zloader | hxxps://github[.]com/Iz0mN3/F0RTNITE-LUNACY-PROJECT

Analysis

max time kernel
262s
max time network
265s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2023 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Iz0mN3/F0RTNITE-LUNACY-PROJECT

Score

10^/10

zloader botnet persistence trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Aimbot.exeAimbot.exeAimbot.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	Aimbot.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	Aimbot.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	Aimbot.exe

Executes dropped EXE 7 IoCs

Processes:

Aimbot.exeAimbot.exeAimbot.exeAimbot.exeAimbot.exeAimbot.exeAimbot.exe

pid process

1596 Aimbot.exe
2796 Aimbot.exe
4648 Aimbot.exe
2464 Aimbot.exe
3380 Aimbot.exe
4632 Aimbot.exe
4320 Aimbot.exe

Loads dropped DLL 10 IoCs

Processes:

Aimbot.exeAimbot.exeAimbot.exeAimbot.exeAimbot.exe

pid	process
1596	Aimbot.exe
2796	Aimbot.exe
4648	Aimbot.exe
2796	Aimbot.exe
2796	Aimbot.exe
2796	Aimbot.exe
2796	Aimbot.exe
2464	Aimbot.exe
2796	Aimbot.exe
3380	Aimbot.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Aimbot.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Windows\CurrentVersion\Run	Aimbot.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aimbot = "C:\\Users\\Admin\\AppData\\Roaming\\Aimbot\\Aimbot.exe"	Aimbot.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 861a78379e45d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07540b3e882d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "16"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\mediafire.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "124"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "124"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "157"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006b1b24209a5b3c4ab603530fd8f378dc000000000200000000001066000000010000200000007b14580a428d0e56e94fcecb1b17f15175991190575bdb98b5e9f6dd078fce5c000000000e80000000020000200000000ce67fb30bf2d965ebf5e67b7bf5b0f51d84432459f65e6642f775ba9ac1d88820000000e28b78bec6b8454e23841c8c83b1a300ab9dd3564653e616aa031fe01d8c61e440000000784cd2879b4ff592ff926c0734c306bbbb1dbda8fcd181e8014f2ce12057b59cc40220b57ea556201729dbfd8e8fb6f5dfe75eb59962d60745435ad2a9b5eb34	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31032040"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "2196"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006b1b24209a5b3c4ab603530fd8f378dc00000000020000000000106600000001000020000000b2520fcbdaf26e3780d8ed91e5f4875f800e69faf7a530271a25b54b88566cd8000000000e8000000002000020000000fd88e9dedeea209b026705236c47ba4b05bbe0e9514428921132abc53cb7a7d520000000071c5f94d15a92dfd9c81242e7e1403fa342f5a04909180d89717b84d73567b04000000037f558639a78a082904342cd34eaa10910e8dfba31938f3c4517905e77e1b040265eb2cfd4b69eac3208d8204e23d6d0662036f8326b2ddc23b4e4fcdb5233da	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "46"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "51"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "23"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "2182"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006b1b24209a5b3c4ab603530fd8f378dc00000000020000000000106600000001000020000000d22dc67ab934950c6b65bdcd5c95ac1c6f9c94e3c1f7a6c463f11973c49487b5000000000e8000000002000020000000d1fe499fd4fc1cba4be2792ada19f9785c1b096f8fb25a77716838925479d4ee2000000039c4351edb196fd731edd7226876fad95c925721b3503c3389392b0d07c2b00e400000006edf7cd5ad9812e4da17341e194e03676e9ea6a7a23eb65667204b4b0013ec99b208625186ee2e29b15bc0f2e343249943b8351fb97c59847acdf9d5c9501c3a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "127"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "51"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "134"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "43"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\News Feed First Run Experience = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "143"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "769"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "769"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "175"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31032040"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "43"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2085"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE

Modifies registry class 2 IoCs

Processes:

iexplore.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Aimbot.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Aimbot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Aimbot.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Aimbot.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

iexplore.exemsedge.exemsedge.exe

pid process

1248 iexplore.exe
1248 iexplore.exe
2748 msedge.exe
2748 msedge.exe
5032 msedge.exe
5032 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe

pid	process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Aimbot.exe

description	pid	process
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe
Token: SeShutdownPrivilege	1596	Aimbot.exe
Token: SeCreatePagefilePrivilege	1596	Aimbot.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

iexplore.exemsedge.exe

pid process

1248 iexplore.exe
1248 iexplore.exe
1248 iexplore.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe
5032 msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
1248	iexplore.exe
1248	iexplore.exe
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE
4304	IEXPLORE.EXE
4304	IEXPLORE.EXE
4304	IEXPLORE.EXE
4304	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE
3180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exeAimbot.exeAimbot.exe

description	pid	process	target process
PID 1248 wrote to memory of 1704	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 1704	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 1704	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 4304	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 4304	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 4304	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 3180	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 3180	1248	iexplore.exe	IEXPLORE.EXE
PID 1248 wrote to memory of 3180	1248	iexplore.exe	IEXPLORE.EXE
PID 2844 wrote to memory of 1596	2844	Aimbot.exe	Aimbot.exe
PID 2844 wrote to memory of 1596	2844	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2796	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 4648	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 4648	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2464	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 2464	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe
PID 1596 wrote to memory of 3380	1596	Aimbot.exe	Aimbot.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Iz0mN3/F0RTNITE-LUNACY-PROJECT
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1248

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:17412 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:17430 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Temp1_Aimbot.zip\Aimbot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Aimbot.zip\Aimbot.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1596

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1684,i,341962983278758800,2407361237287859832,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2796

