944b41e4934452d055fa7dd22df93413b3

SHA256
9625940aef1e2f43f42af5eac57e29881a09ccbdd044fcef1f04a8ccb23c8649

SHA512
eeccc068fd1c138fa4096074f9d6af0c0415ff5a651b49bed261976fb04923ce5810016cb037afaf7a807b1c2d6e82d746147e684663034d0b34245a1bba83da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
092d1a6f17dc372158884ebd6f6a1e2e

SHA1
8d88faa2cf2ff6f0d1524cafad50dcb337cc2b89

SHA256
08f5fc504aa739d5004602c94be7fb109446258493f39b2d318fc7f2ccaece51

SHA512
4847358145de869ac154834bf9edb1988564cbfe705d2d3bee4525d551c71dc330f4bfeb38fad589b7919be1c94af4432d3403e742adcdc58744b0d1c1f29272

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
c13390a8a78726450300e95c662e9f30

SHA1
5f5a343dc4df98a282ba93d655552a0b536c5cac

SHA256
8f978da11dc8e9c588d924e22d5e9a93545f92a08496316f232cfb4a20dbca5b

SHA512
f35ec4875d980df57660d03fdf4f8549eaa7007508fefb897009fa3d81598a773acf3e3c4ff8f7a8d61e08948e7fed3c294b9295182c350e7cc48a26dd588b05

Download Submit
C:\Users\Admin\Downloads\GTA Low 1.1Q6lCIez.0.rar.part

Filesize
17KB

MD5
06f7e9e19c6a918dbf0ba689dcf46340

SHA1
ee91257ff3afd701f62cde1f56466c0df7809bc5

SHA256
9edb8839ff02739eaedf9e504ef709b3eb05fb284a8b5a425a6e50ec43bc98d2

SHA512
feeedc8b4481656487b0b647489a569fd00a9bd2efecc84e3b53b1ef432c7ed1d74567e5d7504660df000f9ab16dd11b88cfcd0f847574417ae403c507ae005c

Download Submit
C:\Users\Admin\Downloads\New folder\GTA Low 1.0\MoonLoader.asi

Filesize
2.0MB

MD5
19655d9c191e33436bfd713fc5e6d4d4

SHA1
03a86ab537d3925701f0f071b0186f12b25fc1b1

SHA256
33fcd4256b17c3cc52c96404b04728c71a5f07e914f21aa42a64674d21731a85

SHA512
92baa8875d37b132b561941eb124acf94837cd7461583b014fd95666734c4ab135263dd7cda14236b2c604dd09d103e37ec0e3cc2c55fd7503960e047ba8af58

Download Submit
C:\Users\Admin\Downloads\New folder\GTA Low 1.0\NoShadows.asi

Filesize
68KB

MD5
a149eab00a219b03d34e6c5270558a70

SHA1
b01416eedda67c635819035a974b9c14c70921b8

SHA256
2404485b2145b51d48170b44f0a484711d0dcb49b40fb4a3bfe8154225485461

SHA512
83e4d9403455ce687d6aac58aeab774f93a7012887e1ad58bca158f323fedd5e9fd0920c53b955bf915a447113a853bb99f3b12d3adabde21861c2bf17dbc8d2

Download Submit
C:\Users\Admin\Downloads\New folder\GTA Low 1.0\cleo.log

Filesize
1KB

MD5
cd856bb6225ae6727f4978fb69544ba1

SHA1
af0782320aa01e41fac0e67025df093c5c81c0f1

SHA256
5fc40f5635d54d07900ed37e1a7ea2d9014eebb4cfa2d0519fe3fabf8736f264

SHA512
50fe92953f1e5d78bf9b8195d41c97e4d843bb015535a6acb4797f1a3c2007192baff42fa8dc7f3af962b7129e589bc4bdc73fa51a23cf59cf8d8e3fe5dd6e92

Download Submit
C:\Users\Admin\Downloads\New folder\GTA Low 1.0\gta_sa.exe

Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
C:\Users\Admin\Downloads\New folder\GTA Low 1.0\scripts\global.ini

Filesize
154B

MD5
e173796b3089c48b4b61d61e15232848

SHA1
e72dff9c74baf115e522cc148ddd17335ffc263f

SHA256
4996e00167f7ab9e42504cebc17e636c576c277a2b67b5a6f6e742335f132735

SHA512
ecdd59d9d331099cc7bf976ab909f152a0bac5f4762280124fde3fbefa9fbe806c391a022baf5a7d2c704933da78a81d76e976eacd18017a5d9a3d0b735b639f

Download Submit
C:\Users\Admin\Downloads\sampadvancerp.GzQjmzpQ.exe.part

Filesize
15KB

MD5
a293a02c106ed28f9e55f4acd9e41357

SHA1
225dd2a24102c24c2deecb9903c0e499310ae2b7

SHA256
464d5dd20cd09e923e29f627afecff87c9581f2ce9ef6b8a614c19924bc583e9

SHA512
b948288d9b897c108818ba91904cb93a22e1ae00d1ef86629575941c89103cb584993e4790ea648c51c9650259368bc70d244b874ae0d88a2bda82a2e1ed0d61

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\AZVoice.asi

Filesize
1.2MB

MD5
47a1b5fb75a55adbff145644b8c6d35b

SHA1
9734953ee97c6e2f00b90a09c73cfa6b34ff4772

SHA256
75a1d40a38b94bfcbec260e8681200dfc9be99543b7b86799f3190ef345d6244

SHA512
78f468417ff97a0ec581daa4b29c7655e51dd4b6eacb18326cdcb6f6f5acadc74100a93ae62cd5b734008efb2fe09cb976e1353a79fce8bbbd42c2308c5bcdf1

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\CLEO.asi

Filesize
258KB

MD5
380ba63a1cb18d09335782d3f0a3a682

SHA1
f5e7799694d9aa45c86440749e265eaf56d68865

SHA256
b228adbf1d83b5151b62ef66e02010fc4f74ee0a86bf9ab20a1bba4ca13bde3b

SHA512
d9535094a078df9e0bc4d246efe8d3c0210c66849788cba3fcf2703396dc933790fc03846b1c09e6d61a7953409450222ce39f3b60f9abadf53e0137218717e3

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\CamHunt.sp

Filesize
134KB

MD5
ce7cf46aefee9803c6b42d763f9bce57

SHA1
a0cbf9aa83b5d8ca51f6f509b1010c6d416e620a

SHA256
04811006e76919ebcd0ab8f29e4ba6dfd291765c5b0027f2e49b909f10378f7e

SHA512
8643e6690f8e7bee0b2f6908d5d41650cd306e2d2fa6d12d45b00415f722341ee5a6bec6c4c6200b869f24f85f663417a27f757569ee2f01590c05fcadeab852

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\CrashRpt1402.dll

Filesize
134KB

MD5
a30d8407ac1a2bcba5361c946c9e5d8a

SHA1
a49b5aa8b0da18087e689898463251f2f703d5d3

SHA256
b6739df785b43bfe9504bf0c58e2cef09519007f0ae1318fdee103132540ee44

SHA512
c44527077ec2e0afe0d5c93a498796e66c6da6b3a463c63c8173ea85fc10f1f6785f10b1508ea9f30ba3c1b524fce4c15a48d44976560c33826fb1c247d25efd

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\ForceHealthyComponents.asi

Filesize
10KB

MD5
6e21f9ab9209dfcb88a4512b11b1532a

SHA1
349ea806f98e2197bc2751d781af6a0e0cb0683f

SHA256
bff63595db0f35974de5ebe64ecbbb6e6c2d97c26be83589566846a7a9e40edc

SHA512
270374097be741cc32c58ff1f4d7de4ab6010da15c9f12c3cabeb1b27c26de1f9697c1bafecbf126eb3eb5fbd6152ad6c821248e22dc6e795b833fc7b28102b9

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\Hooks.asi

Filesize
7KB

MD5
5c9652201d880b75c5f30ea758cbd1a2

SHA1
7a358baf795364baa2bcd125a806c2f579cf57d6

SHA256
50c1cf301e94a65816c5bb7e9650dcb839dc8816acbd8912b3ba6e12ca5ea68b

SHA512
37fcf10f637508aadd95150d781dc59fcb7ecd91dbbad949378d3b1bb859bf3f3c23e6cbdb8d697a0f3763d630200547cf2a5d884ddfdabebdb35541061e05f5

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\MapZoomFixerByDarkP1xel.ASI