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8" --mojo-platform-channel-handle=2040 --field-trial-handle=1684,i,341962983278758800,2407361237287859832,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4648

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8" --app-user-model-id=aimbot-nativefier-396be8 --app-path="C:\Users\Admin\AppData\Roaming\Aimbot\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2308 --field-trial-handle=1684,i,341962983278758800,2407361237287859832,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2464

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8" --app-user-model-id=aimbot-nativefier-396be8 --app-path="C:\Users\Admin\AppData\Roaming\Aimbot\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1684,i,341962983278758800,2407361237287859832,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3380

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8" --app-user-model-id=aimbot-nativefier-396be8 --app-path="C:\Users\Admin\AppData\Roaming\Aimbot\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3508 --field-trial-handle=1684,i,341962983278758800,2407361237287859832,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Executes dropped EXE
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d8xv5ds0z1009.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=3262098&m=0&visitor_id=Vdb510222e6dce&cpguid=qqbpihgea&hash=a0b5e9ea16c0723bc2dfe69c6d8d0096
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0da346f8,0x7ffc0da34708,0x7ffc0da34718
4⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
4⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
4⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
4⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
4⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
4⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
4⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
4⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
4⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
4⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
4⤵
PID:3836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4922772671145937502,16096730450894108405,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
4⤵
PID:5012

C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
"C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8" --app-user-model-id=aimbot-nativefier-396be8 --app-path="C:\Users\Admin\AppData\Roaming\Aimbot\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3732 --field-trial-handle=1684,i,341962983278758800,2407361237287859832,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Executes dropped EXE
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d8xv5ds0z1009.cloudfront.net/public/dynamo/lockerClick.php?offer=53241792&offer_position=1&it=3262098&m=0&visitor_id=Vdb510222e6dce&cpguid=qqbpihgea&hash=a0b5e9ea16c0723bc2dfe69c6d8d0096
3⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc0da346f8,0x7ffc0da34708,0x7ffc0da34718
4⤵
PID:708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
2e93394f1baf59ccb87d04ceb7a5f194

SHA1
a9263a2c6bbfdf51828e9fee6138cc3419ed7ad9

SHA256
9503a570dc30efadaf81a619507b9801a1d94170d3675ab33f5fe0a23528deea

SHA512
640a966531df81133ea0b8e9cada0e68cb4f2d61f473de53c420293a2cbbf706bd61b0de55b5143cb3590743861f7c507baece73745ab81d8f3b4da290fe9015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C
Filesize
313B

MD5
649c2bb11732654fac39e86a860a742b

SHA1
0ac3bb5d843839e58544b8e5378ed9e303980789

SHA256
a78bc322a58356adfa4a3dc7855a42a1250ad5bcc693cf38490058cd6f462d8a

SHA512
b5ab4d0beac6316fb182aa7ab1204811d6be14f993f040b3f1be48f416ca3d28d58841e3c9a5aebc7b9b209ba8fd5e009aad9a65691ecf3eb3431109d72b76d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
1KB

MD5
841785fa29e2c9c554cfde87bcbda6b7

SHA1
dcfd3c07636dbcea62a23e20d60e268e476a24c9

SHA256
4f072540751d954745f9db3db8ddb93c122a52700fe4bc5ecb977c2c48c52562

SHA512
e9ff84cd3b073e01cd68e70c5e5e9b99f062b552e9641f21c3273497526d158f88baff8a3b08098bb65c353c3f2af8acd8cb3d14079f853ea1bedd655178fb6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
c3aece1fc534acffaf17db7867d03cfb

SHA1
716202cca89b463fafd6c0750bb8081d96ea8b1c

SHA256
46d071ba55ca7fcb4b08bef2ccaa2b92cc45a351b30c92624ed18c80f09e3a6c

SHA512
cdf9329ee80d303dffa7a32abc3fd4924ddc1be1fb23e219668a9aca211297d28e2871987089bf98c2dac91dcaed72a66a4d02cd9deeb5f75c74680299a8e159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
bd71617256882953841a8337a4dd5d5c

SHA1
d9b47492fafc72a5fbca10c56229fe6a2757331a

SHA256
8f2693e8b656256ad2faa63c3421eb6f1a4e278d2e2e3cc97d5acd5642f97ba2

SHA512
2d40d636e04523d2095e6896f24a911c523d581b93d486af41275b3b6dc94e05bf5e4de8e2c8479886e4c3f2ff87215fd25c028846ba5a868258875dcca3fa2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_215473E3208E30A81B553185375E9740
Filesize
471B

MD5
09b8294b2f036b8de79c2a87028d245c

SHA1
b734c10409c8b4575d7d47f6f0eb35895d720132

SHA256
ecc4cdef0693561a0ea9f441f2830e1c39bc5a5a6059c813030204eb1813eeca

SHA512
b8a8ff29dc7b6dae2eb14f19a22f6af5fe97f34fa7d366c4bf24551eadb7559592bda9c1b51ad4e7fc848f8a42831fbb1780976e300877c4e725835a5cc90db6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
f9da6d6459ab709b11d42be0785811b1

SHA1
70749fc308746278cb644ae2e2f4723227f49bb7

SHA256
ddd0b032d0d42dbb2c8a3333f38d55c71169e322eab365b558232ce81c35c040

SHA512
43a9e373b7649b42123d9e7315ac34d9ebe95135decbbff0fbafd1e8beef773bf55a5946c75b85190e3e46f996ebdfaf7ab18d70c13487dd48ec81e69ea0c7e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
668d8b5f234b16507bc131a0b8bad861