Filesize
7KB

MD5
c6a9b8bb7f9b7788e2d7994416ca3c99

SHA1
e86bb94dae29dcefd2ad2db80c5c57c73bef13c5

SHA256
2151c8a9c4e87b1eeb4e32b7b664a50d7eea67bc199c5b9cfa2e56dc61c8d9d5

SHA512
5d956383e66677a705aaa27602c05cfeecde8eeaa02e4de1aea723607eef0e6add1f5829da13d73000fa7c29f6a642aba0732bb5bb25a91daa77cd36c488ec82

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\SA_GUI.fp

Filesize
43KB

MD5
4819f8608854a72078a567b5ec87d972

SHA1
8e4bc731204f2e35630e9c0b9c0728dd312914a3

SHA256
a8f925e8aa841d7f6586d7aa8594e7c1557841269512e0eee5aad387f23bc3f2

SHA512
1f5cc00709be68900683d7bd790ad9ec974b93af072fdcd68a12803d2bd57cd461d2e260f82685e491fb194efcb3e37d695e4fdb465cb3ad21b9d40e5137d435

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\bass.dll

Filesize
133KB

MD5
2295488e5c98890e97d1b8924b91a8f8

SHA1
8c1f36839d985d219fb543a158fb7d6513104e1a

SHA256
20aa294b955d0a727a7ed06641922d4dcb1a1bcd1eb6477708e553a0952d8963

SHA512
87be2118bbda89b8cacde9b8af4a01d82237aab5bfc4371bc471ce4e1e5c1da4bba27a08fa28462031c564849fc8dfdb7972b25999b84a14135654c72b4b8318

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\bass_fx.dll

Filesize
42KB

MD5
bf9a1e4c0c5f8c1cceb94209b167e7c7

SHA1
7cd449a7de4b90556027d6752f11a3984bdcfd6c

SHA256
e905623a7c6b46118419d780cea3ca8b7f8297b9024fb2752a2c5a3c9e219d61

SHA512
d8b18c43a480ddf021ecd0ddf9904c128b47b04861a4e37dbea3837d798a1ad6d721eef88fecbd3d4ecdcf76030a9ee48cac9228ef5ef66a1943dcaf8851391d

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\bassmix.dll

Filesize
30KB

MD5
4c307dce9bae5f1f62f5806de89bce8e

SHA1
5eb0250f346da8fe674a97d65bebef768125f86d

SHA256
299573caf38bce9987ad791888eed20a143fde3e4f39295f83ad09edf9c2a87c

SHA512
0b2f46e118acca028968953cf702e2c802e4cb3c514e343543e14555d46d832a95e2195a473550fb3878d9ea3dcf4f702202f5289b29218dce70a3378ec01546

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\basswasapi.dll

Filesize
23KB

MD5
50ec41d93f3035f03ac0d07e247ea591

SHA1
82e6b9afd62cc96c1e157ea17027dd47264a5e90

SHA256
2373c2f6a54335876fdde0c7ae4e3b16b9f54762353fb023faeeb9172112e685

SHA512
be4f1056d5055fbb37e78f9f397d729974d6d5cf60335e114f3ad326d94abb4692dc9429711b80c4ed24fbda0ea9bab2a6c207d400eb35010d91b1f77f7cc91b

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\cleo\FileSystemOperations.cleo

Filesize
63KB

MD5
ec7fc1b2d143ce3de49ee800aeb9d2d5

SHA1
3f034cc745abd3e19c176df02150b346ece44d17

SHA256
29a802d73aba522f63c036d13d5c872edb6c445a1b6d6e7fa957b37ce8f5edbc

SHA512
c972b85a336cd4bbd609fd9bb8c9acea7a4b0a6b4a291d44b047fd19124535915289daa0cfbcd240cd20ce34855bf718c84842b43451ead334932fd41a65aa22

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\cleo\IniFiles.cleo

Filesize
80KB

MD5
a7fc5491f5436a81b04d6fe55ad7e07d

SHA1
0a091282f7227701042a01891157d32dedcfa9b6

SHA256
cd8a78699852953bacb1af21f38e0140652c4e7c7661773e672c06ccd8cb41c9

SHA512
13762f878928d2ed3264879f1cc41443e14c1a44520a09ac9ebb4f30c2d71a3d282a8e52cee16298c7bc64475697a7f909bd932462ff77ca6d2190dfcd7838c6

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\cleo\IntOperations.cleo

Filesize
57KB

MD5
03910b057c88c30a8609e74a5a908976

SHA1
883647fcebab3477295045dcab1bb90da6cec922

SHA256
651a2bcac36f8098453555773fe6c69b47b639b9ce34164caa10cc2abc134a4a

SHA512
e57fad36943437b13c8c883a47894ed2c5b2616962efbd63255f48051afabcbb13f93bad2b9a94b93145259edc0f07bb2743793232f5f9c9cdd7cbe033436e03

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\cleo\newOpcodes.cleo

Filesize
73KB

MD5
ede0b471141cc58d5840b7b2dfcd7d6e

SHA1
a51255a68ea770fa5daa85db66688cbccc0d0e38

SHA256
80456c3c047e5a38da8b15eeb8286b72ff98022beeefb1acf5d9eb9930e301d1

SHA512
d83d97974c5f37e634d6c3cc3339e58d74bd12ca071e722014655d7e043b6465db119fba634585f661ffdc3fc98a037d15341adef32c8aa30e81e15f373b0b45

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\crashes.asi

Filesize
237KB

MD5
47fc1f23d62be8573986ab200c178e3c

SHA1
115d30e5d95d2f8b1a418762c125420ddd758e10

SHA256
2d60eaab590a62220034aeaf5416b1028494958a97e7d06ca8b3a266cbb22337

SHA512
3440ac63e60e1cba1333488e7cc9e536f08ea45b68d0de96ea885de83bd080f5b0e08f8246499ed52d7f6d71b9d6239a2cf8ca1311ee72470b3a532c0ea60793

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\dbghelp.dll

Filesize
1.0MB

MD5
5c5e3afd499e5146fef1da5ef8a23205

SHA1
8245691416e509a3a1bd8e321aa6d2ff1925a224

SHA256
9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd

SHA512
595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\eax.dll

Filesize
184KB

MD5
309d860fc8137e5fe9e7056c33b4b8be

SHA1
b5f626330520a970d10ece04fed62552d5ac7ffd

SHA256
b2da4f1e47ef8054c8390ead0b97d1fbb0c547245b79b8861cfa92ce9ef153fb

SHA512
9c345a125c8308f41fe3a0dc71f624f9b16a0119aa8b237ff2c16c63a15839f656f732c71b5198c4ba256320691a1302c90cbf01791745f99f00d50c8b4e3a61

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\modloader.asi

Filesize
628KB

MD5
5e9d65f6095baa3ff3ee0f13d1cd70e6

SHA1
31263b192394caab7460c567ecf07ee8ddf6f11d

SHA256
e220c103b1d061b0a136c3bc06bfa3e8530a651b9995aa3b6448db9db83a0e65

SHA512
ba70de72ddb1252d0448dca538b2f590e5d853930c5ed481576eb8a2091200532988162b9cf1e5ae38374ac7ba944351dc3083a444be89d7a70174bdf3cbc67a

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\msvcr100d.dll

Filesize
1.4MB

MD5
b245bf00ba8c1196dbf8c2bd5dec9f60

SHA1
3090b2365ef1c3dbb378d309ee4b9aa811548e07

SHA256
80e8c0147f9960c8982092a4b43329835dc394036306bdd1a763bb59eb3d751b

SHA512
45b453c117fe3ae541eb9af0f8c7fff12dba4c83c95b6ab53027ba5650e44483738cbac34b2847b5830697c66d537dcbc54e76c0235ce7bfa3f9aacdfce685a3

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\ogg.dll

Filesize
36KB

MD5
0602f672ba595716e64ec4040e6de376

SHA1
b00735e08b821aa9fc5850084ae057b5f618fb2a

SHA256
4a4f65427e016b3c5ae0d2517a69db5f1cdc7a43d2c0a7957e8da5d6f378f063

SHA512
9c03bc45c6bfc9f323802813a040992789b99cb961bf43b6e7536e3a379e3c22ea2fc86998c005c6ff1264f6081458a8de9c827a5f5d6a9c065ad7484e796ede

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\vorbis.dll

Filesize
1.0MB

MD5
2840f08dd9753a5b13c60d6d1c165c9a

SHA1
c89297e75b6813cf8950e278a5c390e2c5f9d9f6

SHA256
fefda850b69e007fceba644483c7616bc07e9f177fc634fb74e114f0d15b0db0

SHA512
41a36f50cb01714d7adcef0cea0e1ad0e5303618582d190d7e6c895ca1f9ff23a1a9e40a6f33e87c9ffdba8ce46cf464657942bf04d5a005aa3b28ca4fad44f5