SHA1
b47bc7758663a77e6724143bc0fda8317e76e488

SHA256
3823966429e882ada0677c7436104dd643dc6fb61167deead9196700bfbdf081

SHA512
8ed79a61cc9b6d180a7489bc077911e6ad73be7a5128b3dfce4e2f1eb284dcebb71719f0fade4eb66b392d97ecad41ee1fed5fed9b135f19eec65a89a9df356c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
1KB

MD5
41dfc35993e901222a9250d188380c50

SHA1
be246854195f18abc67a77e3998b4cbf5457cb1f

SHA256
e2f431d6e7495e707895a7dad5f0847d9b01b1c03a426169eb4ca29b1380aeca

SHA512
82c6533521c9faed974a6665ab3365921f00633bf0fb19f6755ad0a1ffcc3c6ce0235aaf5f999cf0742d63ac0025b1b48491083c4d342009a41f69ab958996c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize
1KB

MD5
f0512938ba89e2fec3c9e2046f823ad3

SHA1
2462def556e15a6dae9455966d510f0e274186af

SHA256
ae898abbb3a36e871a90724589a23a71c87d8c8ac7ac93d83d8ad249edbdcd67

SHA512
6b4ee0891387e08b5e6d53b2a8dd5fa53d7ba4af14fe3a84d8f26ab8634e8d5f63ab2d634ef750760e6c82e93adeaba32bd17674b7c57d708fb9806a82191391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_ABCF5BF94DF129F3524CB49268CB08C1
Filesize
472B

MD5
72c6da94ee45fc2dd0f2b2fd8c51b649

SHA1
e1f2b78c9d5d6c0da8f927dd9efbe4536fcf1eea

SHA256
ea45a568cf670048ec1944643f14654716430bdc797c3aec2a89b2aeb7575817

SHA512
8caebe8b2b414193204209556eeb6975f58d0e0c2e0177ad9eb6be3e4a14fbbf356e7e75fe45e11c197c9dfb5d7517f1224e480db5182a86739c0ac9d22eccbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
2a538bb657540e9ee0412c2b5886327a

SHA1
51ee00256731234d6c3eadee0358c139a1de4d2e

SHA256
f6e3fff9598178d24f80aebb34cdff49520dbc98067d4b540499ed7daf74c46a

SHA512
3e62ef913c0cf24575750101b87c10286585df823534d7afdf4dbe154d576d0a85ede49681993856a61a10609c6653fbf58d47daaf37659215b56b514122dad7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C
Filesize
438B

MD5
c0842e00ec16ae65bbb1b0406bfb28f3

SHA1
5effb5423854c6430bf8c97bdf21c6a14877723e

SHA256
474e3727960a2fd98ca6f8dac65941f3b3c10da62d51d6eb3135404a721c4cb6

SHA512
611b9513bef1e90213584503f7d514ae24cbf97c7e3326c360fa36b84c9f81ca816acfb9d70d8cb87843d7f67f0684fde9a23c15c50ef2e532ccbb77a59be10d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
446B

MD5
31df9c692d5884952e4f49241cc88b71

SHA1
b98dd97be3726fcb31f5786f3243cf952671f6b7

SHA256
733175797cd0b58d1a9bfd8b2fba8fbe74b659473d924ede946b41df40216001

SHA512
62d70a51a441403427c688adf63e91202b0a1298196fe6c4eb1408a6bf496a0e5b071fef14f2128cf819d68a92b4c55d4008e0e76ef6ef32f9530d2ee4622d29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
209dbb2027d712595eb2359ae97ffbd0

SHA1
af7ba8c703a10f829dcb0beed8f7cb02909fc333

SHA256
d0717ec9a4a35f1bfc65848f7c6e2bb2dd1fd3eb00ccb39066285bd41766d202

SHA512
7f1801eafc55a804204171c9e1b0f8a7b7c7240aa668cf5af1017cd2ddcb7caf009b424b0e78f7a708409baf8fb734212bd72b9b0ff351f0dea63d897ad84f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
1c0d09fbe774a4402c35a44d804a799f

SHA1
9deb6431bdf4214d5831b49ea766d06b26c91eff

SHA256
756e998e2dce4e64e272cef5424f2759945e5f24717350f2ee48eba91b1c9cff

SHA512
667aba64949a6536026fbd09c0f5597bc94a579a2136d64ff65557e105a4aed60427c1ccb9b8507a8adbff812150822199aa68f4f61a4117268818ce5e22730a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
Filesize
438B

MD5
e678cb37379ec425e9a3c73a5566c32f

SHA1
f73223dc623fa310f42049e20c901446a7fc3a29

SHA256
7c14dc4c215b2fd62346d173bbfa310b27d1b830f2d292b387a2b04bf1bf1837

SHA512
ded81a26c7da592cec5afca50984a660423f22d92abd9dc50fcf8a95d75334fbcd4facb6499f5c8f0d81faf2bccc423a797030ad1dc803e6f202e6cbafcf70be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_215473E3208E30A81B553185375E9740
Filesize
406B

MD5
2fc5654fea26075dae4530a9f7e1d4ac

SHA1
9d057224d38e4188541ac4003c44178e64efffb0

SHA256
f226326d776f2bbe681320b5e2317c6ad1af3d8f8311efe229a1e59359e4c5b4

SHA512
5f3a22e83eef1459fcc88163a2900054a48fb6acea4e24ecbdb454adddbad4813dda3cbc78e0905d340f8bae58daf9b0368629c3d456a5807cdfe954cee89340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
430B

MD5
0075a49258dcaff645e34421849b2ac7

SHA1
018b6a2c3ed8a2e9511ba7fb5a3e5fb1c8671055

SHA256
85686e2135bbd50c45c85fa03ef19991fc80ac5ac01f7a9cde0ccf2feef61820

SHA512
4aaa4b8afc35337a81be6d498df80c9225f37da4c0da126ab48e3b24549f55c3800be05742e6c1d6a58b8de5bb4171c4dd8eff1eed2a48e48195c4e99a4427bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
68ae8dfba43ac17f67573f4bf6b4b3c9

SHA1
8f318e1119aed7155f8d0ad04fb6e8b5d5cf7bdd

SHA256
95b166b9b9cffca3348771fc32d790126a51f9203d66c99a9af60a3708305b27

SHA512
8cafbc911ec69732a16bf97788d1b9814632536132ec204b58c5cd907ccf083c96d5b921061ca083aaa3b963319db1798ae244ec774820f28aaf861f1cde8493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
458B

MD5
bd1c83272117e0ae6faa3b0be42b6841

SHA1
26f51711a3b2466a9c74ca447fa05e139a21affd

SHA256
ac5da1dc51a1a20598671ac20fa46f7a880e632ad05637a835b3bd37d86ead8f

SHA512
de17c39f17cae8cdbc147dd527f7bb1527460222da71fb10d146af11284dc3b6237c6e5e4da0bcf9f0d4cb33581b5da09681a0b19005df9e525cb31e8407cfaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize
432B

MD5
d8db42cfac70e405c1c00fc5353f39a4

SHA1
853863588bed7b4e37175b5ba221b6f038de1b43

SHA256
9fd2782d57b14b2961e8b31f4c1872e5097d693d6253edc63d98a31a0a577c5f

SHA512
5a8b1acc0e47b7550027715ff08948e68feb1064b8b0844620b8256d632a6c952ca6151b14d280641f11a66aa3cbd10612702d6f02d495393f4c8a52ebe5f9ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
d074ab03ec849f3327cc6ac739c38398

SHA1
71138887723aedeeeec7aa849fa86547dfe21764

SHA256
7f741bdc758733854175fcbe3df82e19f8d2efe36ab5f9db02d8bef5301bf80d

SHA512
5a918a8b937a4010e1428816b9e91c0cfe7a332680bfe2c96ed23f8812d861d1192854c77fe61d85a08b887c08416acebb5be7455561da08fc5491ab3bb2ea2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_ABCF5BF94DF129F3524CB49268CB08C1
Filesize
406B

MD5
bdbac1c181622163ba3888edfa4baac9

SHA1
d9d1b93ff5692a4c33b9a504be87c297ec1984c3

SHA256
fe66eaab6e9e3ce52e50869de6f7ab00339a221a24b1d685bf2ad9ed2c6a4dd5

SHA512
a09fca87adec80f01ae2a6c186d9ec0b86fd21f23e5bff2bc46e641022594af527a507d8c049cb90cb9739564cae9c2a04885694c4352c6bdb46e87fb3a365ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
ee52ed84d21498250da7589bfb69883f

SHA1
18c029c11bd6136e3c6e89c8c54da370708d6a23

SHA256
2403ac39ad6acc4ccf8724b63c794771b16830481612a4f89379b3a377e67c94

SHA512
8e44454c717a7633233c815e506739cc76c45623cbd39916b9eee4bc91cfc47bc08873d7eba8f6b4f5629b399e232e1e3c3df7452eca150b173619d05b82263a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a2cfd.TMP
Filesize
48B

MD5
c220418965e2aefb8ab69b7895d81d8b

SHA1
daaa5cf2edc6bb95f8caf77210a0cd2e4f0784f1

SHA256
acd5af01e6b2c2dbab67c4c4b64f577f09bc6d4a9f7c53047a7641dfb6fa6ed8

SHA512
58a2a50035ee320a1e2f87060e98bfcac48c15303f236ff943520f58e545ef8ddba7151da8645b2d60723c2a3f174e64057f3416085738c4a84cb24188809a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
cfed1a65d5b5bade70ce31473a21c033

SHA1
e56dca2092596d1da8285a65bdcb44a736745c08

SHA256
d0c0e4de6e67e7864af7272645e80e60f147387eeead37b051ece6dd66930f7a

SHA512
6746218b90c67eb221e3bdbbbb301d7dd0d9a729b803ac013bed06668c280cc5bdca5e8951434f1194cd8212c14eb7f964411f496d11e338b09223c775fc60e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0548f45539803cf0b0788bd391b058d2

SHA1
83fbbd5f1a25e5fa2249e3bcaa37d690099f5060

SHA256
2c0d5e5c6262c8de8cd33159a0a5e1f8b02d4a2574aea193a73a3e5ecda09b7f

SHA512
6c4b5ebcdfdfaf165bb7f28e1013d632e65dc42f0e207efa5511b7e1191429f38022fe7d6153ae5630d378f8dbb7f3f0c52a074a2bb0bbcbc41eba82decd505d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
b0327512e03b3ee59dbaa89c190699cd

SHA1
92afe9a1636d15721a6e252b3d507e4defab58fa

SHA256
65372f98fad4a1d7a18d02bdbeb527d3843bca79933a2eb433b8048fff06b8fc

SHA512
7fa60314ca914074c7256fbc7110e19799b51df8356f58d6c2578f26c772090fb916f664f73d3b6ce539974866632ca92458e9b724e71669e793f4118bfeab1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2d75fe322e815293f0ca5776f00ac5be

SHA1
333067e1b983432bf5b99e84118622c8808d08f6

SHA256
2ebb24a620ae0a3bdd3c5554134fa46fe7c3c54bb10c3557ddef9e51d57daabb

SHA512
bf9e9a4ea9494b847117a6d39e1938080fc6194f5df3e182228d27fa56310b38849a11e3b3a94913178685a7955ba768687911126d807a9700717ccc892fd070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
cd0288ea52cebdf7d9caf232e707ee50

SHA1
b5105555785fa4ff970fa43c64a28af0877128e1

SHA256
561e4405db15621e752ff9cf338ccb88d643e95561a61094d7d0349b7f3375c0

SHA512
c29a043d19a6190cfe02f8151605cf34e6f945975df947596ed84bcd92fb4cd8ebe464916bd65914f89ff386756b6d61f1f85cf3608dd97083033a7b32bb63df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
26e289be6b4fed8152e742d7b614ea74

SHA1
d76a2e756d14396e2969f760461f138edd1b50aa

SHA256
71671b063d65e9ad7b761a07c29732b973cd88b4bb516cfafa93fd87b905b577

SHA512
2c6ba4fed77f11e011a237a32fb59a22046d3cf1dab811c78acf7de572ea454cba6d71127fb477876182a85029c4a437e91a0279c2f313529feb8adc48e61397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BYW4533I\www.msn[1].xml
Filesize
3KB

MD5
f9a69bd7ee0f5a581ad2c68b89cb5e4a

SHA1
b317cebb88f1695235aaa37502da04d1c8f687a6

SHA256
afd2e5634b9fb102212d78a117e4be8121023954d6710f451c45d4d08b5bc0c1

SHA512
d4a56cd777b8a0b69dd5218a720214935079c054070e41e8ae8798a21dfeca955561f34feeb70a0166a183fe768ae32b4ccf6ccd48f67d9cbe13cc83708f372d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\R45Y1UE0\www.mediafire[1].xml
Filesize
1KB

MD5
28e3a7426a42ca949b20ffbb6a4aa6c3

SHA1
0c849e4acf3d01c8223b7003c4c35edc891fbc92

SHA256
9c2dd829989e36c9b61fe6ad40e055c06640fc194c2b85d3b86ab201f6b610cf

SHA512
53f709381d223a0a47ca8bdbf6738552eb13654cba3dcf31609014b37df7df0f295160eb192812f625766d29279b6d94fc8ebf575c2c20af3f1f9d5127cdcbce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
Filesize
39KB

MD5
4326bb576fdd04eefd601f7d6a9c0256

SHA1
717532b98fc5786895058d314faea3bd525cbb10

SHA256
5914b33b383cc312035f12d8d099b8bf209465e458f4093423d89db2926e7bcd

SHA512
75d2f3363f62b1317bb033366a75b1b13e3a9f7533c2133e0ffd01851fd7041b4315053d76f6c8cd3b841d53bcaea8fac8d91587802e365bfb517fb5f3aa9a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
Filesize
290B

MD5
cb62a138852be08e922397aea5cdef9f

SHA1
4530358d46c4486f5f1ad20598727f6caca5d44f

SHA256
54362b613a0b4ab1e2f40323df820cb29cb3f92151cd9c06da8282802854cc1f

SHA512
db50d0e96cc1793c840a495d178bffb170042395c69a5a1fca9771a54c7d5b38b388ffe482e32f8a5ca02915900c11f4a932de0816a7ed07863683a4ff8dbdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
Filesize
34KB

MD5
242e775d0f4f9253aa1dee00af992a80

SHA1
c51b35b7a0f34203ae83cdc7d8a12236844cf6fc

SHA256
4773889d5d45d2363dab4c8496dcd88af26514715321d863a05937e8b91c51a3

SHA512
2a339aaf02d1c373fc5beec522c129c458b3f56ce6f5f65e109597c8d06bd00f22ad781bcf04cd78cccb52ecb21b1f877957b74d203fb91645418193f8ba776a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
Filesize
34KB

MD5
242e775d0f4f9253aa1dee00af992a80

SHA1
c51b35b7a0f34203ae83cdc7d8a12236844cf6fc

SHA256
4773889d5d45d2363dab4c8496dcd88af26514715321d863a05937e8b91c51a3

SHA512
2a339aaf02d1c373fc5beec522c129c458b3f56ce6f5f65e109597c8d06bd00f22ad781bcf04cd78cccb52ecb21b1f877957b74d203fb91645418193f8ba776a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
Filesize
39KB

MD5
288174a8017113a9e80f60d178b96fca

SHA1
504b7db0ec66a4c6c88477af24b9d2ba197705f7

SHA256
a23068fa2ea07d56555af60efd18bb0d800e8b4f75d7224b6721d28249dac48f

SHA512
0ee121562cfa70ebc80ea5d3473409fe8452b03804669f92e401f3ee0f52609982cbb6a5a5ee411bdcd42fdb097e2d21217ded5ef56c12bde00d73a7326167aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\kernel-a9509dac[1].css
Filesize
100KB

MD5
1f9ce2a5856043b3a3910f5fa7366aa1

SHA1
9d86db46ddbc7440d5c81d6bac746ff2afdf266f

SHA256
6c4a421bd4a8251bb6ca8d9591d44a40619375568ff2b3eda48c5e6ffeca0c0b

SHA512
1b9d5e4ce34b821e1c05335449ed00b6f91868ea3d59b63eab52d425c0c0b70ef90d1dc36b75389ad2e648f6a6eec86f7e9e339b760aa8c33cba9b09f556af29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\favicon-trans-bg-blue-mg[1].ico
Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\kernel-e08e67f3[1].js
Filesize
283KB

MD5
463d2e66710fcff44d3915c12caf5335

SHA1
e80a0fa3e359ceafa2a80f5c84451d951c6b8947

SHA256
824531c3073f6d80180df9e58f1574f2609ffca984faf66a596ce39bf39fc72f

SHA512
277d83693093525f07cf9aef0754e31138f518624c84ae634fa8eef40f7e789fe90f08c010c100d40bf9e0bee60e29aab429cf98370b102801df9f35f311c4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\tag[1].js
Filesize
14KB

MD5
3f7e6e670b18a2fa682c5cf97717a1ca

SHA1
3bf6c3efff72a2e27a6e32937360319fdecbbbd8

SHA256
7bea218c1ea5ee1ac331e13400b294d06d9a56abc1d3e26add98091d5320d2c7

SHA512
1540ee7623935afe68a3ea8a0dd915ed7734f52db9bc7f1b0929253680464d9362c14a4d7faca09c9472973786df7cf8a5356557db8af0d97b1da6c43e35cdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\Aimbot.zip.6a7pwdo.partial
Filesize
85.0MB

MD5
5e85c94f9e45e1d3211bd77765dcc472

SHA1
81a2b664ab34915eda5b26bff3c91b43300f0798

SHA256
b90f6ed3991acf9e30c1e0b0380cc16799820399bb59a5ab16506aad41c5424c

SHA512
dc1dc22ba8ecb1f8b215d429ca5dad0929d3117e6d651ca2765484e8fa19a8c967039631ed8f73d7c155ef60e99c4a7fd55b9cef89538d83d51cb57f8417a696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\Aimbot[1].zip
Filesize
85.0MB

MD5
5e85c94f9e45e1d3211bd77765dcc472

SHA1
81a2b664ab34915eda5b26bff3c91b43300f0798

SHA256
b90f6ed3991acf9e30c1e0b0380cc16799820399bb59a5ab16506aad41c5424c

SHA512
dc1dc22ba8ecb1f8b215d429ca5dad0929d3117e6d651ca2765484e8fa19a8c967039631ed8f73d7c155ef60e99c4a7fd55b9cef89538d83d51cb57f8417a696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\Favicon_EdgeStart[1].ico
Filesize
33KB

MD5
7fb4a1f2d92cec689e785fd076ae7281

SHA1
f3477f75f8d14dd3bcf5f50176f8cdfdcd3944f5

SHA256
8ffb08e22d8848b0dc64e13ef43a5db913a3b4c112f67b0346f1508f2811aeb1

SHA512
bfc68283080028dd1b93bf28600f2abd8cb3c375c6433649972485e027b6d72e81535221ff2c89c2e5b255dc24ef3a1db28129a95eb872f236ca624f1ca9d02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\favicon[1].png
Filesize
166B

MD5
91169aa7638bd8b8d898dadc4d0d0dd9

SHA1
817e5c6bb48ea41ac6eb061c70ab1e895f294239

SHA256
2f2f4f03b4f5bacdde4c08482b99d0a4e418c280c6c1ada8c724b3a48e24609f

SHA512
bdef44ce6ab197f022b75534fe40a9a40a29cc451523dd0f2d134740726ee0f9f87d5ec363d49c279e5e56c19fd70d944e84d21f07315e4cd2babd71581e7c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\JXO1ZP0L\jquery-2.1.1.min[1].js
Filesize
82KB

MD5
9a094379d98c6458d480ad5a51c4aa27

SHA1
3fe9d8acaaec99fc8a3f0e90ed66d5057da2de4e

SHA256
b2ce8462d173fc92b60f98701f45443710e423af1b11525a762008ff2c1a0204

SHA512
4bbb1ccb1c9712ace14220d79a16cad01b56a4175a0dd837a90ca4d6ec262ebf0fc20e6fa1e19db593f3d593ddd90cfdffe492ef17a356a1756f27f90376b650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\LunacyLauncher.zip.w0ynz63.partial
Filesize
5.4MB

MD5
8d69e91db38244eda3c2b0d163a6e9f9

SHA1
815a9bca3c81e1968bccfec150a0b0d5b20e0d33

SHA256
749fdfa96253db72da0a092d220d4beca5f2dee02e34654bd05405876556591e

SHA512
be4bbd3a85b199f2ff19b24c0a269b9e5802ac53977dc4c107b1484624b82880431f961fad49ceed5054fe1c67078daed619dd7d95132f755b5fc066f4253212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\LunacyLauncher[1].zip
Filesize
5.4MB

MD5
8d69e91db38244eda3c2b0d163a6e9f9

SHA1
815a9bca3c81e1968bccfec150a0b0d5b20e0d33

SHA256
749fdfa96253db72da0a092d220d4beca5f2dee02e34654bd05405876556591e

SHA512
be4bbd3a85b199f2ff19b24c0a269b9e5802ac53977dc4c107b1484624b82880431f961fad49ceed5054fe1c67078daed619dd7d95132f755b5fc066f4253212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\cropped-aim_icon-32x32[1].png
Filesize
582B

MD5
6f52a962b822998128af9f4e82b1fd75

SHA1
aa17afe7f766f18ab4e39fece4b9b3ad5b2b37f4

SHA256
7d60651da9dd38c302b9934efc93aab2f615d5ecf964ab943950d47cf744bd02

SHA512
c505de0dddc0cc48e7ebfb2cc52c875c56aa7cfad900d47271ee96662b33e247657a3f2d0c153c9b0dc41403e5c31073450ff75d3b09cb85b25662692f8948a8

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
Filesize
142.0MB

MD5
2d7de4447acf65d02a7112d4655cab6e

SHA1
d58c162a0b887a2949e3e2c5898b961d5525a6d7

SHA256
138e7059c4d43d987963861bdc1976855b0035d6e39799c00db98700568eb0de

SHA512
7a2ede700840e2ddaa2cd4d6607016af3f682a3a11aa685f9c69040d865cd0cf1f448df2445c3ae340e80fc2b35a97f6984fbb060c430292107b1fccd3b53f54

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
Filesize
142.0MB

MD5
2d7de4447acf65d02a7112d4655cab6e

SHA1
d58c162a0b887a2949e3e2c5898b961d5525a6d7

SHA256
138e7059c4d43d987963861bdc1976855b0035d6e39799c00db98700568eb0de

SHA512
7a2ede700840e2ddaa2cd4d6607016af3f682a3a11aa685f9c69040d865cd0cf1f448df2445c3ae340e80fc2b35a97f6984fbb060c430292107b1fccd3b53f54

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
Filesize
142.0MB

MD5
2d7de4447acf65d02a7112d4655cab6e

SHA1
d58c162a0b887a2949e3e2c5898b961d5525a6d7

SHA256
138e7059c4d43d987963861bdc1976855b0035d6e39799c00db98700568eb0de

SHA512
7a2ede700840e2ddaa2cd4d6607016af3f682a3a11aa685f9c69040d865cd0cf1f448df2445c3ae340e80fc2b35a97f6984fbb060c430292107b1fccd3b53f54

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
Filesize
142.0MB

MD5
2d7de4447acf65d02a7112d4655cab6e

SHA1
d58c162a0b887a2949e3e2c5898b961d5525a6d7

SHA256
138e7059c4d43d987963861bdc1976855b0035d6e39799c00db98700568eb0de

SHA512
7a2ede700840e2ddaa2cd4d6607016af3f682a3a11aa685f9c69040d865cd0cf1f448df2445c3ae340e80fc2b35a97f6984fbb060c430292107b1fccd3b53f54

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
Filesize
142.0MB

MD5
2d7de4447acf65d02a7112d4655cab6e

SHA1
d58c162a0b887a2949e3e2c5898b961d5525a6d7

SHA256
138e7059c4d43d987963861bdc1976855b0035d6e39799c00db98700568eb0de

SHA512
7a2ede700840e2ddaa2cd4d6607016af3f682a3a11aa685f9c69040d865cd0cf1f448df2445c3ae340e80fc2b35a97f6984fbb060c430292107b1fccd3b53f54

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\Aimbot.exe
Filesize
142.0MB

MD5
2d7de4447acf65d02a7112d4655cab6e

SHA1
d58c162a0b887a2949e3e2c5898b961d5525a6d7

SHA256
138e7059c4d43d987963861bdc1976855b0035d6e39799c00db98700568eb0de

SHA512
7a2ede700840e2ddaa2cd4d6607016af3f682a3a11aa685f9c69040d865cd0cf1f448df2445c3ae340e80fc2b35a97f6984fbb060c430292107b1fccd3b53f54

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\D3DCompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\d3dcompiler_47.dll
Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\ffmpeg.dll
Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\ffmpeg.dll
Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\ffmpeg.dll
Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\ffmpeg.dll
Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\ffmpeg.dll
Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\libEGL.dll
Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\libGLESv2.dll
Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\libegl.dll
Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\libglesv2.dll
Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\locales\en-US.pak
Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\resources.pak
Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\resources\app\icon.ico
Filesize
24KB

MD5
196f49cd82a240125df5f869efbe20a2

SHA1
9e872498580562e75ce682626c6338d78d6f8f89

SHA256
a482cb5c38a0591b572247c04afe257dab6be9dde38c286218ec029659af2fec

SHA512
39200bfd9b07547592f27192f18c06c7eccd23da407ee15cd0cf0cee6e6cde7206a082b34cb1af11fb9a84c0040d362c3f40a50156689895d081649e6d603789

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\resources\app\lib\main.js
Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\resources\app\lib\preload.js
Filesize
4KB

MD5
fa55c68c5f0b5a560604becb9df601fe

SHA1
0eeb7a10a9574238d6360ab895c78ddfdbca61ed

SHA256
317ea36e9119cd2024689687aaf927287213b5ec2909bb98c1ae87a01b49106e

SHA512
709da44b05879e4c1e8121e8c818e364bd6167d873529274d9ed63ea1b25a1ff4e9f501f11668a01677f9f610950a44b9fcbef99356d4c3cd9db51619d2dd9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\resources\app\nativefier.json
Filesize
919B

MD5
7ebe92b7f1b45f37291bff19f65e9236

SHA1
dfe3d7a116252bb078eb9d624e3c52a3f1166ed5

SHA256
421e9d23b7eec2c792b6397137f58bc693e0994514352f7b89cd49305a0390d6

SHA512
ffbe5ff2a50cffbc6ed6ba8e17ef158ee5cacb596fa9f01e9304633361ba959493fcf3dbdf0301033e5285f5893f7ea22796126c81dd8e137a3bc5c5e90872d3

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\resources\app\package.json
Filesize
593B

MD5
d3bc15dd5a655f9defe2ad95d72f6593

SHA1
a225a81bdd12b9d98102d2fcdeef91c7d1e23bc9

SHA256
7b0316c919981df966355b4011f1291ba4484530ac2ab4e952ce131f2d9b8fb7

SHA512
a9e5094c7ad05bacff0a97b1fd341926d8ea77e043b94b64dccafaa216a313331920c8cc3e181626f868a8e6f39185de587b690cddcb76cdaabde726d20a835c

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\v8_context_snapshot.bin
Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\vk_swiftshader.dll
Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\vk_swiftshader.dll
Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\vulkan-1.dll
Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot\vulkan-1.dll
Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
8e2c55fd947be009a27741c045b679d2

SHA1
01dae84cfc4dc146de4e559a95a342b463cbf7a5

SHA256
d2ab6992ec6a6485e66018c4f85944afa333123c71390c6047cbeb749c97060c

SHA512
42d8d64c48afa98c9e64dd801062b88bb63159aac5c0d13ee02fda6cafe30be928a506c16fc01e651319c5421611a2266f84d52d771c48679f75f6ccf1f7b1fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
80ea294e80b694c8643dd202cc1735c6

SHA1
76b52b0e8934395ff76e813dcc4e8612b211c0ae

SHA256
cf301602096341b713f7d17cb0f5c63388ef61244bb0c0fa75df1782ee423011

SHA512
2ac62460ea9567b39d0aa6fb44009d8834ddd2cc35cc7844da67973d986f2ff848f15cdf96567ed975c855bea8fee4f5108236296cf917aa255c1bf7009f921b

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
63ca7cca6b359b68c848fa1bf2d131a0

SHA1
6caad8afe6d40687fc03adcf3e15d5402a314dba

SHA256
eed6039448cba7b2557dd75d9204cd1850a21055e98f740b150a7fcf8b630a6b

SHA512
279ea01b6689c4bce1abf89df5c6e481cea11971014e627e1439338ed33ab493cd7fb259dff3732f49465329eddd65ffdcb5639ddb02fb2c4e24840d852f2b4f

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
12f7b9300bc6a6df2ce15691c99e5435

SHA1
76468bbfcb0269c47ae5c61a96123a1a6f76b36c

SHA256
fe10e4d125e0e3c1aa91e9a0b0c13c61725081b05fe9c0417d6d8b0b8bd1347e

SHA512
97021c6a19321e1accc76863da1fc2ef2d059aab491f869c81be3db4b0f593923ac76e2ad7080e9bb0b2ba84d27052d6fb9fd19ea809b0701f3f1a4ddea69a84

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Network\906d3a17-672f-40e9-835a-d48241757c82.tmp
Filesize
1KB

MD5
69da84a44ec7459dcdd72ee49d4cf602

SHA1
0a72cad60b1355958c150abfa80fcaa99da7ac10

SHA256
6d375bb839efb85e78e9133f564d9840ec70b25b6eda4a9e91461cd01bbad2e1

SHA512
df6bf0f3788923b904a3589da486cb168e451c3fee42b5c9bd873205860730ab12536fbc9dd170bdbe40511694aba16037e2249901cb3268803b8c6a6c990224

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Network\Network Persistent State
Filesize
1KB

MD5
d0db62b8a0f8989225a8d3ad1682ac48

SHA1
9ce34b57d8eadeb27ca351d37b1efe75cad74aff

SHA256
acbeaf8be2c579420f65498f0ad84606c97a5ba7ea702fe5338949de4c7a408a

SHA512
7e652ca3b02e3bc2a1f0c4b095aea3e9b44590458528ff3c4bd9862f0516c03b2d93bae12aadb37377f1168c37331bdab76f775bd6c312830f49667b88792e6c

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Network\Network Persistent State~RFe5a52c5.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Network\TransportSecurity
Filesize
539B

MD5
8ed04091f69b2c1b5c993f422ab134a7

SHA1
e9100d340935a1b39560e8de26ee3f37f6dfb261

SHA256
e274e176747a606c70594b83319eb57ee3dc0c23988d9d830f664b72c253121d

SHA512
e6c748913aa59ed097abf6b217399ea319b1d0873adeeda9ec0f066a86c70ea455ae1d4cc7b190549b38e34fe79399de3229a7471a8ae527cf05426ebfb99293

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Network\TransportSecurity
Filesize
539B

MD5
d87e35dbbb73252a452ae29c9292f9bc

SHA1
c61b5afac048af6f87f6f93fab0f22b2d7cffc0c

SHA256
e58b3a23599e2a4b02c1c79837b3d87dd9c7eb6351d9b9396d3b26361ce2a0a7

SHA512
0b0b9439e9942d2557a7a829ae6631d0147acfec8af22e289d997659bb2895321105eaa24d1788a38f11460fa7b1e097cdcde16787345c0b5793d37d769f4c0f

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Network\TransportSecurity~RFe5992a1.TMP
Filesize
371B

MD5
fe6f9b8880b6bcc99744f3c79880977b

SHA1
c45a0e94e3f03247d824e890b8d175decab8bab7

SHA256
a48c8ff33d4be3d7a8c0b93a12ecd7e8b72d15e26bacb28557f8cfe310b52e44

SHA512
b998376abf03d3b9c0d8e4be43f1bb04eb872442b6edbd072a2231d29fba7323fbcb00b22aed935dd9ceb40a72a6e3fc2ea34699ff068e574e499140e8fcee54

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-nativefier-396be8\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/2796-1458-0x00007FFC132B0000-0x00007FFC132B1000-memory.dmp

Filesize
4KB

Download
memory/2844-1424-0x00000000004F0000-0x00000000007D1000-memory.dmp

Filesize
2.9MB

Download
memory/2844-1443-0x00000000004F0000-0x00000000007D1000-memory.dmp

Filesize
2.9MB

Download
memory/2844-1250-0x00000000004F0000-0x00000000007D1000-memory.dmp

Filesize
2.9MB

Download
memory/2844-1249-0x0000000001360000-0x0000000001361000-memory.dmp

Filesize
4KB

Download
memory/3380-1594-0x00000275C2450000-0x00000275C24EE000-memory.dmp

Filesize
632KB

Download
memory/3380-1567-0x00007FFC13E80000-0x00007FFC13E81000-memory.dmp

Filesize
4KB

Download
memory/3380-1566-0x00007FFC13480000-0x00007FFC13481000-memory.dmp

Filesize
4KB

Download