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\vorbisFile.dll

Filesize
52KB

MD5
90223f6248b55e0813687fe1b7277dd7

SHA1
83b8acac449bbbfbe3b9627bb2bdccea6e8a1f60

SHA256
c33e1bafafd441b42eaa6d322393b9dd700f8a9c13fb2e7780daf49707a46353

SHA512
7b33dc9d65dae25b247f07860753cd5df845afac0ef8ee610c8020337c490fc68f9376d8cb077c7424dd7da46e3fd78f43704b303eb9591fe1a493ff4e819ff0

Download Submit
\Users\Admin\Downloads\New folder\GTA Low 1.0\vorbisHooked.dll

Filesize
64KB

MD5
2b7b803311d2b228f065c45d13e1aeb2

SHA1
905d33aa70ad00d513c701cce22ad6fdb9d7d463

SHA256
a08923479000cec366967fb8259e0920b7aa18859722c7dda1415726bed4774f

SHA512
7468757cca02c948b1d1d838b3f9f64fc8b52b6f6b5c1458dc1c915f9194403af8cb3ab94f3d5089bafaae77bdd0be3dba86e07894a832b25bf0247ccd412a9f

Download Submit
memory/1264-131-0x00000278B48A0000-0x00000278B48C0000-memory.dmp

Filesize
128KB

Download
memory/1264-323-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-335-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-89-0x00000278AA280000-0x00000278AA282000-memory.dmp

Filesize
8KB

Download
memory/1264-98-0x00000278AB2C0000-0x00000278AB2E0000-memory.dmp

Filesize
128KB

Download
memory/1264-102-0x00000278AB540000-0x00000278AB640000-memory.dmp

Filesize
1024KB

Download
memory/1264-104-0x00000278AAA60000-0x00000278AAB60000-memory.dmp

Filesize
1024KB

Download
memory/1264-343-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-264-0x00000278ACB60000-0x00000278ACC60000-memory.dmp

Filesize
1024KB

Download
memory/1264-319-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-320-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-322-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-334-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-339-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-341-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-345-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-324-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-340-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-331-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-333-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-321-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-344-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-87-0x00000278AA260000-0x00000278AA262000-memory.dmp

Filesize
8KB

Download
memory/1264-332-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-85-0x00000278A9130000-0x00000278A9132000-memory.dmp

Filesize
8KB

Download
memory/1264-342-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/1264-338-0x0000027897AB0000-0x0000027897AC0000-memory.dmp

Filesize
64KB

Download
memory/3068-0-0x0000021CE3720000-0x0000021CE3730000-memory.dmp

Filesize
64KB

Download
memory/3068-326-0x0000021CEA0C0000-0x0000021CEA0C1000-memory.dmp

Filesize
4KB

Download
memory/3068-327-0x0000021CEA0D0000-0x0000021CEA0D1000-memory.dmp

Filesize
4KB

Download
memory/3068-35-0x0000021CE08C0000-0x0000021CE08C2000-memory.dmp

Filesize
8KB

Download
memory/3068-16-0x0000021CE3820000-0x0000021CE3830000-memory.dmp

Filesize
64KB

Download
memory/3800-6965-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/3800-6955-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/5056-6886-0x0000000073B60000-0x0000000073EC1000-memory.dmp

Filesize
3.4MB

Download
memory/5056-6921-0x0000000000400000-0x0000000001577000-memory.dmp

Filesize
17.5MB

Download
memory/5056-6884-0x0000000003800000-0x0000000003813000-memory.dmp

Filesize
76KB

Download
memory/5056-6811-0x0000000000400000-0x0000000001577000-memory.dmp

Filesize
17.5MB

Download
memory/5056-6858-0x0000000073B60000-0x0000000073EC1000-memory.dmp

Filesize
3.4MB

Download
memory/5056-6843-0x0000000003800000-0x0000000003813000-memory.dmp

Filesize
76KB

Download
memory/5072-45-0x00000281FE400000-0x00000281FE500000-memory.dmp

Filesize
1024KB

Download
memory/5072-44-0x00000281FE400000-0x00000281FE500000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads